CN105100051B - Realize the method and system of data resource access permission control - Google Patents
Realize the method and system of data resource access permission control Download PDFInfo
- Publication number
- CN105100051B CN105100051B CN201510288422.8A CN201510288422A CN105100051B CN 105100051 B CN105100051 B CN 105100051B CN 201510288422 A CN201510288422 A CN 201510288422A CN 105100051 B CN105100051 B CN 105100051B
- Authority
- CN
- China
- Prior art keywords
- application example
- resource access
- data
- authority information
- access authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of method and system for realizing the control of data resource access permission, configuration file belonging to each application example data to be used resource access authority information is carried out local cache by server, after receiving the access data recourse requests of corresponding application example, the application example data to be used resource access authority information for calling directly local cache accesses verifying.In this way, just improving data resource access efficiency.
Description
Technical field
The present invention relates to computer field, in particular to a kind of method and be for realizing that data resource access permission controls
System.
Background technique
In large-scale computer network system, such as production system on line, often with the visitor of many data resources
Family end, while or it is asynchronous call computer network system in server on data resource.But it is asked when calling to access
When the quantity asked is very big, it will result in the exception of called server, eventually lead to server crash.It is asked to solve this
Topic can be arranged priority for the client in computer network system and successively be serviced according to the height of priority by server
These clients are these clients providing data resources, to guarantee the normal operation of computer system.
In server in computer network system, configuration file is preset, is stored in the system disk of server
On, it include to data resource access authority information.When the request of the data resource access of server process client, server
Configuration file on system disk is read into memory, according to being arranged in configuration file to data resource access authority information
Determine service logic, if be clients providing data resource.When the access authority information to data resource is updated or is adjusted
The data resource under this multiple application example when whole, if the information has corresponded to multiple application examples, in configuration file
Access authority information requires to be updated or adjusted one by one, and after the completion of update or adjustment, needs to restart server, with weight
These in new loading configuration file update or have adjusted the application example of data resource access authority information.
Above-mentioned server has the disadvantage that first to the control method of data resource access authority, receives data money every time
It when the access request of source, requires for the configuration file on system disk to be loaded into memory, the read operation of system disk is time-consuming
Seriously, the efficiency for affecting the request of server process data resource access, to affect the data in computer network system
Resource access efficiency;Second, when updating or adjusting data resource access permission, needs to modify configuration file and need to take again
Business device could complete the update of configuration file, can not provide data resource during Server Restart for computer network system
Access, this in the environment of high concurrent big amount of access, cause largely request be rejected or in computer network system
Other servers bring bigger flow pressure;Third, in configuration file, application relevant to data resource access authority information
Example requires to modify or update one by one, and it is bigger to correct mistakes or change inconsistent risk.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method for realizing the control of data resource access permission, this method energy
Enough improve the efficiency of data resource access permission.
The embodiment of the present invention also provides a kind of system for realizing the control of data resource access permission, which can be improved number
The efficiency accessed according to resource.
According to above-mentioned purpose, the present invention is implemented as follows:
A method of realizing the control of data resource access permission, this method comprises:
The server of computer network system is by each application example data to be used resource access authority information institute
The configuration file of category carries out local cache;
After the access data recourse requests for receiving the correspondence application example that the client in computer network system is sent,
The application example data to be used resource access authority information for calling directly local cache accesses verifying, and return is tested
Demonstrate,prove result.
Configuration file belonging to each described application example data to be used resource access authority information uses
Hash table mode caches.
This method further include:
In the key value database that server includes a log type, it is stored with each application example data to be used money
Source access authority information updates the application example data to be used resource access authority letter in the database when updated
It ceases and identifies update mark.
The key value database of the log type realizes that the application example in the described database is wanted using redis component
The data resource access authority information that uses simultaneously is identified update mark and is stored using hash table mode.
This method further include: database described in each application example timing asynchronous access of the local cache, obtaining should
The data resource access authority information being updated used in application example covers used in the application example in caching
Data resource access authority information.
Database described in the asynchronous timer access of application example is to be completed using asynchronous timed thread.
A kind of system for realizing the control of data resource access permission, comprising: local cache unit, request-response unit and test
Demonstrate,prove unit, wherein
Local cache unit, for will be belonging to each application example data to be used resource access authority information
Configuration file carries out local cache;
Request-response unit receives the access number for the correspondence application example that the client in computer network system is sent
According to resource request;
Authentication unit, call directly the application example data to be used resource access authority information of local cache into
Row access verifying, returns to verification result.
It further include the key value database of log type, for being stored with each application example data to be used resource access
Authority information directly updates application example data to be used resource access authority information and identifies update mark when updated
Will.
The local cache unit is also used to the key assignments data of log type described in each application example timing asynchronous access
Library obtains the data resource access authority information being updated used in the application example, and the application in covering caching is real
Data resource access authority information used in example.
As can be seen from the above scheme, the server of the embodiment of the present invention is by each application example data to be used
Configuration file belonging to resource access authority information carries out local cache, when the access data resource for receiving corresponding application example
After request, the application example data to be used resource access authority information for calling directly local cache, which accesses, to be tested
Card.In this way, after receiving access data recourse requests every time, all being read into system disk there is no need to as background technique
It takes configuration file to be verified, improves data resource access efficiency.It further, further include a log type in server
Key value database is stored with each application example data to be used resource access authority information, when updated, directly updates
Application example data to be used resource access authority information in the database simultaneously identifies, and the application example of local cache is fixed
When access the database, obtain the data resource access authority information being updated used in the application example, covering caching
In the application example used in data resource access authority information, without update data resource access permission letter
When breath, server is restarted, the flowing of access pressure in computer network system is prevented.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram for realizing the control of data resource access permission provided in an embodiment of the present invention;
Fig. 2 is a kind of method specific example process for realizing the control of data resource access permission provided in an embodiment of the present invention
Figure;
Fig. 3 is a kind of system structure diagram for realizing the control of data resource access permission provided in an embodiment of the present invention;
Fig. 4 is a kind of system specific example signal for realizing the control of data resource access permission provided in an embodiment of the present invention
Figure.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention more comprehensible, right hereinafter, referring to the drawings and the embodiments,
The present invention is described in further detail.
In order to improve the efficiency of data resource access, the server of the embodiment of the present invention to be made each application example
Configuration file belonging to data resource access authority information carries out local cache, when the access for receiving corresponding application example
After data recourse requests, the application example data to be used resource access authority information for calling directly local cache is carried out
Access verifying.In this way, after receiving access data recourse requests every time, it is hard all to arrive system there is no need to as background technique
Configuration file is read in disk to be verified, and data resource access efficiency is improved.
Herein, which is copy configuration file, and includes each hash table using hash table mode when preservation
A corresponding application example, thus the subsequent application example that can be positioned in the key value database of log type.
Further, it in the key value database that server further includes a log type, is stored with each application example and is wanted
The data resource access authority information used directly updates the application example institute number to be used in the database when updated
According to resource access authority information and identify update mark.
Herein, which is developed using redis component, and redis is the use ANSI C language an of open source
Write, support network, can based on Installed System Memory also can persistence log type key value database, can provide various using journey
Sequence programming interface (API).In the database, application example and data resource access authority information are one-to-one structures,
All data resource access information with more new logo are corresponded to application example to be arranged in a hash table.
Each application example timing asynchronous access of local cache database, obtains used in the application example
The data resource access authority information of update covers the letter of data resource access permission used in the application example in caching
Breath, without restarting server, preventing in computer network system when updating data resource access authority information
Flowing of access pressure.The institute of the application example of local cache is had updated when further, by update using coverage mode
There is data resource access authority information, that is, is directed to the mode that the hash table of application example is disposably replaced, rather than to institute
There is the data resource access authority information of application example all to replace, in this manner it is possible to prevent the request when computer network system
Under concurrent environment, there is the legacy data resource access authority information of application example in checking request, also there is the access of new data resource
Authority information.
Fig. 1 is a kind of method flow diagram for realizing the control of data resource access permission provided in an embodiment of the present invention, tool
Body step are as follows:
Step 101, computer network system server by each application example data to be used resource access
Configuration file belonging to authority information carries out local cache;
Step 102, the access data money for receiving the correspondence application example that the client in computer network system is sent
After the request of source, the application example data to be used resource access authority information for calling directly local cache, which accesses, to be tested
Card returns to verification result to client.
In this step, verification result, which can be, is verified, and client is allowed to access data resource;Or not for verifying
Pass through, does not allow client range data resource.
In the method, configuration belonging to each described application example data to be used resource access authority information
File all uses hash table mode to cache.
In the method, further comprise:
In the key value database that server further includes a log type, it is stored with each application example data to be used
Resource access authority information directly updates the application example data to be used resource access in the database when updated
Authority information simultaneously identifies update mark.
The key value database of the log type realizes that the application example in the described database is wanted using redis component
The data resource access authority information that uses simultaneously is identified update mark and is stored using hash table mode.
In the method, further includes:
Each application example timing asynchronous access of local cache database, obtains used in the application example
The data resource access authority information of update covers the letter of data resource access permission used in the application example in caching
Breath.
The application example asynchronous timer access database is to be completed using asynchronous timed thread.
Fig. 2 is a kind of method specific example process for realizing the control of data resource access permission provided in an embodiment of the present invention
Figure, it can be seen that in the more new stage, configuration change person directly updates the money of the application example data to be used in the database
Source access authority information simultaneously identifies update mark, and configuration querying person obtains used in requested application example into local cache
Data resource access authority information is simultaneously verified by server, and the application example of local cache is to the data based on redis
It the asynchronous data resource access authority information for acquiring updated application example of timing and is covered in library.In inquiry rank
Section, configuration querying person obtain data resource access authority information used in requested application example into local cache and by taking
Business device is verified.
Fig. 3 is a kind of system structure diagram for realizing the control of data resource access permission provided in an embodiment of the present invention,
It include: local cache unit, request-response unit and authentication unit, wherein
Local cache unit, for will be belonging to each application example data to be used resource access authority information
Configuration file carries out local cache;
Request-response unit receives the access number for the correspondence application example that the client in computer network system is sent
According to resource request, verification result is returned to client;
Authentication unit, call directly the application example data to be used resource access authority information of local cache into
Row access verifying.
It within the system, further include the key value database of log type, it is to be used for being stored with each application example institute
Data resource access authority information directly updates application example data to be used resource access authority information when updated
And identify update mark.
Within the system, the local cache unit is also used to log type described in each application example timing asynchronous access
Key value database, the data resource access authority information being updated used in the application example is obtained, in covering caching
The application example used in data resource access authority information.
Fig. 4 is a kind of system specific example signal for realizing the control of data resource access permission provided in an embodiment of the present invention
Figure, it can be seen from the figure that being provided with hash table in the local cache of server for each application example, the hash table
In store the data resource access authority information of the application example, each application example can receive access data resource and ask
It asks.Each application is interacted using asynchronous thread with the database based on redis component, in the database, corresponding each application
Example is cached with data resource access authority information to be used, using hash table store, when updated, directly with the data
Library interaction updates the application example data to be used resource access authority information in the database and identifies update mark,
The data resource access authority information of application example and update or the data resource access authority information not updated are one a pair of
It should be related to.
In embodiments of the present invention, if be updated, the data resource of relevant application example is visited in the server
It asks that authority information can all update, and comes into force quickly, do not need the service of restarting.When permission judgement is greatly decreased in the embodiment of the present invention
Between, improve the allocation efficiency of resource that computer system plays two.
It is above to lift preferred embodiment, the object, technical solutions and advantages of the present invention are had been further described, institute
It should be understood that the foregoing is merely illustrative of the preferred embodiments of the present invention, it is not intended to limit the invention, it is all of the invention
Spirit and principle within, made any modifications, equivalent replacements, and improvements etc., should be included in protection scope of the present invention it
It is interior.
Claims (6)
1. a kind of method for realizing the control of data resource access permission, which is characterized in that this method comprises:
The server of computer network system will be belonging to each application example data to be used resource access authority information
Configuration file carries out local cache;
After the access data recourse requests for receiving the correspondence application example that the client in computer network system is sent, directly
It calls the application example data to be used resource access authority information of local cache to access verifying, returns to verifying and ties
Fruit;
This method further include:
In the key value database that server includes a log type, it is stored with each application example data to be used resource and visits
It asks authority information, when updated, updates application example data to be used resource access authority information in the database simultaneously
Mark updates mark.
2. the method as described in claim 1, which is characterized in that the key value database of the log type is real using redis component
Show, the application example data to be used resource access authority information in the described database simultaneously identifies update mark use
Hash table mode stores.
3. the method as described in claim 1, which is characterized in that this method further include: each application of the local cache is real
Database described in example timing asynchronous access obtains the data resource access permission letter being updated used in the application example
Breath covers data resource access authority information used in the application example in caching.
4. method as claimed in claim 3, which is characterized in that database described in the asynchronous timer access of application example is to adopt
It is completed with asynchronous timed thread.
5. a kind of system for realizing the control of data resource access permission characterized by comprising local cache unit, request are rung
Answer unit and authentication unit, wherein
Local cache unit, for by configuration belonging to each application example data to be used resource access authority information
File carries out local cache;
Request-response unit receives the access data money for the correspondence application example that the client in computer network system is sent
Source request;
Authentication unit, the application example data to be used resource access authority information for calling directly local cache are visited
It asks verifying, returns to verification result;
It further include the key value database of log type, for being stored with each application example data to be used resource access authority
Information directly updates application example data to be used resource access authority information and identifies update mark when updated.
6. system as claimed in claim 5, which is characterized in that it is fixed to be also used to each application example for the local cache unit
When asynchronous access described in log type key value database, obtain the data resource access being updated used in the application example
Authority information covers data resource access authority information used in the application example in caching.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510288422.8A CN105100051B (en) | 2015-05-29 | 2015-05-29 | Realize the method and system of data resource access permission control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510288422.8A CN105100051B (en) | 2015-05-29 | 2015-05-29 | Realize the method and system of data resource access permission control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105100051A CN105100051A (en) | 2015-11-25 |
| CN105100051B true CN105100051B (en) | 2019-04-26 |
Family
ID=54579598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510288422.8A Active CN105100051B (en) | 2015-05-29 | 2015-05-29 | Realize the method and system of data resource access permission control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105100051B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302492A (en) * | 2016-08-23 | 2017-01-04 | 唐山新质点科技有限公司 | A kind of access control method and system |
| CN108073559B (en) * | 2016-11-18 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Method, device and system for realizing table data updating |
| CN106557347B (en) * | 2016-11-24 | 2020-09-04 | 泰康保险集团股份有限公司 | Software updating method and device |
| CN108417258A (en) * | 2017-02-10 | 2018-08-17 | 深圳市理邦精密仪器股份有限公司 | Right management method, device and patient monitor |
| CN108632204B (en) * | 2017-03-17 | 2021-01-22 | 网宿科技股份有限公司 | HTTP interface access authority verification method, system and server |
| CN106992997B (en) * | 2017-05-25 | 2020-05-05 | 人教数字出版有限公司 | Copyright management method and device |
| CN107291923B (en) * | 2017-06-29 | 2020-03-27 | 北京京东尚科信息技术有限公司 | Information processing method and device |
| CN107436920A (en) * | 2017-07-01 | 2017-12-05 | 武汉斗鱼网络科技有限公司 | Node.js authority control methods, storage medium, electronic equipment and system |
| CN109286643A (en) * | 2017-07-20 | 2019-01-29 | 西门子公司 | The method and apparatus for reading the configuration parameter of an application example |
| CN108334380A (en) * | 2018-01-19 | 2018-07-27 | 新智云数据服务有限公司 | A kind of configuration item management method, device, terminal and computer readable storage medium |
| CN108900475B (en) * | 2018-06-06 | 2020-10-23 | 麒麟合盛网络技术股份有限公司 | User authority control method and device |
| CN110717192B (en) * | 2019-09-11 | 2021-05-18 | 南京工业职业技术大学 | Big data security oriented access control method based on Key-Value accelerator |
| CN111090882B (en) * | 2019-12-18 | 2022-08-05 | 北京浪潮数据技术有限公司 | Operation control method, device and equipment for redis database |
| CN111147509A (en) * | 2019-12-30 | 2020-05-12 | 北京三快在线科技有限公司 | Network isolation method, device, server and storage medium |
| CN111290768B (en) * | 2020-01-22 | 2023-10-20 | 北京百度网讯科技有限公司 | Updating method, device, equipment and medium of containerized application system |
| CN113010131B (en) * | 2021-03-15 | 2024-04-05 | 京东科技控股股份有限公司 | Display content updating method, device, terminal, server and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490886A (en) * | 2012-06-12 | 2014-01-01 | 阿里巴巴集团控股有限公司 | Permission data validation method, device and system |
| CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
| CN104112085A (en) * | 2013-04-19 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Data permission control method and device for application system clusters |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5230070A (en) * | 1989-09-08 | 1993-07-20 | International Business Machines Corporation | Access authorization table for multi-processor caches |
| JP4569820B2 (en) * | 2005-06-22 | 2010-10-27 | 株式会社デンソー | Method and system for granting local operation release authority during remote operation |
-
2015
- 2015-05-29 CN CN201510288422.8A patent/CN105100051B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490886A (en) * | 2012-06-12 | 2014-01-01 | 阿里巴巴集团控股有限公司 | Permission data validation method, device and system |
| CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
| CN104112085A (en) * | 2013-04-19 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Data permission control method and device for application system clusters |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105100051A (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105100051B (en) | Realize the method and system of data resource access permission control | |
| CN112597472A (en) | Single sign-on method, device and storage medium | |
| CN103490886B (en) | The verification method of permissions data, apparatus and system | |
| CN108810041A (en) | A kind of data write-in of distributed cache system and expansion method, device | |
| CN102035815B (en) | Data acquisition method, access node and system | |
| CN110147240A (en) | Application program installation method, system and storage medium based on cloud storage | |
| CN104303534B (en) | Method and computer for being verified to mobile device | |
| CN108289101A (en) | Information processing method and device | |
| CN108053088A (en) | A kind of Subscriber Management System, method and apparatus | |
| CN110324407B (en) | Access control method and device for background server and storage medium | |
| CN109669718A (en) | System permission configuration method, device, equipment and storage medium | |
| CN110175464A (en) | Data access control method, device, storage medium and electronic equipment | |
| CN105915621A (en) | Data access method and pretreatment server | |
| US10262055B2 (en) | Selection of data storage settings for an application | |
| CN109684873A (en) | Data access control method, device, computer equipment and storage medium | |
| CN107580066A (en) | The method, apparatus and system of file access in a kind of distributed NAS storage system | |
| CN105988922A (en) | Testing method and device of application program as well as server | |
| CN109358874A (en) | Business rule update method, device, computer equipment and storage medium | |
| CN106708636A (en) | Cluster-based data caching method and apparatus | |
| CN112364028A (en) | Method and device for improving concurrency capability of online examination system and electronic equipment | |
| CN107480309A (en) | Database access strategies update method, device, server and computing device | |
| CN109669719A (en) | Using gray scale dissemination method, device, equipment and readable storage medium storing program for executing | |
| US10951600B2 (en) | Domain authentication | |
| CN109033877A (en) | A kind of distributed user permission processing method and system | |
| CN113157777A (en) | Distributed real-time data query method, cluster, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160602 Address after: 200433, room 1945, 1243 Siping Road, Shanghai, Yangpu District Applicant after: Shanghai Jingdong Yuan Yuan letter Information Technology Co., Ltd. Address before: 100080 Beijing city Haidian District xingshikou Road No. 65 building 11C Creative Park West West west Shan East 1-4 layer 1-4 layer Applicant before: Beijing Jingdong Shangke Information Technology Co., Ltd. Applicant before: Beijing Jingdong Century Commerce Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |