CN104486338A - Method and system for controlling multi-module permission - Google Patents
Method and system for controlling multi-module permission Download PDFInfo
- Publication number
- CN104486338A CN104486338A CN201410777086.9A CN201410777086A CN104486338A CN 104486338 A CN104486338 A CN 104486338A CN 201410777086 A CN201410777086 A CN 201410777086A CN 104486338 A CN104486338 A CN 104486338A
- Authority
- CN
- China
- Prior art keywords
- module
- controlled
- main control
- authority
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method and system for controlling a multi-module permission. The method comprises the following steps: a main control module creates a module permission list in advance, wherein the module permission list comprises a module ID, a module unique identifier and a module permission. The method further comprises the following steps: the main control module receives a verification message from a controlled module, wherein the verification message comprises the module ID of the controlled module; the main control module queries the module permission of the controlled module in the module permission list according to the module ID; if the module permission of the controlled module is granted, the controlled module is started to run; if the module permission of the controlled module is not granted, the running of the controlled module is stopped. By the method, the module permission in a cloud computing system can be controlled, so that an unauthorized module cannot be used by a user illegally.
Description
Technical field
The present invention relates to field of cloud computer technology, multimode authority control method and system in espespecially a kind of cloud computing system.
Background technology
Along with the development of Information technology, cloud computing progressively becomes the Hot spots for development of industry, and the cloud computing service platform of domestic and international all big enterprises also starts to put into multiple fields such as science, education, culture, health, government, high-performance calculation, ecommerce, Internet of Things one after another and uses.
Along with the continuous expansion of cloud scale, the mode adopting multimode stand-alone development to dispose in cloud computing system more.Meanwhile, because different client has different demands, the certain module client in cloud computing system may not need, and like this by the combination of disparate modules, can meet the primary demand of client with minimum cost.But problem is also just adjoint, how to avoid undelegated module to be become the problem needing solution badly by user's illegal use.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of multimode authority control method and system, the control to module rights of using in cloud computing system can be realized, thus avoid undelegated module by user's illegal use.
In order to reach the object of the invention, the invention provides a kind of multimode authority control method, comprising: main control module sets up module permissions list in advance, described module permissions list comprises module I D, module unique identifier and module authority; Also comprise: main control module receives the checking message from controlled module, and described checking message comprises the module I D of controlled mark module; Described main control module inquires about the module authority of controlled module in described module permissions list according to described module I D, if the module authority of described controlled module is for authorize, and controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module.
Described main control module is set up module permissions list in advance and is comprised: controlled module sends log-on message to main control module, and described log-on message comprises module I D and module unique identifier, and wherein said module unique identifier is the sequence number of module; Main control module is according to the module authority of module unique identifier determination controlled module, and the module authority according to the module name of controlled module, module unique identification and correspondence sets up module permissions list.
Described main control module comprises according to the module authority of module unique identifier determination controlled module: main control module is by the module authority of the sequence number determination controlled module of deciphering module.
The checking message that described main control module receives from controlled module comprises: described main control module receives the checking message initiatively sent from controlled module; Or described main control module periodically sends probe message to the controlled module that run, and receive the checking message that described controlled module returns after receiving probe message.
If the module authority of described controlled module is for authorize, described in startup optimization, controlled module comprises: if the module authority of described controlled module is for authorize, described main control module sends startup optimization message to controlled module, after described controlled module receives described startup optimization message, controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module to comprise: if the module authority of described controlled module is unauthorized, described main control module sends to controlled module and stops running message, described controlled module stops running described controlled module after receiving described this termination operation message.
A kind of multimode authority control system, comprising: controlled module, and send checking message for main control module, described checking message comprises the module I D of this controlled mark module; Main control module, for setting up module permissions list in advance, described module permissions list comprises module I D, module unique identifier and module authority; Receiving the module authority of inquiring about controlled module in described module permissions list according to described module I D, if the module authority of described controlled module is for authorize, controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module.
Described main control module comprises module controller and module monitors controller, and described controlled module comprises module start-up connector; The module start-up connector of controlled module sends log-on message to the module controller of main control module, and described log-on message comprises module I D and module unique identifier, and wherein said module unique identifier is the sequence number of module; The module controller of described main control module is according to the module authority of module unique identifier determination controlled module, and the module authority according to the module name of described controlled module, module unique identification and correspondence sets up module permissions list.
Described main control module is used for the module authority of inquiring about controlled module in described module permissions list according to described module I D, is specially: the module controller of described main control module passes through the module authority of the sequence number determination controlled module of deciphering module.
Described controlled module is used for sending checking message to main control module, is specially: the module start-up connector of described controlled module initiatively sends checking message to the module controller of described main control module; Or, the module monitors controller cycle of described main control module send probe message to the controlled module run, the module start-up connector of described controlled module sends checking message to the module controller of described main control module after receiving probe message.
If described main control module is used for the module authority of described controlled module for authorize, controlled module described in startup optimization, be specially: if the module authority of described controlled module is for authorize, the module controller of described main control module sends startup optimization message to controlled module, after the module start-up connector of described controlled module receives described startup optimization message, controlled module described in startup optimization; If the module authority that described main control module is used for described controlled module is unauthorized, stop running described controlled module, be specially: if the module authority of described controlled module is unauthorized, the module controller of described main control module sends to controlled module and stops running message, the module start-up connector of described controlled module receives after this termination described runs message, stops running described controlled module.
Compared with prior art, the present invention includes main control module and set up module permissions list in advance, described module permissions list comprises module I D, module unique identifier and module authority; Also comprise: main control module receives the checking message from controlled module, and described checking message comprises the module I D of controlled mark module; Described main control module inquires about the module authority of controlled module in described module permissions list according to described module I D, if the module authority of described controlled module is for authorize, and controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module.Pass through the inventive method, main control module adds module controller and module monitors controller, controlled module adds module start-up connector, set up module permissions list in advance by main control module and according to module permissions list checking controlled module module authority, to determine whether to run controlled module, thus the control achieved module rights of using in cloud computing system, avoid undelegated module by the possibility of user's illegal use.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in specification, claims and accompanying drawing and obtain.
Accompanying drawing explanation
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and forms a part for specification, is used from and explains technical scheme of the present invention, do not form the restriction to technical solution of the present invention with the embodiment one of the application.
Fig. 1 is the configuration diagram of multimode authority control system of the present invention.
Fig. 2 is the schematic flow sheet of multimode authority control method of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, hereinafter will be described in detail to embodiments of the invention by reference to the accompanying drawings.It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combination in any mutually.
Can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing.Further, although show logical order in flow charts, in some cases, can be different from the step shown or described by order execution herein.
Fig. 1 is the configuration diagram of multimode authority control system of the present invention.As shown in Figure 1, multimode authority control system comprises main control module and controlled module, and in a particular embodiment of the present invention, controlled module comprises controlled module A and controlled module B.Main control module is mainly used in the control of authority to module, and controlled module is controlled by main control module, is the module needing to carry out control of authority.
The present invention, relative to prior art, has newly increased module controller, module monitors controller and module start-up connector, and wherein module controller and module monitors controller are arranged on main control module, and module start-up connector is arranged on controlled module.
In a particular embodiment of the present invention, for the authentication module in cloud computing system as main control module, this authentication module is provided with module controller and module monitors controller; Using cloud resource module as controlled module A, accounting module is example as controlled module B, and cloud resource module and accounting module are respectively arranged with module start-up connector.
Fig. 2 is the schematic flow sheet of multimode authority control method of the present invention, as shown in Figure 2, comprising:
Step 21, main control module sets up module permissions list in advance, and this module permissions list comprises module I D, module unique identifier and module authority.
In this step, controlled module sends log-on message to main control module, and this log-on message comprises module I D and module unique identifier, and wherein module unique identifier can be the sequence number of module.
The module controller of main control module is according to the module authority of module unique identifier determination controlled module, module authority according to the module name of controlled module, module unique identification and correspondence sets up module permissions list, and wherein module authority comprises and authorizing and unauthorized.
The module controller of main control module comprises according to the module authority of module unique identifier determination controlled module: the module controller of main control module is by deciphering the module authority of the sequence number determination controlled module of this module.The concrete sequence number how deciphering this module belongs to the conventional techniques means of those skilled in the art, and the protection range that its specific implementation is not intended to limit the present invention, repeats no more here.
Step 22, main control module receives the checking message from controlled module, and this checking message comprises the module I D of this controlled mark module.
In this step, the module start-up connector of controlled module initiatively can send checking message, to confirm whether this controlled module has permission startup optimization to the module controller of main control module.
In addition, may change because the authority of module changes, so the module monitors controller of main control module periodically can send probe message to the module start-up connector of the controlled module run, after the module start-up connector of controlled module receives probe message, send checking message to main control module, continue to run to confirm whether this controlled module has permission.
Step 23, main control module according to the module authority of this controlled module in the module I D enquiry module permissions list in checking message, if the module authority of this controlled module is for authorize, this controlled module of startup optimization; If the module authority of this controlled module is unauthorized, stop running this controlled module.
In this step, the module controller of main control module is according to the module authority of this controlled module in the module I D enquiry module permissions list in checking message.
If the module authority of this controlled module is for authorize, the module controller of main control module sends startup optimization message to the module start-up connector of controlled module, after the module start-up connector of controlled module receives this startup optimization message, this controlled module of startup optimization.
If the module authority of this controlled module is unauthorized, the module controller of main control module sends to the module start-up connector of controlled module and stops running message, the module start-up connector of controlled module receives after this termination runs message, stops running this controlled module.
In the present invention, main control module adds module controller and module monitors controller, controlled module adds module start-up connector, set up module permissions list in advance by main control module and according to module permissions list checking controlled module module authority, to determine whether to run controlled module, thus the control achieved module rights of using in cloud computing system, avoid undelegated module by the possibility of user's illegal use.
As shown in Figure 1, multimode authority control system of the present invention comprises: main control module and controlled module, and wherein, main control module is provided with module controller and module monitors controller, controlled module is provided with module start-up connector;
Main control module sets up module permissions list in advance, and this module permissions list comprises module I D, module unique identifier and module authority.
Particularly, the module start-up connector of controlled module sends log-on message by interface to main control module, and this log-on message comprises module I D and module unique identifier; The module controller of main control module is by this log-on message of interface, and according to the module authority of the module unique identifier determination controlled module in log-on message, the module authority of the module name of controlled module, module unique identification and correspondence is stored in module permissions list.
The module controller of main control module receives the checking message from the module start-up connector of controlled module, and this checking message comprises the module I D of this controlled mark module.
Particularly, the module start-up connector of controlled module initiatively can send checking message to the module controller of main control module; Also can receive main control module module monitors controller cycle transmission probe message after, to main control module send checking message.
The module controller of main control module according to the module authority of this controlled module in the module I D enquiry module permissions list in checking message, if the module authority of this controlled module is for authorize, this controlled module of startup optimization; If the module authority of this controlled module is unauthorized, stop running this controlled module.
Particularly, if the module authority of this controlled module is for authorize, the module controller of main control module sends startup optimization message by interface to the module start-up connector of controlled module, after the module start-up connector of controlled module receives this startup optimization message, and this controlled module of startup optimization; If the module authority of this controlled module is unauthorized, the module controller of main control module stops running message by the module start-up connector transmission of interface to controlled module, the module start-up connector of controlled module receives after this termination runs message, stops running this controlled module.
Multimode authority control system of the present invention be and multimode authority control method corresponding, therefore, what multimode authority control system was concrete realize details referring to multimode authority control method, can be not repeated herein.
In the present invention, main control module adds module controller and module monitors controller, controlled module adds module start-up connector, set up module permissions list in advance by main control module and according to module permissions list checking controlled module module authority, to determine whether to run controlled module, thus the control achieved module rights of using in cloud computing system, avoid undelegated module by the possibility of user's illegal use.
Although the execution mode disclosed by the present invention is as above, the execution mode that described content only adopts for ease of understanding the present invention, and be not used to limit the present invention.Those of skill in the art belonging to any the present invention; under the prerequisite not departing from the spirit and scope disclosed by the present invention; any amendment and change can be carried out in the form implemented and details; but scope of patent protection of the present invention, the scope that still must define with appending claims is as the criterion.
Claims (10)
1. a multimode authority control method, is characterized in that, comprising: main control module sets up module permissions list in advance, and described module permissions list comprises module I D, module unique identifier and module authority;
Also comprise:
Main control module receives the checking message from controlled module, and described checking message comprises the module I D of controlled mark module;
Described main control module inquires about the module authority of controlled module in described module permissions list according to described module I D, if the module authority of described controlled module is for authorize, and controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module.
2. method according to claim 1, is characterized in that, described main control module is set up module permissions list in advance and comprised:
Controlled module sends log-on message to main control module, and described log-on message comprises module I D and module unique identifier, and wherein said module unique identifier is the sequence number of module;
Main control module is according to the module authority of module unique identifier determination controlled module, and the module authority according to the module name of controlled module, module unique identification and correspondence sets up module permissions list.
3. method according to claim 2, is characterized in that, described main control module comprises according to the module authority of module unique identifier determination controlled module:
Described main control module is by the module authority of the sequence number determination controlled module of deciphering module.
4. the method according to any one of claims 1 to 3, is characterized in that, the checking message that described main control module receives from controlled module comprises:
Described main control module receives the checking message initiatively sent from controlled module; Or,
Described main control module periodically sends probe message to the controlled module that run, and receives the checking message that described controlled module returns after receiving probe message.
5. the method according to any one of claims 1 to 3, is characterized in that, if the module authority of described controlled module is for authorize, described in startup optimization, controlled module comprises:
If the module authority of described controlled module is for authorize, described main control module sends startup optimization message to controlled module, after described controlled module receives described startup optimization message, and controlled module described in startup optimization;
If the module authority of described controlled module is unauthorized, stops running described controlled module and comprise:
If the module authority of described controlled module is unauthorized, described main control module sends to controlled module and stops running message, and described controlled module stops running described controlled module after receiving described this termination operation message.
6. a multimode authority control system, is characterized in that, comprising:
Controlled module, send checking message for main control module, described checking message comprises the module I D of this controlled mark module;
Main control module, for setting up module permissions list in advance, described module permissions list comprises module I D, module unique identifier and module authority; Receiving the module authority of inquiring about controlled module in described module permissions list according to described module I D, if the module authority of described controlled module is for authorize, controlled module described in startup optimization; If the module authority of described controlled module is unauthorized, stop running described controlled module.
7. system according to claim 6, is characterized in that, described main control module comprises module controller and module monitors controller, and described controlled module comprises module start-up connector;
The module start-up connector of controlled module sends log-on message to the module controller of main control module, and described log-on message comprises module I D and module unique identifier, and wherein said module unique identifier is the sequence number of module;
The module controller of described main control module is according to the module authority of module unique identifier determination controlled module, and the module authority according to the module name of described controlled module, module unique identification and correspondence sets up module permissions list.
8. system according to claim 7, is characterized in that, described main control module is used for the module authority of inquiring about controlled module in described module permissions list according to described module I D, is specially:
The module controller of described main control module passes through the module authority of the sequence number determination controlled module of deciphering module.
9. the system according to any one in claim 6 ~ 8, is characterized in that, described controlled module is used for sending checking message to main control module, is specially:
The module start-up connector of described controlled module initiatively sends checking message to the module controller of described main control module; Or,
The module monitors controller cycle of described main control module send probe message to the controlled module run, the module start-up connector of described controlled module sends checking message to the module controller of described main control module after receiving probe message.
10. the system according to any one in claim 6 ~ 8, is characterized in that, if described main control module is used for the module authority of described controlled module for authorize, controlled module described in startup optimization, is specially:
If the module authority of described controlled module is for authorize, the module controller of described main control module sends startup optimization message to controlled module, after the module start-up connector of described controlled module receives described startup optimization message, controlled module described in startup optimization;
If the module authority that described main control module is used for described controlled module is unauthorized, stops running described controlled module, be specially:
If the module authority of described controlled module is unauthorized, the module controller of described main control module sends to controlled module and stops running message, the module start-up connector of described controlled module receives after this termination described runs message, stops running described controlled module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410777086.9A CN104486338A (en) | 2014-12-15 | 2014-12-15 | Method and system for controlling multi-module permission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410777086.9A CN104486338A (en) | 2014-12-15 | 2014-12-15 | Method and system for controlling multi-module permission |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104486338A true CN104486338A (en) | 2015-04-01 |
Family
ID=52760842
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410777086.9A Pending CN104486338A (en) | 2014-12-15 | 2014-12-15 | Method and system for controlling multi-module permission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104486338A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100159990A1 (en) * | 2008-12-18 | 2010-06-24 | Ubiquisys Limited | Cellular basestation |
CN103544409A (en) * | 2012-07-11 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method for controlling application program, use equipment and server |
CN103761472A (en) * | 2014-02-21 | 2014-04-30 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
-
2014
- 2014-12-15 CN CN201410777086.9A patent/CN104486338A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100159990A1 (en) * | 2008-12-18 | 2010-06-24 | Ubiquisys Limited | Cellular basestation |
CN103544409A (en) * | 2012-07-11 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method for controlling application program, use equipment and server |
CN103761472A (en) * | 2014-02-21 | 2014-04-30 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6856626B2 (en) | Methods and equipment for multi-user cluster identity authentication | |
CN105072135B (en) | A kind of the authorization method for authenticating and system of cloud file-sharing | |
US9172544B2 (en) | Systems and methods for authentication between networked devices | |
CN102144193B (en) | Method for granting authorization to access a computer-based object in an automation system, computer program, and automation system | |
CN103460216B (en) | Software license controls | |
US20150365399A1 (en) | Method and apparatus for sharing server resources using a local group | |
EP2626803A4 (en) | Information processing device and method for preventing unauthorized application cooperation | |
MX2014015189A (en) | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements. | |
CN102811239A (en) | Virtual machine system and safety control method thereof | |
BR0010416A (en) | Device for communicating with other devices in order to allow access to applications, method to arbitrate the access of a requesting device to a service provided by the supplier device, and device to provide the services and allow access by the other devices to the services provided | |
CN104468599A (en) | Method and system for achieving session sharing among multiple applications | |
MX355189B (en) | User authentication. | |
CN104392159A (en) | User on-demand authorization method capable of supporting least privilege | |
CN102571792A (en) | Identity authentication method allowing intelligent mobile wireless terminal to access cloud server | |
WO2009111411A3 (en) | System and method of authorizing execution of software code in a device based on entitlements granted to a carrier | |
GB201115866D0 (en) | Method and apparatus for enabling authorised users to access computer resources | |
MY184439A (en) | Terminal authentication method, apparatus, and system in passive optical network | |
CN102546594B (en) | Network resource access control method, device and related equipment | |
CN103888465A (en) | Method and device for detecting webpage hijacking | |
US8655993B1 (en) | Configuring networks in client computing devices | |
CN104580191A (en) | Offline control method and system for smart home | |
CN105208042A (en) | Resource safety access method and system | |
CN106411941B (en) | Safety certification resource allocation and management method under a kind of cloud environment | |
CN105262800A (en) | Access control method and system for cluster NAS file system | |
KR101578886B1 (en) | Method and system for digital content online reading authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150401 |
|
WD01 | Invention patent application deemed withdrawn after publication |