CN108650262B

CN108650262B - Cloud platform expansion method and system based on micro-service architecture

Info

Publication number: CN108650262B
Application number: CN201810438955.3A
Authority: CN
Inventors: 柳长庆; 曾明; 高原; 孙强; 张柳; 代红
Original assignee: Julong Co Ltd
Current assignee: Julong Co Ltd
Priority date: 2018-05-09
Filing date: 2018-05-09
Publication date: 2020-12-01
Anticipated expiration: 2038-05-09
Also published as: CN108650262A

Abstract

The invention provides a cloud platform expansion method and system based on a micro-service architecture. The method comprises the following steps: building a service adapter component; an authentication cache service component is constructed, and the state information after the user logs in is cached; a micro-service mode architecture with separated front and back ends is adopted to construct a productized independent subsystem service; the front-end user logs in and carries out interactive authentication with the server; the system comprises an encryption module for performing identity authentication on each open interface request, a load balancing module for automatically selecting an optimal node when a node is unstable, and a fusing module for requesting fusing and automatically switching line retry when the node response is overtime.

Description

Cloud platform expansion method and system based on micro-service architecture

Technical Field

The invention relates to the field of internet application, in particular to a cloud platform expansion method and system based on a micro-service architecture.

Background

In the traditional interconnected application product mode, software is usually connected by a group of open systems, and then the systems are connected in series and performance is expanded by strategies such as single sign-on or load balancing.

Most of the existing system software architectures surround a single system architecture and are based on means such as single sign-on and load balancing. Describing from the perspective of requirements, dividing the functions of a product into a plurality of subsystems, wherein each module is a complete and independent system; from the technical point of description, each subsystem is subjected to unified authentication by single sign-on for quick jump, or other communication protocols facilitate the mutual communication between the two subsystems; from the perspective of performance optimization, the subsystems are mostly split horizontally in the overall project, and the performance expansion of each subsystem is realized through a software or hardware load balancing strategy.

With the multi-angle development of the industry, more and more services are required to be combined by a system platform of the industry. For two independent business systems, the traditional solution becomes inflexible as the communication between each other becomes tighter. In particular, splitting and merging become difficult to trade off when the business system becomes obscured.

From the perspective of subsystem interaction, in the conventional scheme, the subsystems are too independent, and when necessary communication or request association occurs, or direct access is omitted for communication safety, so that the communication difficulty is increased and the safety is reduced; or a single sign-on and other shared authentication strategies are adopted, so that the relationship between the two subsystems is too tight, and the independence of the subsystems is deviated.

In a traditional mode, data communication between two subsystems needs a client to definitely know a network address of a requested server, and needs to definitely declare a group of communication addresses and request interfaces, so that development cost is increased, and configuration errors are easy to occur to influence access. Moreover, for general internet product applications, the interaction between the client and the server is different from the interaction between the server and the server, and the traditional load balancing means solves two different types of load balancing requirements, which is obviously unreasonable.

Disclosure of Invention

In light of the above-mentioned technical problems, the present invention provides a cloud platform extension method and system based on micro service architecture. The technical means adopted by the invention are as follows:

a cloud platform expansion method based on a micro-service architecture comprises the following steps:

s101, constructing a service adapter component based on a service discovery technology, performing platform registration on other service components and engineering components through the service adapter component to form a service registry, and updating the registry in real time by the service adapter component according to service state feedback of other components;

s102, an authentication cache service component is constructed and used for caching state information after a user logs in, a registry is periodically and circularly registered by the service adapter component, health check is periodically sent to other components, and the registry is updated in real time according to the feedback of health results of the other components by the service adapter component;

s103, constructing a product independent subsystem service by adopting a micro-service mode architecture with a front end and a back end separated, and disassembling a product requirement into a plurality of independent service components, wherein hashes of the service components are distributed on a cloud platform to achieve a loose coupling degree; different clients request services belonging to themselves, each service having its own database;

s2, the front-end user logs in and carries out mutual authentication with the server, the back-end service interface sends a login request, and the login interface executes login verification;

s3, the interface service creates an interface declaration component package, and further the open interface is discovered by other services, and further the associated subsystem service is constructed into a complete system network.

Further, in step S101, the registry updating method is as follows: if the adapter component fails in time or is on-line again, the adapter component can update and adjust the registry once; other components acquire the registry from the adapter component, and then actively discover other components on the line; if the service state in the registry changes, the adapter component broadcasts to other services in the registry, each service triggering the registry update.

Further, in step S102, the authentication cache service component is constructed as a single sign-on service, the service core caches the state information after the user logs in, and uses a memory database as a medium for temporary caching, so that even if the service network or system is disconnected for a short time and re-online or other heavy-load nodes are released, the state caching and query can be immediately recovered, the authentication service does not actively provide a unified login function, but is automatically provided by the node system according to system requirements, the user state caching refers to using a temporary credential character string randomly generated during user login as a unique identifier, and a data structure stores state data by using a JSON format character string, and the data structure includes { user: user basic information, roles: user role information, permissions: user authority information }.

Further, the step S2 authenticates the user information by:

s201: the UI presentation layer user executes a login action, and a back-end service interface sends a login request;

s202: the login interface executes login verification, if the verification fails, a failure record is returned, and the client prompts that the login fails; if the verification is successful, executing step S203;

s203: the following operations are carried out in sequence: generating a dynamic random temporary certificate of the user login at this time; acquiring basic information of a user; acquiring user resource authority data; merging and sorting user state information;

s204: sending the state information to an authentication cache service component for single-point caching, if the sending fails, caching the state information to the local, and executing S205; if the transmission is successful, directly executing S205;

s205: returning a user state information result; caching the user state by the client; and finishing login authentication.

The invention also discloses a cloud platform expansion system based on the micro-service architecture, which comprises the following components:

the service adapter interaction unit is used for forming a service registry;

the authentication service cache unit is used for caching the state information after the user logs in;

the subsystem construction unit adopts a micro-service mode framework with separated front and back ends and is used for realizing the independence of productions;

the interactive authentication unit is used for the front-end user login and the server interactive authentication;

the system network construction unit is used for integrating related subsystem services;

the interactive authentication unit comprises an interactive authentication module for verifying user information, an encryption module for performing identity authentication on each request of the open interface, a load balancing module for automatically selecting an optimal node when the node is unstable, and a fusing module for requesting fusing and automatically switching line retry when the node response is overtime, and the system network construction unit comprises an interface service module for communicating micro services and an information optimization module for integrating subsystem service sharing data.

Furthermore, the encryption module is used for providing a defined RESTFUL communication interface for the micro service component, and the cross-platform communication encryption authentication algorithm is used as a safety communication protocol for the communication between services and the communication between the UI layer and the server.

Furthermore, the load balancing module and the fusing module are based on Ribbon and Hystrix technologies, the latest registry information is acquired by matching a registration and discovery mechanism of a service, and a threshold value of each load node is managed by Hystrix. The service-to-service communication adopts a Ribbon load algorithm, is not forwarded by an adapter service any more, and directly uses a local registry to carry out service communication requests.

Furthermore, the interface service module means that each interface encapsulates all interface declaration classes into an interface component package by defining an externally developed interface declaration class, and the interface component package is relied on by other micro-service engineering, so that an open interface is discovered by other services. The service obtains the instantiation interface object, and can automatically request and package by a local service discovery mechanism on the premise of not explicitly knowing the requested service address.

Furthermore, the cross-platform communication encryption authentication algorithm is mainly divided into a filtering authentication algorithm corresponding to the authorization service authentication tag and a filtering authentication algorithm corresponding to the non-authorization service authentication tag,

the filtering authentication algorithm corresponding to the authorization service authentication tag comprises the following steps:

(11) acquiring an authentication key in a request parameter and judging whether the request parameter is empty, if so, throwing out abnormal authentication failure, otherwise, carrying out the next step;

(12) acquiring a corresponding service code from the set interface parameter dictionary and deleting the attribute information of the authentication key;

(13) based on a token decryption algorithm of the credit granting service end, decrypting the authentication secret key to obtain a decrypted service code of the client;

(14) judging whether the service code is empty, if so, throwing out abnormal authentication failure, and if not, carrying out the next step;

(15) judging whether the service code exists in a set local credit authorization service registry or not, otherwise, throwing out abnormal authentication failure;

(16) determining the attribute of the annotation authentication tag corresponding to the request interface, namely the allowed service coding array;

(17) if the length of the service coding array is 0, determining that any credit service can be authenticated;

(18) circulating the service code array in the step (16), judging whether a value identical to the service code of the client in the step (13) exists or not, if so, confirming that the authentication is passed, otherwise, throwing out abnormal authentication failure;

the filtering authentication algorithm corresponding to the non-trust service authentication tag comprises the following steps: a filtering authentication algorithm corresponding to the tourist authentication label, a filtering authentication algorithm corresponding to the logged-in authentication label, a filtering authentication algorithm corresponding to the role authentication label and a filtering authentication algorithm corresponding to the authority authentication label;

the filtering authentication algorithm corresponding to the tourist authentication label comprises the following steps:

(21) acquiring a service key in the request parameter;

(22) acquiring a corresponding service code instance from the set interface parameter dictionary and deleting the attribute information of the service key;

(23) judging whether the service key is empty or not, and if not, executing a token decryption algorithm of the credit granting server side to obtain a decrypted service code of the client side;

(24) judging whether the service code is empty or not, if not, judging whether the service code exists in a set local authorization service registry, and if so, passing the authentication and terminating;

(25) if the service code is null, acquiring an authentication key in the request parameter;

(26) based on a token decryption algorithm of a non-trusted service end, decrypting the authentication secret key to obtain decrypted authentication information;

(27) judging whether the authentication information is empty or does not contain the dynamic certificate attribute, and passing the authentication and terminating; otherwise, throwing out abnormal authentication failure;

the filtering authentication algorithm corresponding to the logged-in authentication label comprises the following steps:

(31) acquiring a service key in the request parameter;

(32) acquiring a corresponding service code instance from the set interface parameter dictionary and deleting the attribute information of the authentication key;

(33) judging whether the service key is empty or not, and if not, executing a token decryption algorithm of the credit granting server side to obtain a decrypted service code of the client side;

(34) judging whether the service code is empty or not, if not, judging whether the service code exists in a set local authorization service registry, and if so, passing the authentication and terminating;

(35) if the service code is null, acquiring an authentication key in the request parameter;

(36) based on a token decryption algorithm of a non-trusted service end, decrypting the authentication secret key to obtain decrypted authentication information;

(37) judging whether the authentication information is empty or not, if the authentication information is not empty and the authentication information contains the dynamic certificate attribute, passing the authentication and terminating; otherwise, throwing out abnormal authentication failure;

the filtering authentication algorithm corresponding to the role authentication label comprises the following steps:

(401) acquiring a service key in the request parameter;

(402) acquiring a corresponding service code instance from the set interface parameter dictionary and deleting the attribute information of the authentication key;

(403) judging whether the service key is empty or not, and if not, executing a token decryption algorithm of the credit granting server side to obtain a decrypted service code of the client side;

(404) judging whether the service code is empty or not, if not, judging whether the service code exists in a set local authorization service registry, and if so, passing the authentication and terminating;

(405) if the service code is null, acquiring an authentication key in the request parameter;

(406) based on a token decryption algorithm of a non-trusted service end, decrypting the authentication secret key to obtain decrypted authentication information;

(407) judging whether the authentication information is empty or not, if so, throwing out abnormal authentication failure;

(408) acquiring the attribute of the role array of the object corresponding to the authentication information;

(409) determining the attribute of the annotation authentication tag corresponding to the request interface, namely the allowed character coding array;

(410) acquiring the logic condition attribute of the annotation authentication tag corresponding to the request interface,

(411) if the logic condition attribute value is 'AND', circulating the label role array in the step (408) and the user role array in the step (409), and if any label role does not exist in the user role array, throwing abnormal authentication failure;

(412) if the logic condition attribute value is 'OR', circulating the label role array in the step (408) and the user role array in the step (409), and if none of the label roles is consistent with the value in the user role array, throwing abnormal authentication failure; otherwise, the authentication is passed;

the filtering authentication algorithm corresponding to the authority authentication label comprises the following steps:

(501) acquiring a service key in the request parameter;

(502) acquiring a corresponding service code instance from the set interface parameter dictionary and deleting the attribute information of the authentication key;

(503) judging whether the service key is empty or not, and if not, executing a token decryption algorithm of the credit granting server side to obtain a decrypted service code of the client side;

(504) judging whether the client service code is empty or not, if not, judging whether the service code exists in a set local authorization service registry, and if so, passing the authentication and terminating;

(505) if the service code is null, acquiring an authentication key in the request parameter;

(506) based on a token decryption algorithm of a non-trusted service end, decrypting the authentication secret key to obtain decrypted authentication information;

(507) judging whether the authentication information is empty or not, if so, throwing out abnormal authentication failure;

(508) acquiring the authority array attribute of the object corresponding to the authentication information;

(509) determining the attribute of an annotation authentication tag corresponding to the request interface, namely an allowed permission coding array;

(510) acquiring the logic condition attribute of the annotation authentication tag corresponding to the request interface,

(511) if the logic condition attribute value is 'yes', circulating the label role array in the step (508) and the user role array in the step (509), and if any label authority is matched with the user authority, throwing abnormal authentication failure;

(512) if the attribute value of the logic condition is 'OR', circulating the label role array in the step (508) and the user role array in the step (509), and if none of the label authorities is matched with the user authorities, throwing abnormal authentication failure; otherwise, the authentication is passed.

The invention has the following advantages:

1. the application of the service adapter component accommodates the originally independent subsystem into a network system, and system services can actively discover other service systems and establish indirect contact with the service systems.

2. The localized service registry mechanism can more efficiently and safely use network connection data, and reduces the dependence on network stability.

3. The subsystem service expansion is more flexible, and a new service system can be dynamically released. The expansibility of the associated service system is stronger, the two systems are not connected in a hard way, all the link addresses are uniformly managed by the registry and are registered when the service is on line, so that a plurality of groups of complete service systems can be allowed to exist in the network.

4. The method combines a localized service registry mechanism, the addition of load balancing and fusing strategies, the traditional load mechanism is abandoned by the service side load, the management mode of the registry mechanism is adopted, the simplicity and the high efficiency are realized, and the cost is saved by response. Meanwhile, the interface is in an explicit development mode, complex address configuration is abandoned, and development complexity is reduced to a great extent.

Based on the reasons, the invention can be widely popularized in the fields of internet application and the like.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a flowchart of a cloud platform expansion method based on a micro service architecture according to the present invention.

FIG. 2 is a block diagram of a cloud platform system based on a microservice architecture according to the present invention.

FIG. 3 is a schematic diagram of the service adapter interaction of the present invention.

FIG. 4 is a diagram of the service offline and adapter interaction of the present invention.

FIG. 5 is a flowchart illustrating user login authentication according to the present invention.

FIG. 6 is a schematic diagram of a load balancing mechanism according to the present invention.

Fig. 7 is a system network diagram to which the embodiments of the present invention are applied.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

According to the cloud platform based on the micro-service, a front-end and back-end service independent mode is adopted, related service systems in all fields of the original back end are dispersed and abstracted into independent service nodes, and solutions such as service discovery, hot spot load and the like are provided on the platform; meanwhile, the platform is based on the micro-service concept and has strong expansibility and compatibility; for requirements of safety and the like, the platform also provides a group of privatized encryption logics, provides effective dynamic encryption manual operation for front-end and back-end interface communication, and simultaneously ensures double standards of safety and high efficiency.

The cloud service platform is a service cluster built by relying on the internet; services can be registered or unloaded in the platform anytime and anywhere; meanwhile, other services on the cloud platform can discover and depend on each other to form a complex and huge relationship network; even some of the functionality may be selectively provided to services outside the platform for use.

The micro service is to design and differentiate the original monolithic software system into a plurality of micro service units, and each service unit is independent. The functional units communicate through a specific process to acquire required data, and form one set or even a plurality of sets of system software. A service unit can be a complete software system, a functional unit in the system, or some hashed tool interfaces. The micro-service design mode has very good decoupling characteristic for specific industries or cross-industry interaction, and can flexibly expand or split services.

And a load balancing and fusing mechanism of the service and effective service components on all the cloud platforms need to be legally registered, including a load end. Under high concurrent access, the influence of the stability of each node on the system is very large, but the factors causing the node instability are many: such as slow network connections, busy resources, temporary unavailability, offline services, etc. By applying the load balancing technology, specific end points of explicit requests are not needed between services on the cloud platform, and the service balancing technology is used for automatic optimal node selection. Meanwhile, according to response delay and state characteristics of each node, a fusing mechanism can automatically switch lines for retry when overtime request occurs, and a threshold value is formed for a damaged node to assist load balancing to select the optimal possibility.

And distributed cloud deployment, namely cross-region distributed deployment can be performed by virtue of the Internet cloud platform, and meanwhile, each service component can select a deployment position and version characteristics according to regional characteristics.

The communication and encryption are important safety guarantee in the cloud platform, and the identity authentication is carried out on each request of the non-open interface by using a special information assembly encryption algorithm. The communication between the cloud platform services comprises two main categories, namely, the communication between the services on the two groups of platforms is carried out, and the communication between systems outside the platforms and the services on the platforms is carried out; for the two types of communication modes, different dynamic encryption and verification mechanisms are used, and the safety and the effectiveness of communication are guaranteed.

As shown in fig. 1, a cloud platform extension method based on a micro service architecture includes:

s101, constructing a service adapter component based on the service discovery technologies such as Eureka, Zookeeper, etcd and Consul, wherein the service adapter component is a core component for registering and discovering all modules in the cloud platform and is also a necessary component element on the cloud platform. As shown in fig. 2, 3, and 4, all other service components (main service, authentication cache service, log service, etc., which refer to all other engineering services applied on the cloud platform in the actual application scenario) and engineering components need to perform platform registration through the current component, so as to form a service registry; if the component fails in time or is on-line again, the adapter component can update and adjust the registry once; other components acquire the registry from the adapter component, and then actively discover other components on the line; if the service state in the registry changes, the adapter component broadcasts to other services in the registry, each service triggering the registry update.

S102, an authentication cache service component, namely single sign-on service, is constructed. The service core caches the state information after the user logs in, and a memory database is used as a medium for temporary caching, so that the state caching and query can be immediately recovered even if a service network or a system is disconnected for a short time and is on-line again or other heavy-load nodes are released. The authentication service does not actively provide a function of unified login, but is provided by the node system according to the system requirement. And caching the user state, using a temporary certificate character string randomly generated during user login as a unique identifier, and storing state data by adopting a JSON format character string in a data structure, wherein the state data comprises { user: user basic information, roles: user role information, and permissions: user authority information }.

S103, a product independent subsystem service is constructed by adopting a micro service mode architecture with front and back ends separated, a design mode based on the micro service is more like the optimization of an SOA mode, and product requirements are disassembled into a plurality of independent service components. The component hashes are distributed on the cloud platform to achieve a loose coupling degree; different clients request services belonging to the clients, and all services adopt asynchronous, lightweight and message-based communication; each service can have its own database, design idea of distributed data, and the like.

S2, the front-end user logs in and carries out interactive authentication with the server; firstly, a user of a UI presentation layer executes a login action, and a back-end service interface sends a login request; the login interface executes login verification; if the verification fails, returning a failure record, and prompting the login failure by the client; if the verification is successful, generating a dynamic random temporary certificate of the user login at this time; acquiring basic information of a user; acquiring user resource authority data; merging and sorting user state information; sending the state information to an authentication cache service component for single-point caching; if the sending fails, caching the state information to the local; returning a user state information result; caching the user state by the client; and finishing login authentication.

And S3, constructing the associated subsystem services into a complete system network. The subsystems in the network are independent from each other, and can share data with each other without adopting a mode of sharing user information. The diversity of the system and the application range of the unified authentication cache can be dynamically changed according to the product requirements.

As shown in fig. 5, the S2 authenticates the user information by:

As shown in fig. 2, a cloud platform extension system based on micro service architecture includes:

the service adapter interaction unit is used for forming a service registry;

Furthermore, the load balancing module and the fusing module are based on Ribbon and Hystrix technologies, the latest registry information is acquired by matching a registration and discovery mechanism of a service, and a threshold value of each load node is managed by Hystrix. The service-to-service communication adopts a Ribbon load algorithm, is not forwarded by an adapter service any more, and directly uses a local registry to carry out service communication requests. Load balancing and fusing here is primarily directed to inter-service interactions on the platform.

As shown in fig. 6, the interface service module refers to an interface service creating interface declaration component package, each interface encapsulates all interface declaration classes into an interface component package by defining interface declaration classes developed to the outside, and the interface component package is relied on by other micro-service projects, so that an open interface is discovered by other services. The service obtains the instantiation interface object, and can automatically request and package by a local service discovery mechanism on the premise of not explicitly knowing the requested service address. The interface service module refers to a main service interface. Load balancing and blowing of the primary service to this portion of the interface service. The open interface of the service module also needs to use the encryption module to perform encryption authentication on the communication request. By encapsulating the interface declaration class, different services on the platform can discover available development service interfaces by depending on interface encapsulation packages. And is encapsulated by an automation request to realize interface calling.

(21) acquiring a service key in the request parameter;

(31) acquiring a service key in the request parameter;

(401) acquiring a service key in the request parameter;

(501) acquiring a service key in the request parameter;

Examples

As shown in fig. 7, a coin dispensing system platform, which is mainly used by financial institutions such as banks, is constructed under an internet platform. The core system is associated with the coin exchange machine, communicates with each other to synchronize real-time data, and provides services such as coin exchange machine inquiry, coin exchange requirement adjustment and the like for Internet users. The essence of the platform is a collection of functional service systems, which include a variety of client manifestations, including: the system comprises a browser-side dispatching service opening system, a browser-side dispatching management system, a browser-side hardware device monitoring system, a browser-side map display system, a WeChat-side management system, a WeChat-side dispatching service opening system and a WeChat-side map display system.

Due to the diversity and complexity of product structures, deployment of products in practical production environments is relatively complex. Moreover, the product is positioned as a nationwide platform system and is oriented to open network users, the target application range relates to a plurality of provinces and cities in the country and a plurality of data deployment centers, and the product has good response to the high concurrency requirement of the system.

Therefore, the system adopts the micro-service architecture as the basic architecture of the system, adopts a development mode with front and back ends separated, and constructs a plurality of systems into a cloud network platform.

The service system load nodes can be dynamically added and registered in the adapter service registry by using uniform service names. A localized load balancing policy is enforced by the registry mechanism of the system.

The communication between the services legally registers the communication request between the services on the premise of meeting a mechanism of cross-platform encryption algorithm, state information of the same user is not needed any more, two service systems are more flexibly communicated, and the purpose of sharing interface data is achieved.

The user role authority structures used by the dispatching service opening system, the dispatching service management system, the hardware equipment monitoring system and the WeChat management system are different, unified authentication cache service is adopted to cache user state information, and authority authentication of user back-end service processing is realized. Meanwhile, the browser and the client side such as the WeChat also independently cache the user state information for authority authentication of the front-end service and the like.

The user login process takes the browser client application login as an example. Firstly, a user logs in a password on login picture data, clicks a login button and sends a login request; the server receives the login request and performs login verification; if the verification fails, a failure message is returned, and the browser prompts the login failure and the reason; if the verification is successful, generating a dynamic random temporary certificate of the user login at this time; acquiring basic information of a user; acquiring user resource authority data; merging and sorting user state information; sending the state information to an authentication cache service component for single-point caching; if the sending fails, caching the state information to the local; returning a user state information result; the browser caches user state data; and after the login authentication is completed, jumping to a default home page.

In the project development period, the requirement of a WeChat client is dynamically added, so that a WeChat management system is constructed and depends on a dispatching service opening system, a hardware equipment monitoring system and a map system. The new service system is online and registered under the cloud network platform, a wechat end open interface is provided, a data request is forwarded, and corresponding service data is acquired from other service systems, but a uniform authentication system is not required.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A cloud platform extension system based on micro-service architecture is characterized by comprising:

the service adapter interaction unit is used for forming a service registry;

the interactive authentication unit comprises an interactive authentication module for verifying user information, an encryption module for performing identity authentication on each request of the open interface, a load balancing module for automatically selecting an optimal node when the node is unstable, and a fusing module for requesting fusing and automatically switching line retry when the node response is overtime, and the system network construction unit comprises an interface service module for communicating micro services and an information optimization module for integrating subsystem service shared data;

the encryption module is used for providing a defined RESTFUL communication interface for the micro-service component, and cross-platform communication encryption authentication algorithms are used as a safety communication protocol for inter-service communication and communication between a UI layer and a service end;

the load balancing module and the fusing module are based on Ribbon and Hystrix technologies, the latest registry information is obtained by matching a registration and discovery mechanism of a service, and a threshold value of each load node is managed by Hystrix; the communication between services adopts a Ribbon load algorithm, is not forwarded by the service of an adapter any more, and directly uses a local registry to carry out service communication requests;

the interface service module means that each interface encapsulates all interface declaration classes into an interface component package by defining the externally developed interface declaration class, and the interface component package is relied on by other micro-service engineering, so that the open interface is discovered by other services, and the service acquires an instantiated interface object, so that the automatic request encapsulation can be carried out by a local service discovery mechanism on the premise of not explicitly knowing the address of the requested service.

2. The cloud platform extension system based on the micro-service architecture as claimed in claim 1, wherein the cross-platform communication encryption authentication algorithm is mainly divided into a filtering authentication algorithm corresponding to a trusted service authentication tag and a filtering authentication algorithm corresponding to a non-trusted service authentication tag,

(21) acquiring a service key in the request parameter;

(31) acquiring a service key in the request parameter;

(401) acquiring a service key in the request parameter;

(501) acquiring a service key in the request parameter;