CN107577538A - Container method for managing resource and system - Google Patents

Container method for managing resource and system Download PDF

Info

Publication number
CN107577538A
CN107577538A CN201710995539.9A CN201710995539A CN107577538A CN 107577538 A CN107577538 A CN 107577538A CN 201710995539 A CN201710995539 A CN 201710995539A CN 107577538 A CN107577538 A CN 107577538A
Authority
CN
China
Prior art keywords
container
user
request
target
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710995539.9A
Other languages
Chinese (zh)
Other versions
CN107577538B (en
Inventor
李铭轩
魏进武
张呈宇
张基恒
博格利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201710995539.9A priority Critical patent/CN107577538B/en
Publication of CN107577538A publication Critical patent/CN107577538A/en
Application granted granted Critical
Publication of CN107577538B publication Critical patent/CN107577538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides container method for managing resource provided by the invention and system, the container request to create sent by receiving the first user, wherein container request to create includes authority information and demand information, container is created according to authority information and demand information, container is registered, obtain container log-on message list, receive the access request to target container that second user is sent, the authority information of target container is determined according to access request and container log-on message list, access request is performed according to the authority information of target container.So as to when creating container, directly by the authority information encapsulation of container in a reservoir, and then can be when user accesses container, authority information directly in container performs access, avoid being in the prior art the authority that user distributes container by container resource management system, once authority distribution mechanism occur avalanche and caused by user access mechanism disorder the problem of, ensure that the data safety in container.

Description

Container method for managing resource and system
Technical field
The present invention relates to data security arts, more particularly to a kind of Container Management method and system.
Background technology
With the arrival in digital information epoch, completing cloud storage using container technique turns into focus.How to based on more The container resource of tenant is managed as research emphasis.
In general, multiple containers are by resources such as the calculating on shared host, storage, networks.User is accessing container Before, it is necessary to authority be distributed by the container resource management system of system layer for user, then by the operating system pair of application The authority whether user accesses corresponding container is judged.Therefore, in existing container method for managing resource, user is to container Access rights distributed by container resource management system, once and authority distribution mechanism occur avalanche, tenant certainly will be caused The disorder of access mechanism, and then have a strong impact on the data safety in container.
The content of the invention
Avalanche easily occurs for the access rights distribution mechanism of existing Container Management system, has a strong impact in container The problem of data safety, the invention provides a kind of Container Management method and system.
On the one hand, the invention provides a kind of Container Management method, including:
The container request to create of the first user transmission is received, wherein the container request to create includes authority information and demand Information;
Container is created according to the authority information and the demand information;
The container is registered, obtains container log-on message list;
Receive the access request to target container that second user is sent;
The authority information of the target container is determined according to the access request and the container log-on message list;
The access request is performed according to the authority information of the target container.
Further, it is described that container is created according to the authority information and the demand information, including:
The authority information is encrypted, obtains container annotating information;
Container copy is created according to the demand information, and the container annotating information and the container copy are sealed Dress, obtains the container.
Further, the container log-on message list includes the container identification of each container and corresponding capsule address;Institute Access request is stated to identify including target container;
Accordingly, the power that the target container is determined according to the access request and the container log-on message list Limit information, including:
The container identification of each container in target container mark and the container log-on message list determines institute State the capsule address of target container;
According to target container described in the capsule address pull-up of the target container and obtain the target container container note Solve information;
The container annotating information of the target container is decrypted, obtains the authority information of the target container.
Further, before the container request to create for receiving the first user and sending, in addition to:
The ID authentication request of the first user transmission is received, and safety certification is carried out to the user identity of the first user;When When the authenticating user identification request of first user passes through, certification is sent by message to first user, for described First user sends the container request to create after certification is received by message;
Before the access request for receiving second user and sending, in addition to:
The ID authentication request that second user is sent is received, and safety certification is carried out to the user identity of second user;When When the authenticating user identification request of the second user passes through, certification is sent by message to the second user, for described Second user sends the access request after certification is received by message.
Further, the authority information includes each user mark and corresponding operating right;The access request includes Second user identifies and accessed operation;
Accordingly, it is described that the access request is performed according to the authority information of the target container, including:
Judge whether there is the mesh matched with second user mark in each user mark of the authority information of the target container Mark user's mark;
If so, then judge the second user access operation whether with the corresponding operating right of targeted customer mark Matching;If matching, perform described access and operate.
Further, the demand information includes container copy amount and/or container configuration parameter.
Present invention also offers a kind of container resource management system, including:
Transmit-Receive Unit, the container request to create sent for receiving the first user, wherein the container request to create includes Authority information and demand information;It is additionally operable to receive the access request to target container that second user is sent;
Container creating unit, for creating container according to the authority information and the demand information;The container is entered Row registration, obtains container log-on message list;
Container access unit, for determining that the target is held according to the access request and the container log-on message list The authority information of device;The access request is performed according to the authority information of the target container.
Further, the container creating unit, is specifically used for:
The authority information is encrypted, obtains container annotating information;
Container copy is created according to the demand information, and the container annotating information and the container copy are sealed Dress, obtains the container.
Further, the container log-on message list includes the container identification of each container and corresponding capsule address;Institute Access request is stated to identify including target container;
Accordingly, the container access unit, is specifically used for:According to target container mark and container registration letter The container identification of each container in breath list determines the capsule address of the target container;According to the container of the target container Target container described in the pull-up of location and the container annotating information for obtaining the target container;Letter is explained to the container of the target container Breath is decrypted, and obtains the authority information of the target container.
Further, the container resource management system also includes:Identification authenticating unit;
The identification authenticating unit is used to carry out safety certification to the user identity of the first user;It is additionally operable to second user User identity carry out safety certification;
Accordingly, the Transmit-Receive Unit is additionally operable to before the container request to create that the first user sends is received, and receives the The ID authentication request that one user sends;When the identification authenticating unit determines that the authenticating user identification request of the first user passes through When, the Transmit-Receive Unit is additionally operable to send certification by message to first user, so that first user is receiving Certification after message by sending the container request to create;
The Transmit-Receive Unit is additionally operable to before the access request that second user is sent is received, and receives what second user was sent ID authentication request;It is described when the identification authenticating unit determines that the authenticating user identification request of the second user passes through Transmit-Receive Unit is additionally operable to send certification by message to the second user, so that the second user passes through receiving certification The access request is sent after message.
Further, the authority information includes each user mark and corresponding operating right;The access request includes Second user identifies and accessed operation;
Accordingly, the container access unit, is specifically used for:Judge each user mark of the authority information of the target container Whether there is the targeted customer matched with second user mark to identify in knowledge;If so, then judge the access operation of the second user Whether operating right corresponding with targeted customer mark matches;If matching, perform described access and operate.
Further, the demand information includes container copy amount and/or container configuration parameter.
Container method for managing resource provided by the invention and system, the container sent by receiving the first user creates please Ask, wherein the container request to create includes authority information and demand information, according to the authority information and the demand information Create container, the container is registered, obtain container log-on message list, receive second user send to target container Access request, the authority information of the target container is determined according to the access request and the container log-on message list, The access request is performed according to the authority information of the target container.So as to when creating container, directly by the power of container Limit information encapsulates in a reservoir, and then can be when user accesses container, and the authority information directly in container performs access, keeps away Exempt from the prior art by container resource management system be user distribute container authority, once authority distribution mechanism occur avalanche and Caused by user access mechanism disorder the problem of, so as to ensure that the data safety in container.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet for container method for managing resource that the embodiment of the present invention one provides;
Fig. 2 is a kind of schematic flow sheet for container method for managing resource that the embodiment of the present invention two provides;
Fig. 3 is a kind of structural representation for container resource management system that the embodiment of the present invention three provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described.
Fig. 1 is a kind of schematic flow sheet for container method for managing resource that the embodiment of the present invention one provides, as shown in figure 1, The container method for managing resource that the embodiment of the present invention one provides comprises the following steps:
Step 101, receive the first user send container request to create, wherein container request to create include authority information and Demand information.
It should be noted that the executive agent concretely Container Management system of the present invention, its physical aspect can be by Manage the terminal device of the hardware such as device, memory, logic circuit, electronic chip composition.
Specifically, the Container Management system can receive the container request to create sent by the first user, and the container creates Include the authority information of container to be created, and the demand information of container to be created in request.Wherein, authority information specifically may be used For for representing the information or mark related with Container Management authority to container access rights, container modification authority etc., and demand The information then concretely container build-in attribute including such as container copy amount, and/or container configuration parameter etc..
In addition, the reception mode for receiving the container request to create that the first user sends can be by the way of instruction input be received Realize, such as a visual interactive interface is provided to the first user, so that specified location of first user at visual interactive interface is defeated Enter relevant information;It also for example can directly receive the instruction code inputted by the first user;Those skilled in the art can also use it His mode realizes the container request to create that the reception first user sends, and the present invention is not limited to this.
Step 102, container created according to authority information and demand information.
Step 103, container is registered, obtain container log-on message list.
Specifically, the authority information that can be inputted according to the first user determines the authority of the container created, and according to demand The container that information creating matches with demand information.Then, registered to creating the container completed, and obtain container log-on message List.Wherein, the container log-on message list does not comprise only the information of the container of the first user establishment, may also include other The information for the container that user creates.
Step 104, receive the access request to target container that second user is sent.
Specifically, the Container Management system can receive the access request to target container sent by second user.Its In, the access request is concretely used for target container progress data storage, digital independent, container state is checked, container is matched somebody with somebody Put modification, delete the request of the operations such as container.In addition, second user can be same user with the first user, can also be used with first Family is different user, and the present invention is not limited to this.
In addition, the reception mode for receiving the access request that second user is sent can be real by the way of instruction input is received It is existing, such as a visual interactive interface is provided to second user, so that specified location of the second user at visual interactive interface inputs Related access request;It also for example can directly receive the instruction code inputted by second user;Those skilled in the art can also use Other modes realize the container request to create that the reception second user is sent, and the present invention is not limited to this.
Step 105, the authority information for determining according to access request and container log-on message list target container.
Step 106, according to the authority information of target container perform access request.
Specifically, can be arranged according to the access request to target container of the second user of reception in container log-on message Inquired about in table and find the information of corresponding target container, then according to the authority of the acquisition of information of the target container target container Information.Then, can judge whether the second user has according to the authority information of the target container to conduct interviews to the target container Authority, if so, then can perform the access request, if not having, can to second user return denied access message.
That is, in the container method for managing resource that the embodiment of the present invention one provides, second user pair is being received After the access request of target container, the authority information being pre-stored in target container can be directly obtained, and according to the authority information To whether performing the access request of second user and judging, avoid receiving second user to mesh present in prior art After the access request for marking container, it is also necessary to container authority is distributed in system layer for second user, so that application layer is used second Family whether possess access container authority judged and caused by incipient fault for data security.
Preferably, in order to be further ensured that data safety, being created in the container that the user of reception first of step 101 sends please Before asking, can also safety certification be carried out to the identity of the first user.Specifically, including:Receive the identity of the first user transmission Certification request, and safety certification is carried out to the user identity of the first user;When the authenticating user identification request of the first user passes through When, certification is sent by message to the first user, so that the first user sends container wound after certification is received by message Build request.
Furthermore, it is understood that authentication mode can specifically use certificate verification or key authentication, for example, can be by container resource Management system sends user certificate or user key to user, so that user completes body using the user certificate or the user key Part certification, also user certificate or user key can be sent from Third Party Authentication system to user, be sent out to container resource management system The system certificate or system key matched with the user certificate is sent, so that container resource management system is completed to the identity of user Certification.In addition, when passing through certification to the first user, certification can be sent to the first user by message, so that the first user exists Certification is received by sending container request to create after message;When to the first user not over certification, it can be used to first Family sends authentification failure message, and the first user can initiate ID authentication request again according to the authentification failure message.
Preferably, in order to be further ensured that data safety, step 104 reception second user send access request it Before, it may also include:The ID authentication request that second user is sent is received, and the user identity progress safety of second user is recognized Card;When the authenticating user identification request of second user passes through, certification is sent by message to second user, for second user Access request is sent after certification is received by message.
Similar to the above, authentication mode can specifically use certificate verification or key authentication, for example, can be provided by container Management system sends user certificate or user key to user, so that user is completed using the user certificate or the user key Authentication, also user certificate or user key can be sent from Third Party Authentication system to user, to container resource management system The system certificate or system key matched with the user certificate is sent, so that container resource management system completes the identity to user Certification.In addition, when passing through certification to second user, certification can be sent to second user by message, the user for the Access request is sent after certification is received by message;, can be to second user when to second user not over certification Authentification failure message is sent, second user can initiate ID authentication request again according to the authentification failure message.
The container method for managing resource that the embodiment of the present invention one provides, the container sent by receiving the first user creates please Ask, wherein container request to create includes authority information and demand information, container is created according to authority information and demand information, to holding Device is registered, and obtains container log-on message list, the access request to target container that second user is sent is received, according to visit Ask that request and container log-on message list determine the authority information of target container, access is performed according to the authority information of target container Request.So as to which when creating container, directly by the authority information encapsulation of container in a reservoir, and then container can be accessed in user When, the authority information directly in container performs access, avoids being in the prior art user point by container resource management system The authority of dispensing container, once authority distribution mechanism occur avalanche and caused by user access mechanism disorder the problem of, so as to protect The data safety in container is demonstrate,proved.
On the basis of embodiment one, in order to which container method for managing resource provided by the invention is expanded on further, Fig. 2 is this A kind of schematic flow sheet for container method for managing resource that inventive embodiments two provide.
As shown in Fig. 2 the container method for managing resource includes:
Step 201, receive the first user send container request to create, wherein container request to create include authority information and Demand information.
With embodiment one similarly, the Container Management system can receive the container request to create sent by the first user, Include the authority information of container to be created, and the demand information of container to be created in the container request to create.Wherein, authority Information is concretely used for the expression information related with Container Management authority to container access rights, container modification authority etc. or mark Know, and container of the demand information then concretely including such as container copy amount, and/or container configuration parameter etc. inherently belongs to Property.
In addition, the reception mode for receiving the container request to create that the first user sends can be by the way of instruction input be received Realize, such as a visual interactive interface is provided to the first user, so that specified location of first user at visual interactive interface is defeated Enter relevant information;It also for example can directly receive the instruction code inputted by the first user;Those skilled in the art can also use it His mode realizes the container request to create that the reception first user sends, and the present invention is not limited to this.
Step 202, authority information is encrypted, obtains container annotating information.;
Step 203, according to demand information creating container copy, and container annotating information and container copy are packaged, Obtain container.
Specifically, authority information can be encrypted using encryption technology, generates container annotating information, such as can use Symmetric key encryption, can also use the encryption technologies such as asymmetric-key encryption, and the present invention is not limited to this.
In addition, information creating container copy creating container copy, and to container annotating information and container copy according to demand It is packaged, obtains container.
For example, when demand information includes container copy amount, quantity identical with the container copy amount can be created Container copy, and container annotating information and each container copy are packaged, obtain container;When demand information includes container During configuration parameter, container copy can be created according to the container configuration parameter, container configuration parameter therein concretely deposit by container Capacity, container threads number etc. are stored up, container annotating information and each container copy are packaged, obtains container.
Step 204, container is registered, obtain container log-on message list, wherein, the container log-on message list bag Include the container identification of each container and corresponding capsule address.
Specifically, registered to creating the container completed, and obtain container log-on message list.Container registration letter Breath list does not comprise only the information of the container of the first user establishment, may also include the information of the container of other users establishment, Wherein the information of container includes container identification and capsule address, and keyword is carried out to container annotating information in addition, it may further comprise having Obtained information of extraction etc..
Step 205, the access request to target container that second user is sent is received, wherein, the access request includes mesh Mark container identification.
Specifically, the Container Management system can receive the access request to target container sent by second user.Its In, target container mark is included in the access request.In addition, the access request is to be deposited for carrying out data to target container Storage, digital independent, container state are checked, container configuration modification, the request for deleting the operations such as container.In addition, second user can be with First user is same user, also can be different user with the first user, and the present invention is not limited to this.
In addition, the reception mode for receiving the access request that second user is sent can be real by the way of instruction input is received It is existing, such as a visual interactive interface is provided to second user, so that specified location of the second user at visual interactive interface inputs Related access request;It also for example can directly receive the instruction code inputted by second user;Those skilled in the art can also use Other modes realize the container request to create that the reception second user is sent, and the present invention is not limited to this.
Step 206, the container identification of each container in target container mark and container log-on message list determine mesh Mark the capsule address of container.
Step 207, according to the capsule address pull-up target container of target container and obtain the container of target container and explain letter Breath.
Step 208, the container annotating information to target container are decrypted, and obtain the authority information of target container.
Specifically, in step 206 to step 208, container resource management system is receiving second user transmission After the access request of target container, by with the target container mark and container log-on message list in the access request The container identification of each container is compared one by one, and the appearance of target container mark matching is determined in container log-on message list The corresponding capsule address capsule address of device mark is then the capsule address of target container.According to the target container got Capsule address, can be by target container pull-up from container resource pool, and reads the container annotating information being encapsulated in target container. Container annotating information is decrypted using with the decryption technology that the encryption technology in step 202 matches, and obtains target container Authority information.
Step 209, according to the authority information of target container perform access request.
Specifically, judge whether the second user has according to the authority information of the target container to carry out the target container The authority of access, if so, then can perform the access request, if not having, the message of denied access can be returned to second user.
Furthermore, it is understood that it specifically may include there is each user's mark and corresponding operating right in authority information, for example, first User's mark and the corresponding authority modified to container, delete and the data in container are stored and read etc., Also include authority that the 3rd user mark and the corresponding data in container are read out etc., in addition, user's mark can adopt The mode identified with individual consumer, i.e. one mark of a user, also can be by the way of group identification, i.e., multiple users to share One group identification, the present invention are not limited to this.And it is corresponding, access request also includes second user and identifies and access behaviour Work, specific access operation therein can be then the operations such as data storage, reading data, deletion container, modification container.Step 209 It can concretely judge whether there is the target matched with second user mark in each user mark of the authority information of target container User identifies.If there are the targeted customer matched with second user mark in the authority information of target container to identify, obtain With the corresponding operating right of targeted customer mark, and judge second user access operation it is whether corresponding with targeted customer's mark Operating right matching;If matching, perform and access operation.
Preferably, for the ease of being managed to each container, the present invention also receives to be run by the fixed container that it sends of container Status information, so that container resource management system is counted to the running status of container and is collected to user, it is easy to user couple Container is managed.
Preferably, in order to be further ensured that data safety, being created in the container that the user of reception first of step 201 sends please Before asking, it may also include:The ID authentication request of the first user transmission is received, and safety is carried out to the user identity of the first user Certification;When the authenticating user identification request of the first user passes through, certification is sent by message to the first user, for the first use Family sends container request to create after certification is received by message.
Furthermore, it is understood that authentication mode can specifically use certificate verification or key authentication, for example, can be by container resource Management system sends user certificate or user key to user, so that user completes body using the user certificate or the user key Part certification, also user certificate or user key can be sent from Third Party Authentication system to user, be sent out to container resource management system The system certificate or system key matched with the user certificate is sent, so that container resource management system is completed to the identity of user Certification.In addition, when passing through certification to the first user, certification can be sent to the first user by message, so that the first user exists Certification is received by sending container request to create after message;When to the first user not over certification, it can be used to first Family sends authentification failure message, and the first user can initiate ID authentication request again according to the authentification failure message.
Preferably, in order to be further ensured that data safety, step 205 reception second user send access request it Before, it may also include:The ID authentication request that second user is sent is received, and the user identity progress safety of second user is recognized Card;When the authenticating user identification request of second user passes through, certification is sent by message to second user, for second user Access request is sent after certification is received by message.
Similar to the above, authentication mode can specifically use certificate verification or key authentication, for example, can be provided by container Management system sends user certificate or user key to user, so that user is completed using the user certificate or the user key Authentication, also user certificate or user key can be sent from Third Party Authentication system to user, to container resource management system The system certificate or system key matched with the user certificate is sent, so that container resource management system completes the identity to user Certification.In addition, when passing through certification to second user, certification can be sent to second user by message, the user for the Access request is sent after certification is received by message;, can be to second user when to second user not over certification Authentification failure message is sent, second user can initiate ID authentication request again according to the authentification failure message.
The container method for managing resource that the embodiment of the present invention two provides is asked by receiving the container establishment that the first user sends Ask, wherein container request to create includes authority information and demand information, container is created according to authority information and demand information, to holding Device is registered, and obtains container log-on message list, the access request to target container that second user is sent is received, according to visit Ask that request and container log-on message list determine the authority information of target container, access is performed according to the authority information of target container Request.So as to which when creating container, directly by the authority information encapsulation of container in a reservoir, and then container can be accessed in user When, the authority information directly in container performs access, avoids being in the prior art user point by container resource management system The authority of dispensing container, once authority distribution mechanism occur avalanche and caused by user access mechanism disorder the problem of, so as to protect The data safety in container is demonstrate,proved.
Avalanche easily occurs for access rights distribution mechanism existing for prior art, has a strong impact on the data peace in container The problem of complete, Fig. 3 are a kind of structural representation for Container Management system that the embodiment of the present invention three provides.
As shown in figure 3, the Container Management system includes:
Transmit-Receive Unit 10 is used to receive the container request to create that the first user sends, and wherein container request to create includes authority Information and demand information;It is additionally operable to receive the access request to target container that second user is sent.
Container creating unit 20 is used to create container according to authority information and demand information;Container is registered, obtained Container log-on message list.
Container access unit 30 is used to determine that the authority of target container is believed according to access request and container log-on message list Breath;Access request is performed according to the authority information of target container.
Preferably, container creating unit 20, is specifically used for:Authority information is encrypted, obtains container annotating information;Root Container copy is created according to demand information, and container annotating information and container copy are packaged, obtains container.
Preferably, the list of container log-on message includes the container identification of each container and corresponding capsule address;Access request Identified including target container;Container access unit 30, specifically for according in target container mark and container log-on message list The container identification of each container determine the capsule address of target container;According to the capsule address pull-up target container of target container simultaneously Obtain the container annotating information of target container;The container annotating information of target container is decrypted, obtains the power of target container Limit information.
Preferably, authority information includes each user mark and corresponding operating right;Access request includes second user mark Know and access operation;Container access unit 30, specifically for judge target container authority information each user mark in whether There is the targeted customer matched with second user mark to identify;If so, then judging whether the access operation of second user is used with target Operating right matching corresponding to the mark of family;If matching, perform and access operation.
Preferably, demand information includes container copy amount and/or container configuration parameter.
Further, in order to be further ensured that data safety, container resource management system provided by the invention also includes body Part authentication unit;
Identification authenticating unit is used to carry out safety certification to the user identity of the first user;It is additionally operable to the use to second user Family identity carries out safety certification;
Accordingly, Transmit-Receive Unit 10 is additionally operable to before the container request to create that the first user sends is received, and receives first The ID authentication request that user sends;When identification authenticating unit determines that the authenticating user identification request of the first user passes through, receive Bill member 10 is additionally operable to send certification by message to the first user, so that the first user is after certification is received by message Send container request to create;
Transmit-Receive Unit 10 is additionally operable to before the access request that second user is sent is received, and receives the body that second user is sent Part certification request;When identification authenticating unit determines that the authenticating user identification request of second user passes through, Transmit-Receive Unit 10 is also used In sending certification by message to second user, asked so that second user sends to access after certification is received by message Ask.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description Specific work process and corresponding beneficial effect, may be referred to the corresponding process in preceding method embodiment, herein no longer Repeat.
Container method for managing resource provided by the invention and system, the container sent by receiving the first user creates please Ask, wherein container request to create includes authority information and demand information, container is created according to authority information and demand information, to holding Device is registered, and obtains container log-on message list, the access request to target container that second user is sent is received, according to visit Ask that request and container log-on message list determine the authority information of target container, access is performed according to the authority information of target container Request.So as to which when creating container, directly by the authority information encapsulation of container in a reservoir, and then container can be accessed in user When, the authority information directly in container performs access, avoids being in the prior art user point by container resource management system The authority of dispensing container, once authority distribution mechanism occur avalanche and caused by user access mechanism disorder the problem of, so as to protect The data safety in container is demonstrate,proved.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (12)

  1. A kind of 1. container method for managing resource, it is characterised in that including:
    The container request to create of the first user transmission is received, wherein the container request to create includes authority information and demand is believed Breath;
    Container is created according to the authority information and the demand information;
    The container is registered, obtains container log-on message list;
    Receive the access request to target container that second user is sent;
    The authority information of the target container is determined according to the access request and the container log-on message list;
    The access request is performed according to the authority information of the target container.
  2. 2. container method for managing resource according to claim 1, it is characterised in that described according to the authority information and institute State demand information and create container, including:
    The authority information is encrypted, obtains container annotating information;
    Container copy is created according to the demand information, and the container annotating information and the container copy are packaged, Obtain the container.
  3. 3. container method for managing resource according to claim 2, it is characterised in that the container log-on message list includes The container identification of each container and corresponding capsule address;The access request identifies including target container;
    Accordingly, it is described to determine that the authority of the target container is believed according to the access request and the container log-on message list Breath, including:
    The container identification of each container in target container mark and the container log-on message list determines the mesh Mark the capsule address of container;
    According to target container described in the capsule address pull-up of the target container and obtain the target container container explain letter Breath;
    The container annotating information of the target container is decrypted, obtains the authority information of the target container.
  4. 4. container method for managing resource according to claim 1, it is characterised in that the appearance for receiving the first user and sending Before device request to create, in addition to:
    The ID authentication request of the first user transmission is received, and safety certification is carried out to the user identity of the first user;When described When the authenticating user identification request of first user passes through, certification is sent by message to first user, for described first User sends the container request to create after certification is received by message;
    Before the access request for receiving second user and sending, in addition to:
    The ID authentication request that second user is sent is received, and safety certification is carried out to the user identity of second user;When described When the authenticating user identification request of second user passes through, certification is sent by message to the second user, for described second User sends the access request after certification is received by message.
  5. 5. container method for managing resource according to claim 1, it is characterised in that the authority information is marked including each user Know and corresponding operating right;The access request includes second user and identifies and access operation;
    Accordingly, it is described that the access request is performed according to the authority information of the target container, including:
    Judge whether there is the target matched with second user mark to use in each user mark of the authority information of the target container Family identifies;
    If so, then judge the second user access operation whether with the corresponding operating right of targeted customer mark Match somebody with somebody;If matching, perform described access and operate.
  6. 6. according to the container method for managing resource described in claim any one of 1-5, it is characterised in that the demand information includes Container copy amount and/or container configuration parameter.
  7. A kind of 7. container resource management system, it is characterised in that including:
    Transmit-Receive Unit, the container request to create sent for receiving the first user, wherein the container request to create includes authority Information and demand information;It is additionally operable to receive the access request to target container that second user is sent;
    Container creating unit, for creating container according to the authority information and the demand information;The container is noted Volume, obtain container log-on message list;
    Container access unit, for determining the target container according to the access request and the container log-on message list Authority information;The access request is performed according to the authority information of the target container.
  8. 8. container resource management system according to claim 7, it is characterised in that the container creating unit is specific to use In:
    The authority information is encrypted, obtains container annotating information;
    Container copy is created according to the demand information, and the container annotating information and the container copy are packaged, Obtain the container.
  9. 9. container resource management system according to claim 8, it is characterised in that the container log-on message list includes The container identification of each container and corresponding capsule address;The access request identifies including target container;
    Accordingly, the container access unit, is specifically used for:According to target container mark and container log-on message row The container identification of each container in table determines the capsule address of the target container;Drawn according to the capsule address of the target container Play the target container and obtain the container annotating information of the target container;The container annotating information of the target container is entered Row decryption, obtain the authority information of the target container.
  10. 10. container resource management system according to claim 7, it is characterised in that also include:Identification authenticating unit;
    The identification authenticating unit is used to carry out safety certification to the user identity of the first user;It is additionally operable to the use to second user Family identity carries out safety certification;
    Accordingly, the Transmit-Receive Unit is additionally operable to before the container request to create that the first user sends is received, and is received first and is used The ID authentication request that family is sent;When the identification authenticating unit determines that the authenticating user identification request of the first user passes through, The Transmit-Receive Unit is additionally operable to send certification by message to first user, so that first user is receiving certification By sending the container request to create after message;
    The Transmit-Receive Unit is additionally operable to before the access request that second user is sent is received, and receives the identity that second user is sent Certification request;When the identification authenticating unit determines that the authenticating user identification request of the second user passes through, the transmitting-receiving Unit is additionally operable to send certification by message to the second user, so that the second user passes through message receiving certification The access request is sent afterwards.
  11. 11. container resource management system according to claim 7, it is characterised in that the authority information includes each user Mark and corresponding operating right;The access request includes second user and identifies and access operation;
    Accordingly, the container access unit, is specifically used for:In each user mark for judging the authority information of the target container Whether there is the targeted customer matched with second user mark to identify;If so, then judge the second user access operation whether Operating right matching corresponding with targeted customer mark;If matching, perform described access and operate.
  12. 12. according to the container resource management system described in claim any one of 7-11, it is characterised in that the demand information bag Include container copy amount and/or container configuration parameter.
CN201710995539.9A 2017-10-23 2017-10-23 Container resource management method and system Active CN107577538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710995539.9A CN107577538B (en) 2017-10-23 2017-10-23 Container resource management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710995539.9A CN107577538B (en) 2017-10-23 2017-10-23 Container resource management method and system

Publications (2)

Publication Number Publication Date
CN107577538A true CN107577538A (en) 2018-01-12
CN107577538B CN107577538B (en) 2020-03-31

Family

ID=61036846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710995539.9A Active CN107577538B (en) 2017-10-23 2017-10-23 Container resource management method and system

Country Status (1)

Country Link
CN (1) CN107577538B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182095A (en) * 2018-01-16 2018-06-19 湖北省楚天云有限公司 A kind of application dispositions method, device and equipment
CN108319872A (en) * 2018-01-16 2018-07-24 湖北省楚天云有限公司 A kind of closed container generation method, device and equipment
CN111490981A (en) * 2020-04-01 2020-08-04 广州虎牙科技有限公司 Access management method and device, bastion machine and readable storage medium
CN112162825A (en) * 2020-10-12 2021-01-01 北京首都在线科技股份有限公司 Equipment configuration method, device, equipment and storage medium
CN113472845A (en) * 2021-05-27 2021-10-01 四川大学华西医院 Medical Internet of things intelligent system based on container technology
CN113641456A (en) * 2021-08-18 2021-11-12 中国联合网络通信集团有限公司 Data cluster deployment method, device and system
CN117519911A (en) * 2024-01-04 2024-02-06 珠海星云智联科技有限公司 Automatic injection system, method, device, cluster and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105160269A (en) * 2015-08-13 2015-12-16 浪潮电子信息产业股份有限公司 Method and apparatus for accessing data in Docker container
US20160170721A1 (en) * 2014-12-15 2016-06-16 Kirsten Ingmar Heiss System and method for software development using graphical tree structures
CN105847045A (en) * 2016-01-04 2016-08-10 中国电子科技网络信息安全有限公司 Application packaging system and management method based on Docker container
CN106469083A (en) * 2015-08-19 2017-03-01 三星Sds株式会社 Container mirror-image safety inspection method and its device
CN106557690A (en) * 2016-11-29 2017-04-05 北京元心科技有限公司 Method and apparatus for managing multi-container system
CN106970822A (en) * 2017-02-20 2017-07-21 阿里巴巴集团控股有限公司 A kind of container creation method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160170721A1 (en) * 2014-12-15 2016-06-16 Kirsten Ingmar Heiss System and method for software development using graphical tree structures
CN105160269A (en) * 2015-08-13 2015-12-16 浪潮电子信息产业股份有限公司 Method and apparatus for accessing data in Docker container
CN106469083A (en) * 2015-08-19 2017-03-01 三星Sds株式会社 Container mirror-image safety inspection method and its device
CN105847045A (en) * 2016-01-04 2016-08-10 中国电子科技网络信息安全有限公司 Application packaging system and management method based on Docker container
CN106557690A (en) * 2016-11-29 2017-04-05 北京元心科技有限公司 Method and apparatus for managing multi-container system
CN106970822A (en) * 2017-02-20 2017-07-21 阿里巴巴集团控股有限公司 A kind of container creation method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
WADE&LUFFY: "访问Docker仓库", 《HTTPS://WWW.CNBLOGS.COM/WADE-LUFFY/P/6497502.HTML》 *
中国存储网网友: "Docker入门基础之使用容器、镜像和注册表", 《WWW.CHINASTOR.COM/JISHU/DOCKER/0ZQD552015.HTML》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182095A (en) * 2018-01-16 2018-06-19 湖北省楚天云有限公司 A kind of application dispositions method, device and equipment
CN108319872A (en) * 2018-01-16 2018-07-24 湖北省楚天云有限公司 A kind of closed container generation method, device and equipment
CN108319872B (en) * 2018-01-16 2020-05-22 湖北省楚天云有限公司 Method, device and equipment for generating closed container
CN111490981A (en) * 2020-04-01 2020-08-04 广州虎牙科技有限公司 Access management method and device, bastion machine and readable storage medium
CN111490981B (en) * 2020-04-01 2022-02-01 广州虎牙科技有限公司 Access management method and device, bastion machine and readable storage medium
CN112162825A (en) * 2020-10-12 2021-01-01 北京首都在线科技股份有限公司 Equipment configuration method, device, equipment and storage medium
CN113472845A (en) * 2021-05-27 2021-10-01 四川大学华西医院 Medical Internet of things intelligent system based on container technology
CN113472845B (en) * 2021-05-27 2023-05-09 四川大学华西医院 Medical internet of things intelligent system based on container technology
CN113641456A (en) * 2021-08-18 2021-11-12 中国联合网络通信集团有限公司 Data cluster deployment method, device and system
CN113641456B (en) * 2021-08-18 2023-06-13 中国联合网络通信集团有限公司 Deployment method, device and system of data cluster
CN117519911A (en) * 2024-01-04 2024-02-06 珠海星云智联科技有限公司 Automatic injection system, method, device, cluster and medium
CN117519911B (en) * 2024-01-04 2024-04-19 珠海星云智联科技有限公司 Automatic injection system, method, device, cluster and medium

Also Published As

Publication number Publication date
CN107577538B (en) 2020-03-31

Similar Documents

Publication Publication Date Title
CN107577538A (en) Container method for managing resource and system
KR102255287B1 (en) Physical identity management system using One-time-password on Blockchain
CN108768963A (en) The communication means and system of trusted application and safety element
CN109102269A (en) Transfer account method and device, block chain node and storage medium based on block chain
CN110401655A (en) Access control right management system based on user and role
CN108667886A (en) The method, management system and cloud computing service framework of PaaS services are provided
CN106503492A (en) A kind of authorization management method, server, customer equipment and system
CN109587146A (en) Method for managing object and system based on block chain
CN110210207A (en) Authorization method and equipment
CN103366135A (en) Tenant driven security system and method in a storage cloud
CN107766738A (en) A kind of binding method of smart machine, device and system, communication system
CN105099983B (en) authorization method, authority setting method and device
CN103888410B (en) Application identity verification method and system
CN108985930A (en) Information processing method and device, block chain node and storage medium
JP2021174528A5 (en)
US20140137265A1 (en) System and Method For Securing Critical Data In A Remotely Accessible Database
CN111723060A (en) Blacklist data sharing method and system based on block chain
CN109347866A (en) Login method, device, system and computer readable storage medium
WO2020047116A1 (en) Techniques for data access control utilizing blockchains
CN107040520A (en) A kind of cloud computing data-sharing systems and method
CN104063335B (en) USB device reorientation method, equipment and system
CN105991624A (en) Safety management method and device of server
CN104866774B (en) The method and system of account rights management
CN108280581B (en) Article management method and device
CN110232569A (en) A kind of read method of transaction record, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant