Invention content
In view of this, this application provides a kind of access control method and device, to realize more reasonably for server
Node distributes access request, improves the process performance of server, and reduce the wasting of resources.
To achieve the above object, on the one hand, this application provides a kind of access control method, including:
The resource access request to server set pocket transmission is received, the resource access request carries the mark of sender
Information;
According to hash algorithm, the cryptographic Hash corresponding to the identification information of described sender is calculated;
It detects whether to be stored with the corresponding at least one server node of the cryptographic Hash, the cryptographic Hash is corresponding at least
Load equalizer is the server node that described sender was distributed before one server node is current time;
When being stored with the corresponding at least one server node of the cryptographic Hash, from least one server node
In, determine at least one candidate server node of the load less than predetermined threshold value;
From at least one candidate server node, the target clothes for handling the resource access request are determined
Business device node;
The resource access request is distributed into the target server node processing.
Preferably, it further includes:
When there is no the corresponding at least one server node of the cryptographic Hash or the cryptographic Hash corresponding at least one
There is no candidate server node of the load less than predetermined threshold value in a server node, then according to clothes each in server cluster
The load state of business device node, selects the target server node for handling the resource access request.
Preferably, it is described the resource access request is distributed to the target server node processing after, also wrap
It includes:
The correspondence between the cryptographic Hash and the target server node is stored, by the destination server section
Point identification is the server node that described sender accessed.
Preferably, described according to hash algorithm, before calculating the cryptographic Hash corresponding to the identification information of described sender,
It further includes:
Parse the resource request type that the resource access request is included, the money that the resource access request is included
Source request type includes:One or both of static resource is asked and dynamic resource is asked;
If the resource access request is asked including static resource, static resource request is transmitted to static generation
Server is managed, requested target quiescent resource is asked to obtain the static resource by static agent server;
The target quiescent resource that the static agent server returns is sent to described sender;
If the resource access request includes dynamic resource request, perform it is described according to hash algorithm, described in calculating
The operation of cryptographic Hash corresponding to the identification information of sender;
It is described that the resource access request is distributed into the target server node processing, including:
The dynamic resource is requested assignment into the target server node processing.
Preferably, it is described from least one candidate server node, it determines to access for handling the resource
The target server node of request, including:
If there is a candidate server node, then the candidate server node is determined as the destination server
Node;
If there is multiple candidate server nodes, then it will load minimum candidate server node and be determined as destination service
Device node.
On the other hand, present invention also provides a kind of access control apparatus, including:
Request reception unit, for receiving the resource access request to server set pocket transmission, the resource access request
Carry the identification information of sender;
Hash calculation unit, for according to hash algorithm, calculating the cryptographic Hash corresponding to the identification information of described sender;
Relationship detection unit, for detecting whether being stored with the corresponding at least one server node of the cryptographic Hash, institute
It is the server node that current time foregoing description sender accessed to state the corresponding at least one server node of cryptographic Hash;
Node screening unit, for when being stored with the corresponding at least one server node of the cryptographic Hash, from described
In at least one server node, at least one candidate server node of the load less than predetermined threshold value is determined;
First determination unit, for from least one candidate server node, determining to handle the money
The target server node of source access request;
Allocation unit is asked, is handled for the resource access request to be distributed to the target server node.
Preferably, it further includes:
Second determination unit, for when there is no the corresponding at least one server nodes of the cryptographic Hash or described
Candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of cryptographic Hash, then basis
The load state of each server node in server cluster, selects the destination service for handling the resource access request
Device node.
Preferably, it further includes:
Relationship storage unit, for the resource access request to be distributed to described second really in the request allocation unit
After the target server node that order member is determined, store between the cryptographic Hash and the target server node
The target server node is identified as the server node that described sender accessed by correspondence.
Preferably, it further includes:
Request analysis unit, for calculating the Kazakhstan corresponding to the identification information of described sender in the Hash calculation unit
Before uncommon value, the resource request type that the resource access request is included is parsed, what the resource access request was included
Resource request type includes:One or both of static resource is asked and dynamic resource is asked;
Static treatment unit, if going out the resource access request for the request analysis unit resolves includes static provide
Source is asked, then static resource request is transmitted to static agent server, described in being obtained by static agent server
Static resource asks requested target quiescent resource;
Static returning unit, the target quiescent resource for the static agent server to be returned are sent to described
Sender;
Dynamic processing elements provide if going out the resource access request for the request analysis unit resolves and including dynamic
Source is asked, then performs the operation of the Hash calculation unit;
The request allocation unit, specifically, for the dynamic resource to be requested assignment to the destination server section
Point processing.
Preferably, the node screening unit, including:
First screening subelement, for if there is a candidate server node, then by the candidate server node
It is determined as the target server node;
Second screening subelement, for if there is multiple candidate server nodes, then minimum candidate service will to be loaded
Device node is determined as target server node.
As known from the above, in the embodiment of the present application, if forward direction load equalizer of the sender at current time is sent
Resource access request is crossed, load equalizer can be stored with the mark of the sender after the sender is assigned with server node
Know the corresponding cryptographic Hash of information and the correspondence of the server node.In this way, when the load equalizer is being currently received this
After the resource access request that sender sends, it can determine to work as according to cryptographic Hash corresponding to the identification information of the sender
Once at least one server node of the resource access request of the sender is processed before the preceding moment, and from least one clothes
It is engaged in choosing candidate server node of the load less than predetermined threshold value in device node as the target clothes for handling the resource access request
Business node, the resource access request so as to which same sender is sent are directed to fixed one or more server sections
Point is conducive to the load state with reference to server node, the number of the access request handled by each server node of reasonable distribution
Amount can be realized a large amount of resource access request assigning to different server node, and then realize more reasonable distribution resource
Access request, reduces that part server node load is excessive, and the situation that part server node is more idle, is conducive to subtract
Few wasting of resources, and improve the process performance of server node process resource access request.
Specific embodiment
The access control method and device of the application can be applied to server cluster, which can be included extremely
A few load equalizer and multiple servers node.
Such as, referring to Fig. 1, it illustrates the signals of a kind of server cluster that a kind of access control method of the application is applicable in
Figure, in this scenario, the server cluster which is applicable in includes a load equalizer 101 and Duo Tai is serviced
Device node 102.
Such as, which can be web server.
Load equalizer 101 is responsible for distributing to the access request for being sent to the server cluster at server node
Reason.
Server node is the node for being used to handle the requested related service of access request in server cluster.
To be introduced by taking a load equalizer as an example in Fig. 1, it is contemplated that the reliability of server cluster and
Stability, can also set more load equalizers in server cluster, and will a wherein main load equalizer of conduct, and incite somebody to action
Remaining load equalizer is as spare load equalizer.
Specifically, in the embodiment of the present application, resource of the load equalizer for receiving to server set pocket transmission is visited
Ask request, which carries the identification information of sender;According to hash algorithm, the mark letter of the sender is calculated
The corresponding cryptographic Hash of breath;It detects whether to be stored with the corresponding at least one server node of the cryptographic Hash, which corresponds to
At least one server node be current time before load equalizer be server node that the sender distributed;When depositing
When containing the corresponding at least one server node of the cryptographic Hash, from least one server node, determine to bear
Carry at least one candidate server node less than predetermined threshold value;From at least one candidate server node, determine
For handling the target server node of the resource access request;The resource access request is distributed into the destination server section
Point processing.
Wherein, the identification information of sender can include:The IP address and MAC Address of the terminal of access request are sent, with
And it initiates one or more in the relevant informations such as the login name of the user of the access request, password.
As it can be seen that in the embodiment of the present application, if forward direction load equalizer of the sender at current time is transmitted across resource
Access request, and load equalizer is assigned with server node for elder generation sender, then the load equalizer can be stored with the hair
Cryptographic Hash corresponding to the identification information of the side of sending and the correspondence of the server node.In this way, when the load equalizer currently connects
It, can be according to cryptographic Hash corresponding to the identification information of the sender, really after the resource access request for receiving sender transmission
Once at least one server node of the resource access request of the sender was processed before making current time, and from this at least
Candidate server node of the load less than predetermined threshold value is chosen in one server node as the processing resource access request
Destination service node, the resource access request so as to which same sender is sent are directed to fixed one or more clothes
Business device node is conducive to determine the quantity of the access request handled by each server node, in this way with reference to server node
Load state is conducive to a large amount of resource access request assigning to different server node, so as to fulfill more reasonable distribution
Resource access request, reduces that part server node load is excessive, and the situation that part server node is more idle, favorably
In the reduction wasting of resources, and improve the process performance of server node process resource access request.
Further, when there is no at least one server sections corresponding with the cryptographic Hash calculated in load equalizer
There is no candidate server section of the load less than predetermined threshold value in point or the corresponding at least one server node of the cryptographic Hash
Point, then load equalizer can select to handle this according to the load state of server node each in server cluster
The target server node of resource access request.
Correspondingly, it is visited in load equalizer there is no in the case of the corresponding server node of cryptographic Hash by resource
Ask after requesting assignment to target server node processing, can also store the cryptographic Hash and the target server node it
Between correspondence, the target server node is identified as the server node that described sender accessed, in this way, after
The resource access request that the sender sends is reassigned to the server node by continuous foundation based on the correspondence.
Alternatively, in order to enable server node can the service logic be good at of single-minded processing, with
The read-write efficiency of server node is improved, can also be included and load equalizer phase in the server cluster of the embodiment of the present application
Static agent server 103 even.In this way, load equalizer can will ask the access of static resource in resource access request
It asks and is transmitted to the static agent server 103 to handle, without being handled in the server node by being used for processing business.
Wherein, static resource or static agent server 103 and text can be stored in the static agent server
Part server 104 is connected, which can obtain requested static resource from file server.
Certainly, database 105 can also be included in the server cluster, which can be from database 105
Obtain the related data needed for processing business.The database 105 may alternatively be a data-base cluster, not limited herein
System.
With reference to more than general character, referring to Fig. 2, it illustrates a kind of flows of access control method one embodiment of the application to show
It is intended to, the present embodiment is described from the angle of load equalizer, and the method for the present embodiment can include:
S201 receives the resource access request that client is sent.
Such as, the resource address where requested resource can be included in the resource access request, which can be with
For uniform resource locator (Uniform Resource Location, URL) etc..
It is understood that in addition to including the resource for asking to access in the resource access request sent in the client
Except relevant information, the relevant information of the sender of the resource access request can also be sent, e.g., the IP address of sender, with
And the equipment phase with sender such as media access control (Media Access Control, MAC) address of the equipment of sender
The information of pass can also include the relevant information of the corresponding user of sender, such as the user name of user, password.
S202 parses resource request type included in the resource access request.
Wherein, ask the resource type accessed that can include in static resource and dynamic resource in resource access request
One or two, correspondingly, resource request type can be divided into static resource request and dynamic resource asks two kinds.An and money
It can include in the access request of source:One or both of static resource is asked and dynamic resource is asked.
Wherein, static resource request is for asking static resource, and e.g., static resource can include:Pictorial information, static page
Face, document, template, js files etc..
And dynamic resource request is used for request dynamic resource, dynamic resource is the resource except static resource.
S203 includes static resource request if parsed, which is asked in the resource access request
Static agent server is sent to, requested target quiescent is asked to provide to obtain the static resource by static agent server
Source.
It is understood that specific business logic processing is carried out since static resource does not need to server, at this
Apply in embodiment, in order to reduce the burden of the server node for processing business logic, for being wrapped in resource access request
The static resource request contained, then can ask to be transmitted to static agent server to handle by the static resource.
Such as, in one implementation, static agent server can be asked according to static resource, from file server
It obtains the static resource and asks requested target quiescent resource, and the target quiescent resource got is returned into load balancing
Device, so that the target quiescent resource directly is returned to the client by load equalizer.
S204, when receiving static agent server for the returned target quiescent resource of static resource request,
The target quiescent resource is sent to the client.
It should be noted that above step S202 to S204 is a kind of optional step, without the concern for reduction server
In the case of the type of service that node is born, as above step S202 and step S204 can not also be performed.
Certainly, in the resource access request is parsed do not include static resource request in the case of, without perform with
Upper step S203 and S204.
S205 includes dynamic resource request if parsed in the resource access request, obtaining resource access please
The identification information of entrained sender is sought, and the cryptographic Hash that the identification information for calculating the sender is corresponding.
Such as, the identification information of the sender can be parsed from resource access request.
Wherein, the identification information of the sender can include the IP address of the terminal of sender noted earlier, send
The MAC Address of terminal, the user name of user of sender, the password of user of sender and the user-association of sender of side
User information etc. in it is one or more.
It is understood that after the identification information of sender is determined, preset hash algorithm can be utilized, to count
Calculate cryptographic Hash corresponding to the identification information of the sender, in the case that the identification information of sender determines, the Hash that calculates
Value is fixed, so as to be conducive to subsequently be based on cryptographic Hash, determines to process the server of the resource access request of the sender
Node.
Wherein, it when calculating cryptographic Hash corresponding to identification information of the transmission, can calculate preset different Hash as needed
Method does not limit herein.
S206 is detected and the corresponding node set of the cryptographic Hash whether is stored in the load equalizer, if it is, performing
Step S207;If it is not, then perform step S209.
Wherein, which includes at least one server node.Clothes in the corresponding node set of the cryptographic Hash
Business device node be:Load equalizer is the server node of sender distribution before current time.It may also be said that the set of node
Server node in conjunction is:By the server node for the resource access request for processing the sender before current time.
It should be noted that in the present embodiment, for ease of description, with load equalizer store different cryptographic Hash with
It is introduced for the correspondence of node set, but it is understood that, in practical applications, for each cryptographic Hash,
Load equalizer can also directly store the correspondence of the cryptographic Hash and at least one server node.
S207 is detected at least one server node that the node set includes, if be there is load and is less than default threshold
At least one candidate server node of value, if it is, performing step S208;If it is not, then perform step S209.
It should be noted that in the embodiment of the present application, for the ease of distinguishing, by the corresponding at least one service of cryptographic Hash
In device node, load is known as candidate server node less than the server node of predetermined threshold value.
Wherein, which can be set as needed, and e.g., load is less than the CPU that predetermined threshold value can be server
It is used using, memory, IO consumption etc. is less than preset ratio etc..
It is understood that in order to avoid the load excessive of some server node, the corresponding section of cryptographic Hash is being determined
After point set, it is also necessary to whether the load for detecting each server node in the node set is less than predetermined threshold value, so as to
Portfolio handled by balanced each server node.
If correspondingly, there is candidate server node of the load less than predetermined threshold value in the node set, can hold
The follow-up step S208 of row, to determine the service for handling the dynamic resource access request from candidate server node
Device node;If there is no loads in the node set to be less than default preset candidate server node, illustrate currently to have divided
The load of multiple server nodes of the dispensing sender is larger, and the resource access for being not suitable for continuing with the sender please
It asks, in that case, needs to perform step S209 to be that the sender determines server node again.
S208 from least one candidate server node, determines the target for handling dynamic resource request
Dynamic resource request is sent to the target server node by server node.
Wherein, after dynamic resource request being sent to target server node, the destination server section can be passed through
Point for the client return the dynamic resource request request access dynamic resource.
It is understood that load might have one or more less than the candidate server node of predetermined threshold value, waiting
The candidate server node only there are one in the case of, then can be determined as handling the dynamic resource by election server node
The target server node of request.
Candidate server node have it is multiple in the case of, random algorithm may be used, from multiple candidate server section
A candidate server node is randomly selected out in point as the target server node.Optionally, in order to further closing
Reason is server node distribution resource access request, in multiple candidate server node, can will load minimum candidate
Server node is determined as the target server node.
It should be noted that above step S205 to S208 is introduced for handling dynamic resource request, still
It is understood that if load equalizer after resource access request is received, is wrapped in uncertain resource access request
The type of the resource request contained can also directly perform step S205 to step S208, so that load equalizer determines to be used for
Handle the target server node of the resource access request.
S209 from server cluster, determines have the corresponding business processing permission of dynamic resource request extremely
A few server node undetermined.
It is understood that since different dynamic resources asks requested dynamic resource difference, only server section
Point has the function of handling the corresponding dynamic resource of dynamic resource request, can just handle dynamic resource request, therefore,
It needs first to determine have the server node for handling the corresponding business processing permission of dynamic resource request.
For the ease of distinguishing, the embodiment of the present application will be provided with handling the corresponding business processing power of dynamic resource request
The server node of limit is known as server node undetermined.
S210, according to the load state of at least one server node undetermined, from least one server section undetermined
The target server node for handling dynamic resource request is determined in point, dynamic resource request is sent to the target
Server node.
Such as, from least one server node undetermined, the minimum server node undetermined of load is selected as mesh
Mark server node.Either, in the server node undetermined from load less than targets threshold, a server is randomly selected out
Node is as the target server node.
As it can be seen that the corresponding at least one server node of the cryptographic Hash or the Kazakhstan are not present in load equalizer
It wishes and candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of value, then load equal
Weighing apparatus selects to handle the resource access request according to the load state of server node each in server cluster
Target server node.It is understood that above step S209 and S210 choose for load equalizer from server cluster
A kind of realization method of target server node is applied equally to the embodiment of the present application, herein not for other realization methods
It limits.
S211 stores the correspondence between the cryptographic Hash and the target server node.
Wherein, the purpose for storing the correspondence between the cryptographic Hash and target server node is to take the target
Business device node identification is the server node that sender accessed, i.e., it is the sender that target server node, which is load equalizer,
The server node of the resource access request for being used to handle sender transmission of distribution.
A kind of access control method of corresponding the application, present invention also provides a kind of access control apparatus.
Such as, referring to Fig. 3, it illustrates a kind of composition structure diagram of access control apparatus one embodiment of the application,
Device is applied to the load equalizer in server cluster, which can include:
Request reception unit 301, for receiving the resource access request to server set pocket transmission, the resource accesses please
Seek the identification information for carrying sender;
Hash calculation unit 302, for according to hash algorithm, calculating the Hash corresponding to the identification information of described sender
Value;
Relationship detection unit 303, for detecting whether the corresponding at least one server node of the cryptographic Hash is stored with,
The corresponding at least one server node of the cryptographic Hash is the server node that current time foregoing description sender accessed;
Node screening unit 304, for when being stored with the corresponding at least one server node of the cryptographic Hash, from institute
It states at least one server node, determines at least one candidate server node of the load less than predetermined threshold value;
First determination unit 305, it is described for handling for from least one candidate server node, determining
The target server node of resource access request;
Allocation unit 306 is asked, is handled for the resource access request to be distributed to the target server node.
In one implementation, which can also include:
Second determination unit, for when there is no the corresponding at least one server nodes of the cryptographic Hash or described
Candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of cryptographic Hash, then basis
The load state of each server node in server cluster, selects the destination service for handling the resource access request
Device node.
Further, which can also include:
Relationship storage unit, for the resource access request to be distributed to described second really in the request allocation unit
After the target server node that order member is determined, store between the cryptographic Hash and the target server node
The target server node is identified as the server node that described sender accessed by correspondence.
In a kind of possible realization method, which can also include:
Request analysis unit, for calculating the Kazakhstan corresponding to the identification information of described sender in the Hash calculation unit
Before uncommon value, the resource request type that the resource access request is included is parsed, what the resource access request was included
Resource request type includes:One or both of static resource is asked and dynamic resource is asked;
Static treatment unit, if going out the resource access request for the request analysis unit resolves includes static provide
Source is asked, then static resource request is transmitted to static agent server, described in being obtained by static agent server
Static resource asks requested target quiescent resource;
Static returning unit, the target quiescent resource for the static agent server to be returned are sent to described
Sender;
Dynamic processing elements provide if going out the resource access request for the request analysis unit resolves and including dynamic
Source is asked, then performs the operation of the Hash calculation unit;
The request allocation unit, specifically, for the dynamic resource to be requested assignment to the destination server section
Point processing.
Alternatively, the node screening unit, including:
First screening subelement, for if there is a candidate server node, then by the candidate server node
It is determined as the target server node;
Second screening subelement, for if there is multiple candidate server nodes, then minimum candidate service will to be loaded
Device node is determined as target server node.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation is all difference from other examples, and just to refer each other for identical similar part between each embodiment.
For device class embodiment, since it is basicly similar to embodiment of the method, so description is fairly simple, related part is joined
See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only include that
A little elements, but also including other elements that are not explicitly listed or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except also there are other identical elements in the process including element, method, article or equipment.
The foregoing description of the disclosed embodiments enables those skilled in the art to realize or use the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
The embodiments shown herein is formed on, and is to fit to consistent with the principles and novel features disclosed herein most wide
Range.
It the above is only the preferred embodiment of the present invention, it is noted that those skilled in the art are come
It says, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should be regarded as
Protection scope of the present invention.