CN108683633A - access control method and device - Google Patents

access control method and device Download PDF

Info

Publication number
CN108683633A
CN108683633A CN201810316467.5A CN201810316467A CN108683633A CN 108683633 A CN108683633 A CN 108683633A CN 201810316467 A CN201810316467 A CN 201810316467A CN 108683633 A CN108683633 A CN 108683633A
Authority
CN
China
Prior art keywords
resource
sharing service
service device
access rights
requirement condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810316467.5A
Other languages
Chinese (zh)
Inventor
张婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Chengdu Branch
Original Assignee
New H3C Technologies Co Ltd Chengdu Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Chengdu Branch filed Critical New H3C Technologies Co Ltd Chengdu Branch
Priority to CN201810316467.5A priority Critical patent/CN108683633A/en
Publication of CN108683633A publication Critical patent/CN108683633A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Abstract

Access control method and device provided in an embodiment of the present invention, first, the user account of client is verified, and the corresponding resource access rights of user account are obtained after being verified, then, whether the current system resource of detection resource sharing service device meets the corresponding resource requirement condition of resource access rights;Finally, when the current system resource of resource sharing service device meets corresponding resource requirement condition, the session connection with the client is established.The above method distributes the resource of resource sharing service device into Mobile state, precisely according to the corresponding resource requirement condition of real-time system resource status and user account of the resource sharing service device, it can be ensured that client can efficiently and safely obtain file-sharing service under complicated application scenarios.

Description

Access control method and device
Technical field
The present invention relates to data service technology fields, in particular to a kind of access control method and device.
Background technology
With the extensive use of internet, the demand that all trades and professions access data storage increasingly increases, and is passing through system When resource sharing service realizes that data storage accesses, the high security and high-performance of System Resources Sharing procedure service, which become, to be weighed The key index of data-storage system.
However in actual distributed file sharing application scenarios, the environment that network accesses is in dynamic variation, How in application scenarios complicated and changeable, moreover it is possible to which the security performance for ensureing entire data-storage system is people in the art Member's technical issues that need to address.
Invention content
The embodiment of the present invention describes a kind of access control method and device.
In a first aspect, the embodiment of the present invention provides a kind of access control method, it is applied to resource sharing service device, the money It is stored with the corresponding resource access rights of user account, user account number in the shared server of source and each resource access rights correspond to Resource requirement condition, the method includes:
The session connection request that client is sent is received, the session connection request includes user account;
When the user account is verified, the corresponding resource access rights of the user account are obtained;
Detect whether the current system resource of the resource sharing service device meets the corresponding money of the resource access rights Source demand condition;
When the current system resource of resource sharing service device meets corresponding resource requirement condition, establish and the client The session connection at end.
The above method can be according to the real-time system resource status and resource requirement condition pair of the resource sharing service device The resource of resource sharing service device is distributed into Mobile state, precisely, to ensure that client can efficiently and safely obtain file-sharing clothes Business.
Optionally, in the above-mentioned methods, the resource requirement condition include one of or between arbitrary group It closes:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
Optionally, in the above-mentioned methods, when the user account corresponds to multiple resource access rights, described in the detection Whether the current system resource of resource sharing service device meets the step of resource access rights corresponding resource requirement condition, Including:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights Corresponding resource requirement condition judges institute when meeting the corresponding resource requirement condition of any one of resource access rights The current system resource for stating resource sharing service device meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets each resource access rights correspondence Resource requirement condition judge the money when meeting the corresponding resource requirement condition of each resource access rights and meeting The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets multiple resource access rights correspondences Resource requirement condition minimum requirements, wanted when meeting corresponding the minimum of resource requirement condition of multiple resource access rights When asking, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights Part.
Optionally, in the above-mentioned methods, the method can also include:
Detect the session connection state between the resource sharing service device and the client;
When it is idle state to detect the session connection state, the session connection between the client is disconnected.
Optionally, in the above-mentioned methods, the method can also include:
Corresponding resource access rights and the money are configured for stored user account in the resource sharing service device The corresponding resource requirement condition of source access rights;
The corresponding resource access rights of the user account and resource requirement condition are stored.
Second aspect, the embodiment of the present invention provide a kind of access control apparatus, are applied to resource sharing service device, the money It is stored with the corresponding resource access rights of user account, user account number in the shared server of source and each resource access rights correspond to Resource requirement condition, described device includes:
Receiving module, the session connection request for receiving client transmission, the session connection request includes user's account Number;
Acquisition module is accessed for when the user account is verified, obtaining the corresponding resource of the user account Permission;
Detection module, for detecting whether the current system resource of the resource sharing service device meets the resource access The corresponding resource requirement condition of permission;
Module is established, for when the current system resource of resource sharing service device meets corresponding resource requirement condition, Establish the session connection with the client.
Optionally, the resource requirement condition include one of or between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
Optionally, when the user account corresponds to multiple resource access rights, the detection module is specifically used for:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights Corresponding resource requirement condition judges institute when meeting the corresponding resource requirement condition of any one of resource access rights The current system resource for stating resource sharing service device meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets each resource access rights correspondence Resource requirement condition judge the money when meeting the corresponding resource requirement condition of each resource access rights and meeting The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets multiple resource access rights correspondences Resource requirement condition minimum requirements, wanted when meeting corresponding the minimum of resource requirement condition of multiple resource access rights When asking, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights Part.
Optionally, described device further includes:Disconnect module;
The detection module is additionally operable to detect the session connection shape between the resource sharing service device and the client State;
The disconnection module, for when it is idle state to detect the session connection state, disconnecting and the client Session connection between end.
Optionally, described device further includes:
Configuration module is accessed for configuring corresponding resource for stored user account in the resource sharing service device Permission and the corresponding resource requirement condition of the resource access rights;
Memory module, for storing the corresponding resource access rights of the user account and resource requirement condition.
The third aspect, the embodiment of the present invention also provide a kind of resource in addition to the access control method and device of above-mentioned offer Shared server, the resource sharing service device include processor and the non-volatile memories for being stored with several computer instructions Device, when the computer instruction is executed by the processor, the resource sharing service device executes the access control in first aspect Method processed.
Fourth aspect, the embodiment of the present invention also provide a kind of readable in addition to the access control method and device of above-mentioned offer Storage medium, the readable storage medium storing program for executing include computer program, and the computer program controls the readable storage when running Resource sharing service device executes the access control method in first aspect where medium.
In terms of existing technologies, the invention has the advantages that:
Access control method and device provided in an embodiment of the present invention, according to the real-time system of the resource sharing service device Resource status and the corresponding resource requirement condition of user account distribute the resource of resource sharing service device into Mobile state, precisely, To ensure that client can efficiently and safely obtain file-sharing service.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the configuration diagram of data-storage system provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of resource sharing service device provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram of access control method provided in an embodiment of the present invention;
Fig. 4 is another flow diagram of access control method provided in an embodiment of the present invention;
Fig. 5 is a kind of functional block diagram of access control apparatus provided in an embodiment of the present invention;
Fig. 6 is another functional block diagram of access control apparatus provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented The component of example can be arranged and be designed with a variety of different configurations.
Therefore, below the detailed description of the embodiment of the present invention to providing in the accompanying drawings be not intended to limit it is claimed The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on the embodiments of the present invention, this field is common The every other embodiment that technical staff is obtained without creative efforts belongs to the model that the present invention protects It encloses.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
In the description of the present invention, it is also necessary to which explanation is unless specifically defined or limited otherwise, term " setting ", " installation ", " connected ", " connection " shall be understood in a broad sense, for example, it may be fixedly connected, may be a detachable connection or one Connect to body;It can be mechanical connection, can also be electrical connection;It can be directly connected, it can also be indirect by intermediary It is connected, can is the connection inside two elements.For the ordinary skill in the art, on being understood with concrete condition State the concrete meaning of term in the present invention.
User can not achieve dynamic access when accessing shared file service at present, to use Samba software realizations For the file-sharing service of Linux/Unix and Windows system resources.When user accesses Samba file-sharing services, Need only provide for legal secure password, you can to access file-sharing service, after by authentication, resource sharing service Device (for example, Samba servers) can be that the client being verified establishes a process (for example, smbd processes) to provide file Service is accessed, and occupies the certain system resource of resource sharing service device.In order to avoid system resource by client without end It occupies, a solution of the prior art, which is resource sharing service device, can provide two config options, respectively shut-in time With maximum into number of passes.Wherein, when to refer to a certain client do not have traffic service within the longer Connection Time shut-in time, resource is total Connection can be actively closed by enjoying server, that is, close the session process between resource sharing service device and the client.Maximum into Number of passes, which refers to resource sharing service device, allows the maximum number of processes established, when the user terminal quantity accessed simultaneously is higher than this most When greatly into number of passes, resource sharing service device can refuse the access of new user.The two parameters cooperate, real to a certain extent The distribution of existing resource sharing service device resource.
However, inventor the study found that only the configuration shut-in time and it is maximum still can not be coped with into number of passes it is complicated and changeable Application scenarios, current access mechanism is too simple, for example, having the following disadvantages:
First, in the case where a large number of users needs the application scenarios accessed, if maximum too small into number of passes setting, this part leads to portion Divide user that can not obtain file-sharing service, these users need that after waiting for other users to access resource-sharing could be accessed The file-sharing service of server, user experience are poor.
Secondly, if maximum the needs of can meeting user into number of passes while accessing file-sharing service, if needing simultaneously Big flow read-write is carried out to file-sharing, a large amount of CPU and memory, resource-sharing can be occupied by being written and read the corresponding process of operation Server does not simply fail to guarantee and safely and effectively services, it is also possible to cause other service processes under overload operation state Collapse, causes irremediable loss.
Again, above-mentioned access control method is single, can not provide different file-sharing services for different users.
In order to overcome above-mentioned defect existing in the prior art, inventor to pass through research, it is proposed that preferable solution, It is specifically described below.
Fig. 1 is please referred to, Fig. 1 is a kind of data-storage system 10 provided in an embodiment of the present invention, the data-storage system 10 include client 200, resource sharing service device 100 and distributed file system 300, the client 200 and the resource Shared server 100 communicates to connect, and resource sharing service device 100 can pass through virtual archives economy (English:Virtual File System, referred to as:VFS) interface is communicated with distributed file system 300.When carrying out file-sharing service, client 200 is logical The session process established between resource sharing service device 100 is crossed, distributed field system is accessed by resource sharing service device 100 System 300.The resource sharing service device 100 refers to that may be used to provide 200 resource sharing service of client (such as file read-write clothes Business) computer equipment, for example, it may be, but be not limited to, Samba servers.
Fig. 2 is please referred to, Fig. 2 is the structural schematic diagram of resource sharing service device 100.The resource sharing service device 100 wraps Include access control apparatus 110, memory 111, processor 112 and communication unit 113.
Each element of the memory 111, processor 112 and communication unit 113 is directly or indirectly electrical between each other Connection, to realize the transmission or interaction of data.For example, these elements can pass through one or more communication bus or letter between each other Number line, which is realized, to be electrically connected.
Wherein, the memory 111 may be, but not limited to, random access memory (English:Random Access Memory, referred to as:RAM), read-only memory (English:Read Only Memory, referred to as:ROM), programmable read only memory (English:Programmable Read-Only Memory, referred to as:PROM), erasable read-only memory (English:Erasable Programmable Read-Only Memory, referred to as:EPROM), electricallyerasable ROM (EEROM) (English:Electric Erasable Programmable Read-Only Memory, referred to as:EEPROM) etc..Wherein, memory 111 is for storing Program, the processor 112 execute described program after receiving and executing instruction.The communication unit 113 is for passing through network The communication connection between the resource sharing service device 100 and miscellaneous equipment (such as client 200) is established, and for passing through net Network carries out sending and receiving for data.
Access control apparatus 110 can be stored in described deposit including at least one in the form of software or firmware (firmware) In reservoir 111 or be solidificated in the resource sharing service device 100 operating system (English:Operating System, referred to as: OS the software function module in).The processor 112 is used to execute the executable module stored in the memory 111, such as Software function module and computer program included by access control apparatus 110 etc..In the present embodiment, the access control apparatus 110 provide the access control for different user terminals for resource sharing service device 100, and specific method carries out in detail follow-up Explanation.
It should be understood that structure shown in Fig. 2 is only to illustrate, the resource sharing service device 100, which may also include, compares Fig. 2 Shown in more either less components or with the configuration different from shown in Fig. 2.Each component shown in Fig. 2 can be adopted It is realized with hardware, software, or its combination.
Fig. 3 is please referred to, Fig. 3 is the access control provided in an embodiment of the present invention applied to resource sharing service device 100 in Fig. 2 The flow chart of method processed is previously stored with the corresponding resource access right of user account, user account in resource sharing service device 100 Limit and the corresponding resource requirement condition of each resource management permission.Below to the method includes each step carry out it is detailed It illustrates.
Step S110 receives the session connection request that client 200 is sent, and the session connection request includes user's account Number.
In the present embodiment, resource sharing service device 100 is when receiving client 200 and establishing the request of session connection, Obtain the user account that the request includes, and by the user account of acquisition with it is stored in resource sharing service device 100 The user account that tool has permission to access resource sharing service device 100 is compared, and is verified when comparing successfully, and judges to obtain The user account tool taken has permission to access resource sharing service device 100, and otherwise, verification does not pass through, and judges the user account obtained Resource sharing service device 100 is not had permission to access.
Step S120 obtains the corresponding resource access rights of user account when user account is verified.
In the present embodiment, user account can be corresponding at least one resource access rights.
In an embodiment of the present embodiment, resource sharing service device that each resource access rights can use The 100 service differences provided, for example, under a part of resource access rights, resource sharing service device 100 is only client 200 provide the reading service of shared file, and under the resource access rights of another part, resource sharing service device 100 can be client End 200 provides the reading of shared file and writes service.
In the another embodiment of the present embodiment, under different resource access rights, resource sharing service device 100 The file extent of the file-sharing service provided for client 200 can also be different, for example, can be according to resource access rights The file content that different range can be arranged in difference is used for file-sharing service.For example, for the client of high resource access rights End 200, resource sharing service device 100 can open client 200 All Files in distributed file system 300, i.e., The client of high resource access rights can obtain the file-sharing service of the All Files in distributed file system 300.Needle To the client 200 compared with low-resource access rights, resource sharing service device 100 can only will be in distributed file system 300 Partial document opens client 200, i.e., can obtain distributed file system compared with the client 200 of low-resource access rights The file-sharing service of partial document in 300.
In the present embodiment mode, shared file can be classified, while different resource access rights can be directed to The shared file of the corresponding different classifications of limit configuration.Of course, it should be understood that resource access rights can also be combined into client The file extent of 200 services provided and the shared service provided for client 200 is configured, in the present embodiment, not right The specific setting of resource access rights limits.
Whether step S130, the current system resource of detection resource sharing service device 100 meet the resource access rights Corresponding resource requirement condition.
In detail, in the present embodiment, system resource may include CPU, memory, bandwidth or session connection number.In this implementation Example in, resource requirement condition may include one of or between arbitrary combination.
The CPU usage of the resource sharing service device 100 is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device 100 is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device 100 is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device 100 is not more than preset session connection number threshold value.Wherein, Preset bandwidth threshold is to meet the lowest-bandwidth value of resource access rights.
When the user account corresponds to multiple resource access rights, resource sharing service device 100 can pass through following reality The mode of applying judges whether the current system resource of the resource sharing service device 100 meets the corresponding money of the resource access rights Source demand condition.
The first embodiment, detect the resource sharing service device 100 current system resource whether meet it is any one The corresponding resource requirement condition of a resource access rights, when meeting the corresponding resource of any one of resource access rights When demand condition, it is corresponding to judge that the current system resource of the resource sharing service device 100 meets the resource access rights Resource requirement condition.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3, Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >= 1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤ 80%, memory usage≤60% }.If it is 75% that the current system resource of resource sharing service device 100, which is CPU usage, interior The rate of accounting for 56%, bandwidth 1350Kbit/s are deposited, session connection number is 950.In the above example, resource sharing service device 100 is worked as Preceding system resource is unsatisfactory for the corresponding resource requirement conditions of Role1 and Role2, meets the corresponding resource requirement conditions of Role3, In this case, resource sharing service device 100 can judge that the current system resource of the resource sharing service device 100 meets institute State the corresponding resource requirement condition of resource access rights.
Whether second of embodiment, the current system resource for detecting the resource sharing service device 100 meet each institute The corresponding resource requirement condition of resource access rights is stated, when meeting the corresponding resource requirement condition of each resource access rights When meeting, judge that the current system resource of the resource sharing service device 100 meets the corresponding resource of the resource access rights Demand condition.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3, Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >= 1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤ 80%, memory usage≤60% }.If it is 55% that the current system resource of resource sharing service device 100, which is CPU usage, interior The rate of accounting for 56%, bandwidth 1350Kbit/s are deposited, session connection number is 950.In the above example, resource sharing service device 100 is worked as Preceding system resource meets the corresponding resource requirement condition of Role1, Role2 and Role3, in this case, resource-sharing clothes Business device 100 can judge that the current system resource of the resource sharing service device 100 meets the corresponding money of the resource access rights Source demand condition.In this embodiment, if the current system resource of the resource sharing service device 100 be unsatisfactory for it is any one The corresponding resource requirement condition of a resource access rights, will judge the current system resource of the resource sharing service device 100 It is unsatisfactory for the corresponding resource requirement condition of the resource access rights.
Whether the third embodiment, the current system resource for detecting the resource sharing service device 100 meet multiple institutes The minimum requirements for stating the corresponding resource requirement condition of resource access rights, when meeting the corresponding money of multiple resource access rights When the minimum requirements of source demand condition, then judge that the current system resource of the resource sharing service device 100 meets the resource The corresponding resource requirement condition of access rights.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3, Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >= 1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤ 80%, memory usage≤60% }.If it is 79% that the current system resource of resource sharing service device 100, which is CPU usage, interior The rate of accounting for 75%, bandwidth 1020Kbit/s are deposited, session connection number is 950.In the above example, Role1, Role2 and Role3 couple The minimum requirements of CPU usage is not more than 80%, is not more than 80% to the minimum requirements of memory usage, is wanted to the minimum of bandwidth It asks and is not less than 1000Kbit/s, 1000 are not more than to the minimum requirements of session connection number.Although current system resource is unsatisfactory for The corresponding resource requirement condition of any one resource access rights, but current system resource meets multiple resource access rights The minimum requirements of corresponding resource requirement condition is limited, can also judge the resource sharing service device 100 in this case Current system resource meets the corresponding resource requirement condition of the resource access rights.
Step S140 is built when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition The vertical session connection with client 200.
In the present embodiment, when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition For the first above-mentioned embodiment situation when, resource sharing service device 100 is after establishing session connection with client 200 Client 200 provides the corresponding shared file service of resource access rights of Role3.
It it is real above-mentioned second when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition When applying the situation of mode, resource sharing service device 100 can be the shared file that client 200 provides all resource access rights Service.
It is the third above-mentioned reality when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition When applying the situation of mode, resource sharing service device 100 can establish meeting with the minimum resource access rights of permission and client 200 Words connection establishes session connection with preset resource access rights and client 200, wherein in preset resource access rights Lower resource sharing service device 100 is that client 200 provides service, it is however generally that, preset resource access rights are compared to general The system resource that resource access rights occupy resource sharing service device 100 can be less.
It is current according to resource sharing service device 100 when user account corresponds to multiple resource access rights in the above process System resource situation and different resource-accessing permission corresponding resource demand condition, dynamic select meets the money of resource requirement condition Source access rights, and session is established by the resource access rights of selection, file-sharing service is provided.Resource sharing service device 100 can establish session according to the most suitable resource access rights of current system resource selection, can prevent resource sharing service device 100 overload operations, it is ensured that resource sharing service device 100 operates in the state of safety, prevents service processes from collapsing.Meanwhile In the above process, different file-sharing services can be provided by different resource access rights, solved in the prior art The single problem of access control method.
Fig. 4 is please referred to, in the present embodiment, the method can also include the following steps.
Step S150, the session connection state between detection resource sharing service device 100 and client 200.
In the present embodiment, session connection state of 100 pairs of the resource sharing service device between client 200 is examined, Session connection state includes idle state and presence, wherein idle state refers to resource sharing service device 100 and client The state of flow is generated between 200 not over session, presence refers to leading between resource sharing service device and client 200 Crossing session has the state for generating flow.It is alternatively possible to be connected by the session between session process timers pair and client 200 The state of connecing is detected.
Step S160, when it is idle state to detect session connection state, the session disconnected between client 200 connects It connects.
In the present embodiment, when it is idle state to detect the session connection state, 100 meeting of resource sharing service device The session connection between the client 200 is disconnected, and recycles the system resource of session occupancy, so as to resource sharing service device 100 can utilize the system resource of recycling to provide service for other clients 200, improve the utilization of resources of resource sharing service device Rate.
In the present embodiment, with process timers detection session connection state whether be idle state mode:Can be Detect that current sessions are idle session in process timers, judgement session connection state is idle state;Can also be into Journey timer detects that current sessions are idle session, and when the idle session time continues preset duration, judgement session connection shape State is idle state.
Automatic detection session connection state, and when session connection state is idle state, session connection is disconnected, recycling should The system resource that session occupies can solve in the prior art, user to be needed to terminate to access ability recovery system resource and cause Because of system resource deficiency, other users can not be quickly obtained the defect of file-sharing service, promote the usage experience of user.
In the present embodiment, the method can also include:For stored user account in resource sharing service device 100 Configure corresponding resource access rights and the corresponding resource requirement condition of the resource access rights, and by the user account pair The resource access rights and resource requirement condition answered are stored.
Multiple and different resource access rights and the corresponding resource requirement item of each resource access rights can be pre-configured with Part, usually, resource access rights are higher, and the resource requirement condition corresponding to the resource access rights is also higher.It is configuring When the corresponding resource access rights of user account and the corresponding resource requirement condition of the resource access rights, administrative staff only need It is selected from pre-configured resource access rights and resource requirement condition.
In this embodiment, the pre-configured user account of administrative staff configures corresponding resource access rights and the resource After the corresponding resource requirement condition of access rights, so that it may to realize that resource sharing service device 100 is carried out according to current system resource Dynamic access control, the middle mode for carrying out manual modification parameter, can effectively reduce the work of administrative staff compared with the prior art It measures, reduces management cost.
Access control method provided in this embodiment first verifies the user account of client 200, and is testing Card obtains the corresponding resource access rights of user account after passing through, then, the current system resource of detection resource sharing service device Whether resource access rights corresponding resource requirement condition is met;Finally, full in the current system resource of resource sharing service device When the corresponding resource requirement condition of foot, the session connection with the client 200 is established.The above method is according to the resource-sharing The corresponding resource requirement condition of real-time system resource status and user account of server to the resource of resource sharing service device into Mobile state, precisely distribution, solve access mechanism in the prior art it is too simple caused by poor user experience, access safety can not It ensures and the single technical problem of access control method, the client under complicated application scenarios may insure by the above method 200 can efficiently and safely obtain file-sharing service.
The embodiment of the present invention also provides a kind of access control apparatus 110, unlike above example, this access control Device 110 is to describe application scheme from the angle of virtual bench.It is understood that the access control next to be described The concrete function that each function module involved in device executes has been noted above in the specific steps of above example, specific each The exhaustive of a function module can refer to above embodiment description, is only briefly described below to access control apparatus. Fig. 5 is please referred to, access control apparatus 110 includes following functions module.
Receiving module 111, the session connection request for receiving the transmission of client 200, the session connection request include User account, wherein the corresponding resource access right of user account, user account number is stored in the resource sharing service device 100 Limit and the corresponding resource requirement condition of each resource access rights.
Acquisition module 112 is visited for when the user account is verified, obtaining the corresponding resource of the user account Ask permission.
Detection module 113, for detecting whether the current system resource of the resource sharing service device 100 meets the money The corresponding resource requirement condition of source access rights.
In the present embodiment, the resource requirement condition include one of or between arbitrary combination:
The CPU usage of the resource sharing service device 100 is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device 100 is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device 100 is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device 100 is not more than preset session connection number threshold value.
In the present embodiment, when the user account corresponds to multiple resource access rights, the detection module 113 is specific For:
Whether the current system resource for detecting the resource sharing service device 100 meets any one of resource access right Corresponding resource requirement condition is limited, when meeting the corresponding resource requirement condition of any one of resource access rights, judgement The current system resource of the resource sharing service device 100 meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device 100 meets each resource access rights pair The resource requirement condition answered, when each the corresponding resource requirement condition of the resource access rights meets satisfaction, described in judgement The current system resource of resource sharing service device 100 meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device 100 meets multiple resource access rights pair The minimum requirements for the resource requirement condition answered, when meeting the minimum of the corresponding resource requirement condition of multiple resource access rights It is required that when, judge that the current system resource of the resource sharing service device 100 meets the corresponding resource of the resource access rights Demand condition.
Module 114 is established, for meeting corresponding resource requirement item in the current system resource of resource sharing service device 100 When part, the session connection with client 200 is established.
Fig. 6 is please referred to, the access control apparatus 110 can also include:Disconnect module 115.
The detection module 113, the session connection being additionally operable between detection resource sharing service device 100 and client 200 State;
The disconnection module 115, for when it is idle state to detect session connection state, disconnecting and client 200 Between session connection.
Optionally, referring once again to Fig. 6, access control apparatus 110 can also include:Configuration module 116 and memory module 117。
Configuration module 116, for configuring corresponding money for stored user account in the resource sharing service device 100 Source access rights and the corresponding resource requirement condition of the resource access rights.
Memory module 117, for depositing the corresponding resource access rights of the user account and resource requirement condition Storage.
It, can be with if above-mentioned function is realized and when sold or used as an independent product in the form of software function module It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that resource sharing service device 100 executes sheet Invent all or part of step of each embodiment the method.And storage medium above-mentioned includes:It is USB flash disk, mobile hard disk, read-only Memory (English:Read-Only Memory, referred to as:ROM), random access memory (English:Random Access Memory, referred to as:RAM), the various media that can store program code such as magnetic disc or CD.
In conclusion access control method provided in an embodiment of the present invention and device, first, to the user account of client It is verified, and obtains the corresponding resource access rights of user account after being verified, then, detect resource sharing service device Whether current system resource meets the corresponding resource requirement condition of resource access rights;Finally, work as in resource sharing service device When preceding system resource meets corresponding resource requirement condition, the session connection with the client is established.The above method according to The corresponding resource requirement condition of real-time system resource status and user account of the resource sharing service device takes resource-sharing The resource of business device is distributed into Mobile state, precisely, it can be ensured that client can be obtained efficiently and safely under complicated application scenarios File-sharing service.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of access control method, which is characterized in that be applied to resource sharing service device, deposited in the resource sharing service device Contain the corresponding resource access rights of user account, user account number and the corresponding resource requirement condition of each resource access rights, institute The method of stating includes:
The session connection request that client is sent is received, the session connection request includes user account;
When the user account is verified, the corresponding resource access rights of the user account are obtained;
Detect whether the current system resource of the resource sharing service device meets the corresponding resource need of the resource access rights Seek condition;
When the current system resource of resource sharing service device meets corresponding resource requirement condition, establish and the client Session connection.
2. the method as described in claim 1, which is characterized in that the resource requirement condition include one of or it Between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
3. method as claimed in claim 1 or 2, which is characterized in that correspond to multiple resource access rights in the user account When, whether the current system resource of the detection resource sharing service device meets the corresponding resource of the resource access rights The step of demand condition, including:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights correspondence Resource requirement condition judge the money when meeting the corresponding resource requirement condition of any one of resource access rights The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of each resource access rights Source demand condition judges that the resource is total when each the corresponding resource requirement condition of the resource access rights meets satisfaction The current system resource for enjoying server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of multiple resource access rights The minimum requirements of source demand condition, when the minimum requirements for meeting the corresponding resource requirement condition of multiple resource access rights When, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights Part.
4. method as claimed in claim 1 or 2, which is characterized in that the method further includes:
Detect the session connection state between the resource sharing service device and the client;
When it is idle state to detect the session connection state, the session connection between the client is disconnected.
5. method as claimed in claim 1 or 2, which is characterized in that the method further includes:
Corresponding resource access rights are configured for stored user account in the resource sharing service device and the resource is visited Ask permission corresponding resource requirement condition;
The corresponding resource access rights of the user account and resource requirement condition are stored.
6. a kind of access control apparatus, which is characterized in that be applied to resource sharing service device, deposited in the resource sharing service device Contain the corresponding resource access rights of user account, user account number and the corresponding resource requirement condition of each resource access rights, institute Stating device includes:
Receiving module, the session connection request for receiving client transmission, the session connection request includes user account;
Acquisition module, for when the user account is verified, obtaining the corresponding resource access rights of the user account;
Detection module, for detecting whether the current system resource of the resource sharing service device meets the resource access rights Corresponding resource requirement condition;
Module is established, for when the current system resource of resource sharing service device meets corresponding resource requirement condition, establishing With the session connection of the client.
7. device as claimed in claim 6, which is characterized in that the resource requirement condition include one of or it Between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
8. device as claimed in claims 6 or 7, which is characterized in that correspond to multiple resource access rights in the user account When, the detection module is specifically used for:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights correspondence Resource requirement condition judge the money when meeting the corresponding resource requirement condition of any one of resource access rights The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of each resource access rights Source demand condition judges that the resource is total when each the corresponding resource requirement condition of the resource access rights meets satisfaction The current system resource for enjoying server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of multiple resource access rights The minimum requirements of source demand condition, when the minimum requirements for meeting the corresponding resource requirement condition of multiple resource access rights When, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights Part.
9. device as claimed in claims 6 or 7, which is characterized in that
The detection module is additionally operable to detect the session connection state between the resource sharing service device and the client;
Described device further include disconnect module, for detect the session connection state be idle state when, disconnect and institute State the session connection between client.
10. device as claimed in claims 6 or 7, which is characterized in that described device further includes:
Configuration module, for configuring corresponding resource access right for stored user account in the resource sharing service device Limit and the corresponding resource requirement condition of the resource access rights;
Memory module, for storing the corresponding resource access rights of the user account and resource requirement condition.
CN201810316467.5A 2018-04-10 2018-04-10 access control method and device Pending CN108683633A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810316467.5A CN108683633A (en) 2018-04-10 2018-04-10 access control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810316467.5A CN108683633A (en) 2018-04-10 2018-04-10 access control method and device

Publications (1)

Publication Number Publication Date
CN108683633A true CN108683633A (en) 2018-10-19

Family

ID=63800867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810316467.5A Pending CN108683633A (en) 2018-04-10 2018-04-10 access control method and device

Country Status (1)

Country Link
CN (1) CN108683633A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109492376A (en) * 2018-11-07 2019-03-19 浙江齐治科技股份有限公司 Control method, device and the fort machine of equipment access authority
CN110166579A (en) * 2019-07-16 2019-08-23 华为技术有限公司 A kind of server communications method, BAS Broadband Access Server and system
CN112948337A (en) * 2021-01-29 2021-06-11 苏州浪潮智能科技有限公司 File sharing duration statistical method, system, device and medium
CN112966256A (en) * 2021-02-01 2021-06-15 万翼科技有限公司 Equipment management method based on building information model and related device
CN113760569A (en) * 2021-01-06 2021-12-07 北京沃东天骏信息技术有限公司 Multi-account management method and system
US11941139B2 (en) 2020-12-10 2024-03-26 Disney Enterprises, Inc. Application-specific access privileges in a file system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986741A (en) * 2013-02-08 2014-08-13 株式会社日立制作所 Cloud data system, cloud data center, and resource management method of the cloud data center
CN104135364A (en) * 2013-04-30 2014-11-05 鸿富锦精密工业(深圳)有限公司 Account encryption and decryption system and method
US9330132B2 (en) * 2012-10-29 2016-05-03 Anthony Leto Systems and methods for a transactional-based workflow collaboration platform

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9330132B2 (en) * 2012-10-29 2016-05-03 Anthony Leto Systems and methods for a transactional-based workflow collaboration platform
CN103986741A (en) * 2013-02-08 2014-08-13 株式会社日立制作所 Cloud data system, cloud data center, and resource management method of the cloud data center
CN104135364A (en) * 2013-04-30 2014-11-05 鸿富锦精密工业(深圳)有限公司 Account encryption and decryption system and method

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109492376A (en) * 2018-11-07 2019-03-19 浙江齐治科技股份有限公司 Control method, device and the fort machine of equipment access authority
CN110166579A (en) * 2019-07-16 2019-08-23 华为技术有限公司 A kind of server communications method, BAS Broadband Access Server and system
CN110166579B (en) * 2019-07-16 2020-01-03 华为技术有限公司 Server communication method, broadband access server and system
US11941139B2 (en) 2020-12-10 2024-03-26 Disney Enterprises, Inc. Application-specific access privileges in a file system
CN113760569A (en) * 2021-01-06 2021-12-07 北京沃东天骏信息技术有限公司 Multi-account management method and system
CN113760569B (en) * 2021-01-06 2024-04-05 北京沃东天骏信息技术有限公司 Multi-account management method and system
CN112948337A (en) * 2021-01-29 2021-06-11 苏州浪潮智能科技有限公司 File sharing duration statistical method, system, device and medium
CN112948337B (en) * 2021-01-29 2022-12-13 苏州浪潮智能科技有限公司 File sharing duration statistical method, system, device and medium
CN112966256A (en) * 2021-02-01 2021-06-15 万翼科技有限公司 Equipment management method based on building information model and related device

Similar Documents

Publication Publication Date Title
CN108683633A (en) access control method and device
CN104754552B (en) A kind of credible performing environment TEE initial methods and equipment
CN107920138B (en) User unified identification generation method, device and system
CN108683679A (en) More account login methods, device, equipment and the storage medium of Web APP
US20110314087A2 (en) Communication method and apparatus
CN112653681B (en) Multi-feature fusion user login access method, device and system
CN104811473B (en) A kind of method, system and management system for creating virtual non-volatile storage medium
CN109672714A (en) A kind of data processing method and distributed memory system of distributed memory system
CN108400898A (en) The management method and device of resource in cloud data management platform
CN109561054A (en) A kind of data transmission method, controller and access device
CN109257229A (en) A kind of main/standby switching method and device
CN112448956A (en) Authority processing method and device of short message verification code and computer equipment
CN114362983A (en) Firewall policy management method and device, computer equipment and storage medium
CN103975567A (en) Dual-factor authentication method and virtual machine device
CN105357239A (en) Method and device for providing service, and method and device for acquiring service
CN109688109A (en) The verification method and device of identifying code based on client-side information identification
CN109947081A (en) Net connection control method for vehicle and device
CN109711193B (en) Storage space sharing method and device
CN103763322A (en) Method and device for controlling process of software and terminals
CN111343240A (en) Service request processing method and device, electronic equipment and storage medium
KR101002765B1 (en) Apparatus and method for downloading content using the content download server and the P2P control server
CN116028290A (en) Solid state disk testing method, device, equipment and medium
CN105871851A (en) SaaS-based identity authentication method
CN107872786B (en) Control method and smart card
CN115480910A (en) Multi-cluster resource management method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181019