CN108683633A - access control method and device - Google Patents
access control method and device Download PDFInfo
- Publication number
- CN108683633A CN108683633A CN201810316467.5A CN201810316467A CN108683633A CN 108683633 A CN108683633 A CN 108683633A CN 201810316467 A CN201810316467 A CN 201810316467A CN 108683633 A CN108683633 A CN 108683633A
- Authority
- CN
- China
- Prior art keywords
- resource
- sharing service
- service device
- access rights
- requirement condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
Access control method and device provided in an embodiment of the present invention, first, the user account of client is verified, and the corresponding resource access rights of user account are obtained after being verified, then, whether the current system resource of detection resource sharing service device meets the corresponding resource requirement condition of resource access rights;Finally, when the current system resource of resource sharing service device meets corresponding resource requirement condition, the session connection with the client is established.The above method distributes the resource of resource sharing service device into Mobile state, precisely according to the corresponding resource requirement condition of real-time system resource status and user account of the resource sharing service device, it can be ensured that client can efficiently and safely obtain file-sharing service under complicated application scenarios.
Description
Technical field
The present invention relates to data service technology fields, in particular to a kind of access control method and device.
Background technology
With the extensive use of internet, the demand that all trades and professions access data storage increasingly increases, and is passing through system
When resource sharing service realizes that data storage accesses, the high security and high-performance of System Resources Sharing procedure service, which become, to be weighed
The key index of data-storage system.
However in actual distributed file sharing application scenarios, the environment that network accesses is in dynamic variation,
How in application scenarios complicated and changeable, moreover it is possible to which the security performance for ensureing entire data-storage system is people in the art
Member's technical issues that need to address.
Invention content
The embodiment of the present invention describes a kind of access control method and device.
In a first aspect, the embodiment of the present invention provides a kind of access control method, it is applied to resource sharing service device, the money
It is stored with the corresponding resource access rights of user account, user account number in the shared server of source and each resource access rights correspond to
Resource requirement condition, the method includes:
The session connection request that client is sent is received, the session connection request includes user account;
When the user account is verified, the corresponding resource access rights of the user account are obtained;
Detect whether the current system resource of the resource sharing service device meets the corresponding money of the resource access rights
Source demand condition;
When the current system resource of resource sharing service device meets corresponding resource requirement condition, establish and the client
The session connection at end.
The above method can be according to the real-time system resource status and resource requirement condition pair of the resource sharing service device
The resource of resource sharing service device is distributed into Mobile state, precisely, to ensure that client can efficiently and safely obtain file-sharing clothes
Business.
Optionally, in the above-mentioned methods, the resource requirement condition include one of or between arbitrary group
It closes:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
Optionally, in the above-mentioned methods, when the user account corresponds to multiple resource access rights, described in the detection
Whether the current system resource of resource sharing service device meets the step of resource access rights corresponding resource requirement condition,
Including:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights
Corresponding resource requirement condition judges institute when meeting the corresponding resource requirement condition of any one of resource access rights
The current system resource for stating resource sharing service device meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets each resource access rights correspondence
Resource requirement condition judge the money when meeting the corresponding resource requirement condition of each resource access rights and meeting
The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets multiple resource access rights correspondences
Resource requirement condition minimum requirements, wanted when meeting corresponding the minimum of resource requirement condition of multiple resource access rights
When asking, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights
Part.
Optionally, in the above-mentioned methods, the method can also include:
Detect the session connection state between the resource sharing service device and the client;
When it is idle state to detect the session connection state, the session connection between the client is disconnected.
Optionally, in the above-mentioned methods, the method can also include:
Corresponding resource access rights and the money are configured for stored user account in the resource sharing service device
The corresponding resource requirement condition of source access rights;
The corresponding resource access rights of the user account and resource requirement condition are stored.
Second aspect, the embodiment of the present invention provide a kind of access control apparatus, are applied to resource sharing service device, the money
It is stored with the corresponding resource access rights of user account, user account number in the shared server of source and each resource access rights correspond to
Resource requirement condition, described device includes:
Receiving module, the session connection request for receiving client transmission, the session connection request includes user's account
Number;
Acquisition module is accessed for when the user account is verified, obtaining the corresponding resource of the user account
Permission;
Detection module, for detecting whether the current system resource of the resource sharing service device meets the resource access
The corresponding resource requirement condition of permission;
Module is established, for when the current system resource of resource sharing service device meets corresponding resource requirement condition,
Establish the session connection with the client.
Optionally, the resource requirement condition include one of or between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
Optionally, when the user account corresponds to multiple resource access rights, the detection module is specifically used for:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights
Corresponding resource requirement condition judges institute when meeting the corresponding resource requirement condition of any one of resource access rights
The current system resource for stating resource sharing service device meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets each resource access rights correspondence
Resource requirement condition judge the money when meeting the corresponding resource requirement condition of each resource access rights and meeting
The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets multiple resource access rights correspondences
Resource requirement condition minimum requirements, wanted when meeting corresponding the minimum of resource requirement condition of multiple resource access rights
When asking, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights
Part.
Optionally, described device further includes:Disconnect module;
The detection module is additionally operable to detect the session connection shape between the resource sharing service device and the client
State;
The disconnection module, for when it is idle state to detect the session connection state, disconnecting and the client
Session connection between end.
Optionally, described device further includes:
Configuration module is accessed for configuring corresponding resource for stored user account in the resource sharing service device
Permission and the corresponding resource requirement condition of the resource access rights;
Memory module, for storing the corresponding resource access rights of the user account and resource requirement condition.
The third aspect, the embodiment of the present invention also provide a kind of resource in addition to the access control method and device of above-mentioned offer
Shared server, the resource sharing service device include processor and the non-volatile memories for being stored with several computer instructions
Device, when the computer instruction is executed by the processor, the resource sharing service device executes the access control in first aspect
Method processed.
Fourth aspect, the embodiment of the present invention also provide a kind of readable in addition to the access control method and device of above-mentioned offer
Storage medium, the readable storage medium storing program for executing include computer program, and the computer program controls the readable storage when running
Resource sharing service device executes the access control method in first aspect where medium.
In terms of existing technologies, the invention has the advantages that:
Access control method and device provided in an embodiment of the present invention, according to the real-time system of the resource sharing service device
Resource status and the corresponding resource requirement condition of user account distribute the resource of resource sharing service device into Mobile state, precisely,
To ensure that client can efficiently and safely obtain file-sharing service.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the configuration diagram of data-storage system provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of resource sharing service device provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram of access control method provided in an embodiment of the present invention;
Fig. 4 is another flow diagram of access control method provided in an embodiment of the present invention;
Fig. 5 is a kind of functional block diagram of access control apparatus provided in an embodiment of the present invention;
Fig. 6 is another functional block diagram of access control apparatus provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be arranged and be designed with a variety of different configurations.
Therefore, below the detailed description of the embodiment of the present invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on the embodiments of the present invention, this field is common
The every other embodiment that technical staff is obtained without creative efforts belongs to the model that the present invention protects
It encloses.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
In the description of the present invention, it is also necessary to which explanation is unless specifically defined or limited otherwise, term " setting ",
" installation ", " connected ", " connection " shall be understood in a broad sense, for example, it may be fixedly connected, may be a detachable connection or one
Connect to body;It can be mechanical connection, can also be electrical connection;It can be directly connected, it can also be indirect by intermediary
It is connected, can is the connection inside two elements.For the ordinary skill in the art, on being understood with concrete condition
State the concrete meaning of term in the present invention.
User can not achieve dynamic access when accessing shared file service at present, to use Samba software realizations
For the file-sharing service of Linux/Unix and Windows system resources.When user accesses Samba file-sharing services,
Need only provide for legal secure password, you can to access file-sharing service, after by authentication, resource sharing service
Device (for example, Samba servers) can be that the client being verified establishes a process (for example, smbd processes) to provide file
Service is accessed, and occupies the certain system resource of resource sharing service device.In order to avoid system resource by client without end
It occupies, a solution of the prior art, which is resource sharing service device, can provide two config options, respectively shut-in time
With maximum into number of passes.Wherein, when to refer to a certain client do not have traffic service within the longer Connection Time shut-in time, resource is total
Connection can be actively closed by enjoying server, that is, close the session process between resource sharing service device and the client.Maximum into
Number of passes, which refers to resource sharing service device, allows the maximum number of processes established, when the user terminal quantity accessed simultaneously is higher than this most
When greatly into number of passes, resource sharing service device can refuse the access of new user.The two parameters cooperate, real to a certain extent
The distribution of existing resource sharing service device resource.
However, inventor the study found that only the configuration shut-in time and it is maximum still can not be coped with into number of passes it is complicated and changeable
Application scenarios, current access mechanism is too simple, for example, having the following disadvantages:
First, in the case where a large number of users needs the application scenarios accessed, if maximum too small into number of passes setting, this part leads to portion
Divide user that can not obtain file-sharing service, these users need that after waiting for other users to access resource-sharing could be accessed
The file-sharing service of server, user experience are poor.
Secondly, if maximum the needs of can meeting user into number of passes while accessing file-sharing service, if needing simultaneously
Big flow read-write is carried out to file-sharing, a large amount of CPU and memory, resource-sharing can be occupied by being written and read the corresponding process of operation
Server does not simply fail to guarantee and safely and effectively services, it is also possible to cause other service processes under overload operation state
Collapse, causes irremediable loss.
Again, above-mentioned access control method is single, can not provide different file-sharing services for different users.
In order to overcome above-mentioned defect existing in the prior art, inventor to pass through research, it is proposed that preferable solution,
It is specifically described below.
Fig. 1 is please referred to, Fig. 1 is a kind of data-storage system 10 provided in an embodiment of the present invention, the data-storage system
10 include client 200, resource sharing service device 100 and distributed file system 300, the client 200 and the resource
Shared server 100 communicates to connect, and resource sharing service device 100 can pass through virtual archives economy (English:Virtual File
System, referred to as:VFS) interface is communicated with distributed file system 300.When carrying out file-sharing service, client 200 is logical
The session process established between resource sharing service device 100 is crossed, distributed field system is accessed by resource sharing service device 100
System 300.The resource sharing service device 100 refers to that may be used to provide 200 resource sharing service of client (such as file read-write clothes
Business) computer equipment, for example, it may be, but be not limited to, Samba servers.
Fig. 2 is please referred to, Fig. 2 is the structural schematic diagram of resource sharing service device 100.The resource sharing service device 100 wraps
Include access control apparatus 110, memory 111, processor 112 and communication unit 113.
Each element of the memory 111, processor 112 and communication unit 113 is directly or indirectly electrical between each other
Connection, to realize the transmission or interaction of data.For example, these elements can pass through one or more communication bus or letter between each other
Number line, which is realized, to be electrically connected.
Wherein, the memory 111 may be, but not limited to, random access memory (English:Random Access
Memory, referred to as:RAM), read-only memory (English:Read Only Memory, referred to as:ROM), programmable read only memory
(English:Programmable Read-Only Memory, referred to as:PROM), erasable read-only memory (English:Erasable
Programmable Read-Only Memory, referred to as:EPROM), electricallyerasable ROM (EEROM) (English:Electric
Erasable Programmable Read-Only Memory, referred to as:EEPROM) etc..Wherein, memory 111 is for storing
Program, the processor 112 execute described program after receiving and executing instruction.The communication unit 113 is for passing through network
The communication connection between the resource sharing service device 100 and miscellaneous equipment (such as client 200) is established, and for passing through net
Network carries out sending and receiving for data.
Access control apparatus 110 can be stored in described deposit including at least one in the form of software or firmware (firmware)
In reservoir 111 or be solidificated in the resource sharing service device 100 operating system (English:Operating System, referred to as:
OS the software function module in).The processor 112 is used to execute the executable module stored in the memory 111, such as
Software function module and computer program included by access control apparatus 110 etc..In the present embodiment, the access control apparatus
110 provide the access control for different user terminals for resource sharing service device 100, and specific method carries out in detail follow-up
Explanation.
It should be understood that structure shown in Fig. 2 is only to illustrate, the resource sharing service device 100, which may also include, compares Fig. 2
Shown in more either less components or with the configuration different from shown in Fig. 2.Each component shown in Fig. 2 can be adopted
It is realized with hardware, software, or its combination.
Fig. 3 is please referred to, Fig. 3 is the access control provided in an embodiment of the present invention applied to resource sharing service device 100 in Fig. 2
The flow chart of method processed is previously stored with the corresponding resource access right of user account, user account in resource sharing service device 100
Limit and the corresponding resource requirement condition of each resource management permission.Below to the method includes each step carry out it is detailed
It illustrates.
Step S110 receives the session connection request that client 200 is sent, and the session connection request includes user's account
Number.
In the present embodiment, resource sharing service device 100 is when receiving client 200 and establishing the request of session connection,
Obtain the user account that the request includes, and by the user account of acquisition with it is stored in resource sharing service device 100
The user account that tool has permission to access resource sharing service device 100 is compared, and is verified when comparing successfully, and judges to obtain
The user account tool taken has permission to access resource sharing service device 100, and otherwise, verification does not pass through, and judges the user account obtained
Resource sharing service device 100 is not had permission to access.
Step S120 obtains the corresponding resource access rights of user account when user account is verified.
In the present embodiment, user account can be corresponding at least one resource access rights.
In an embodiment of the present embodiment, resource sharing service device that each resource access rights can use
The 100 service differences provided, for example, under a part of resource access rights, resource sharing service device 100 is only client
200 provide the reading service of shared file, and under the resource access rights of another part, resource sharing service device 100 can be client
End 200 provides the reading of shared file and writes service.
In the another embodiment of the present embodiment, under different resource access rights, resource sharing service device 100
The file extent of the file-sharing service provided for client 200 can also be different, for example, can be according to resource access rights
The file content that different range can be arranged in difference is used for file-sharing service.For example, for the client of high resource access rights
End 200, resource sharing service device 100 can open client 200 All Files in distributed file system 300, i.e.,
The client of high resource access rights can obtain the file-sharing service of the All Files in distributed file system 300.Needle
To the client 200 compared with low-resource access rights, resource sharing service device 100 can only will be in distributed file system 300
Partial document opens client 200, i.e., can obtain distributed file system compared with the client 200 of low-resource access rights
The file-sharing service of partial document in 300.
In the present embodiment mode, shared file can be classified, while different resource access rights can be directed to
The shared file of the corresponding different classifications of limit configuration.Of course, it should be understood that resource access rights can also be combined into client
The file extent of 200 services provided and the shared service provided for client 200 is configured, in the present embodiment, not right
The specific setting of resource access rights limits.
Whether step S130, the current system resource of detection resource sharing service device 100 meet the resource access rights
Corresponding resource requirement condition.
In detail, in the present embodiment, system resource may include CPU, memory, bandwidth or session connection number.In this implementation
Example in, resource requirement condition may include one of or between arbitrary combination.
The CPU usage of the resource sharing service device 100 is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device 100 is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device 100 is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device 100 is not more than preset session connection number threshold value.Wherein,
Preset bandwidth threshold is to meet the lowest-bandwidth value of resource access rights.
When the user account corresponds to multiple resource access rights, resource sharing service device 100 can pass through following reality
The mode of applying judges whether the current system resource of the resource sharing service device 100 meets the corresponding money of the resource access rights
Source demand condition.
The first embodiment, detect the resource sharing service device 100 current system resource whether meet it is any one
The corresponding resource requirement condition of a resource access rights, when meeting the corresponding resource of any one of resource access rights
When demand condition, it is corresponding to judge that the current system resource of the resource sharing service device 100 meets the resource access rights
Resource requirement condition.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3,
Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >=
1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior
Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤
80%, memory usage≤60% }.If it is 75% that the current system resource of resource sharing service device 100, which is CPU usage, interior
The rate of accounting for 56%, bandwidth 1350Kbit/s are deposited, session connection number is 950.In the above example, resource sharing service device 100 is worked as
Preceding system resource is unsatisfactory for the corresponding resource requirement conditions of Role1 and Role2, meets the corresponding resource requirement conditions of Role3,
In this case, resource sharing service device 100 can judge that the current system resource of the resource sharing service device 100 meets institute
State the corresponding resource requirement condition of resource access rights.
Whether second of embodiment, the current system resource for detecting the resource sharing service device 100 meet each institute
The corresponding resource requirement condition of resource access rights is stated, when meeting the corresponding resource requirement condition of each resource access rights
When meeting, judge that the current system resource of the resource sharing service device 100 meets the corresponding resource of the resource access rights
Demand condition.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3,
Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >=
1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior
Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤
80%, memory usage≤60% }.If it is 55% that the current system resource of resource sharing service device 100, which is CPU usage, interior
The rate of accounting for 56%, bandwidth 1350Kbit/s are deposited, session connection number is 950.In the above example, resource sharing service device 100 is worked as
Preceding system resource meets the corresponding resource requirement condition of Role1, Role2 and Role3, in this case, resource-sharing clothes
Business device 100 can judge that the current system resource of the resource sharing service device 100 meets the corresponding money of the resource access rights
Source demand condition.In this embodiment, if the current system resource of the resource sharing service device 100 be unsatisfactory for it is any one
The corresponding resource requirement condition of a resource access rights, will judge the current system resource of the resource sharing service device 100
It is unsatisfactory for the corresponding resource requirement condition of the resource access rights.
Whether the third embodiment, the current system resource for detecting the resource sharing service device 100 meet multiple institutes
The minimum requirements for stating the corresponding resource requirement condition of resource access rights, when meeting the corresponding money of multiple resource access rights
When the minimum requirements of source demand condition, then judge that the current system resource of the resource sharing service device 100 meets the resource
The corresponding resource requirement condition of access rights.
For example, a certain user account User, corresponding multiple resource access rights are respectively Role1, Role2 and Role3,
Wherein, Role1 corresponding resource requirement condition SC1=CPU usage≤60%, memory usage≤70%, bandwidth >=
1000Kbit/s, session connection number≤1000 };Role2 corresponding resource requirement condition SC2=CPU usage≤70%, it is interior
Deposit occupancy≤80%, bandwidth >=1200Kbit/s };Role3 corresponding resource requirement condition SC3=CPU usage≤
80%, memory usage≤60% }.If it is 79% that the current system resource of resource sharing service device 100, which is CPU usage, interior
The rate of accounting for 75%, bandwidth 1020Kbit/s are deposited, session connection number is 950.In the above example, Role1, Role2 and Role3 couple
The minimum requirements of CPU usage is not more than 80%, is not more than 80% to the minimum requirements of memory usage, is wanted to the minimum of bandwidth
It asks and is not less than 1000Kbit/s, 1000 are not more than to the minimum requirements of session connection number.Although current system resource is unsatisfactory for
The corresponding resource requirement condition of any one resource access rights, but current system resource meets multiple resource access rights
The minimum requirements of corresponding resource requirement condition is limited, can also judge the resource sharing service device 100 in this case
Current system resource meets the corresponding resource requirement condition of the resource access rights.
Step S140 is built when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition
The vertical session connection with client 200.
In the present embodiment, when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition
For the first above-mentioned embodiment situation when, resource sharing service device 100 is after establishing session connection with client 200
Client 200 provides the corresponding shared file service of resource access rights of Role3.
It it is real above-mentioned second when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition
When applying the situation of mode, resource sharing service device 100 can be the shared file that client 200 provides all resource access rights
Service.
It is the third above-mentioned reality when the current system resource of resource sharing service device 100 meets corresponding resource requirement condition
When applying the situation of mode, resource sharing service device 100 can establish meeting with the minimum resource access rights of permission and client 200
Words connection establishes session connection with preset resource access rights and client 200, wherein in preset resource access rights
Lower resource sharing service device 100 is that client 200 provides service, it is however generally that, preset resource access rights are compared to general
The system resource that resource access rights occupy resource sharing service device 100 can be less.
It is current according to resource sharing service device 100 when user account corresponds to multiple resource access rights in the above process
System resource situation and different resource-accessing permission corresponding resource demand condition, dynamic select meets the money of resource requirement condition
Source access rights, and session is established by the resource access rights of selection, file-sharing service is provided.Resource sharing service device
100 can establish session according to the most suitable resource access rights of current system resource selection, can prevent resource sharing service device
100 overload operations, it is ensured that resource sharing service device 100 operates in the state of safety, prevents service processes from collapsing.Meanwhile
In the above process, different file-sharing services can be provided by different resource access rights, solved in the prior art
The single problem of access control method.
Fig. 4 is please referred to, in the present embodiment, the method can also include the following steps.
Step S150, the session connection state between detection resource sharing service device 100 and client 200.
In the present embodiment, session connection state of 100 pairs of the resource sharing service device between client 200 is examined,
Session connection state includes idle state and presence, wherein idle state refers to resource sharing service device 100 and client
The state of flow is generated between 200 not over session, presence refers to leading between resource sharing service device and client 200
Crossing session has the state for generating flow.It is alternatively possible to be connected by the session between session process timers pair and client 200
The state of connecing is detected.
Step S160, when it is idle state to detect session connection state, the session disconnected between client 200 connects
It connects.
In the present embodiment, when it is idle state to detect the session connection state, 100 meeting of resource sharing service device
The session connection between the client 200 is disconnected, and recycles the system resource of session occupancy, so as to resource sharing service device
100 can utilize the system resource of recycling to provide service for other clients 200, improve the utilization of resources of resource sharing service device
Rate.
In the present embodiment, with process timers detection session connection state whether be idle state mode:Can be
Detect that current sessions are idle session in process timers, judgement session connection state is idle state;Can also be into
Journey timer detects that current sessions are idle session, and when the idle session time continues preset duration, judgement session connection shape
State is idle state.
Automatic detection session connection state, and when session connection state is idle state, session connection is disconnected, recycling should
The system resource that session occupies can solve in the prior art, user to be needed to terminate to access ability recovery system resource and cause
Because of system resource deficiency, other users can not be quickly obtained the defect of file-sharing service, promote the usage experience of user.
In the present embodiment, the method can also include:For stored user account in resource sharing service device 100
Configure corresponding resource access rights and the corresponding resource requirement condition of the resource access rights, and by the user account pair
The resource access rights and resource requirement condition answered are stored.
Multiple and different resource access rights and the corresponding resource requirement item of each resource access rights can be pre-configured with
Part, usually, resource access rights are higher, and the resource requirement condition corresponding to the resource access rights is also higher.It is configuring
When the corresponding resource access rights of user account and the corresponding resource requirement condition of the resource access rights, administrative staff only need
It is selected from pre-configured resource access rights and resource requirement condition.
In this embodiment, the pre-configured user account of administrative staff configures corresponding resource access rights and the resource
After the corresponding resource requirement condition of access rights, so that it may to realize that resource sharing service device 100 is carried out according to current system resource
Dynamic access control, the middle mode for carrying out manual modification parameter, can effectively reduce the work of administrative staff compared with the prior art
It measures, reduces management cost.
Access control method provided in this embodiment first verifies the user account of client 200, and is testing
Card obtains the corresponding resource access rights of user account after passing through, then, the current system resource of detection resource sharing service device
Whether resource access rights corresponding resource requirement condition is met;Finally, full in the current system resource of resource sharing service device
When the corresponding resource requirement condition of foot, the session connection with the client 200 is established.The above method is according to the resource-sharing
The corresponding resource requirement condition of real-time system resource status and user account of server to the resource of resource sharing service device into
Mobile state, precisely distribution, solve access mechanism in the prior art it is too simple caused by poor user experience, access safety can not
It ensures and the single technical problem of access control method, the client under complicated application scenarios may insure by the above method
200 can efficiently and safely obtain file-sharing service.
The embodiment of the present invention also provides a kind of access control apparatus 110, unlike above example, this access control
Device 110 is to describe application scheme from the angle of virtual bench.It is understood that the access control next to be described
The concrete function that each function module involved in device executes has been noted above in the specific steps of above example, specific each
The exhaustive of a function module can refer to above embodiment description, is only briefly described below to access control apparatus.
Fig. 5 is please referred to, access control apparatus 110 includes following functions module.
Receiving module 111, the session connection request for receiving the transmission of client 200, the session connection request include
User account, wherein the corresponding resource access right of user account, user account number is stored in the resource sharing service device 100
Limit and the corresponding resource requirement condition of each resource access rights.
Acquisition module 112 is visited for when the user account is verified, obtaining the corresponding resource of the user account
Ask permission.
Detection module 113, for detecting whether the current system resource of the resource sharing service device 100 meets the money
The corresponding resource requirement condition of source access rights.
In the present embodiment, the resource requirement condition include one of or between arbitrary combination:
The CPU usage of the resource sharing service device 100 is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device 100 is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device 100 is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device 100 is not more than preset session connection number threshold value.
In the present embodiment, when the user account corresponds to multiple resource access rights, the detection module 113 is specific
For:
Whether the current system resource for detecting the resource sharing service device 100 meets any one of resource access right
Corresponding resource requirement condition is limited, when meeting the corresponding resource requirement condition of any one of resource access rights, judgement
The current system resource of the resource sharing service device 100 meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device 100 meets each resource access rights pair
The resource requirement condition answered, when each the corresponding resource requirement condition of the resource access rights meets satisfaction, described in judgement
The current system resource of resource sharing service device 100 meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device 100 meets multiple resource access rights pair
The minimum requirements for the resource requirement condition answered, when meeting the minimum of the corresponding resource requirement condition of multiple resource access rights
It is required that when, judge that the current system resource of the resource sharing service device 100 meets the corresponding resource of the resource access rights
Demand condition.
Module 114 is established, for meeting corresponding resource requirement item in the current system resource of resource sharing service device 100
When part, the session connection with client 200 is established.
Fig. 6 is please referred to, the access control apparatus 110 can also include:Disconnect module 115.
The detection module 113, the session connection being additionally operable between detection resource sharing service device 100 and client 200
State;
The disconnection module 115, for when it is idle state to detect session connection state, disconnecting and client 200
Between session connection.
Optionally, referring once again to Fig. 6, access control apparatus 110 can also include:Configuration module 116 and memory module
117。
Configuration module 116, for configuring corresponding money for stored user account in the resource sharing service device 100
Source access rights and the corresponding resource requirement condition of the resource access rights.
Memory module 117, for depositing the corresponding resource access rights of the user account and resource requirement condition
Storage.
It, can be with if above-mentioned function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that resource sharing service device 100 executes sheet
Invent all or part of step of each embodiment the method.And storage medium above-mentioned includes:It is USB flash disk, mobile hard disk, read-only
Memory (English:Read-Only Memory, referred to as:ROM), random access memory (English:Random Access
Memory, referred to as:RAM), the various media that can store program code such as magnetic disc or CD.
In conclusion access control method provided in an embodiment of the present invention and device, first, to the user account of client
It is verified, and obtains the corresponding resource access rights of user account after being verified, then, detect resource sharing service device
Whether current system resource meets the corresponding resource requirement condition of resource access rights;Finally, work as in resource sharing service device
When preceding system resource meets corresponding resource requirement condition, the session connection with the client is established.The above method according to
The corresponding resource requirement condition of real-time system resource status and user account of the resource sharing service device takes resource-sharing
The resource of business device is distributed into Mobile state, precisely, it can be ensured that client can be obtained efficiently and safely under complicated application scenarios
File-sharing service.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of access control method, which is characterized in that be applied to resource sharing service device, deposited in the resource sharing service device
Contain the corresponding resource access rights of user account, user account number and the corresponding resource requirement condition of each resource access rights, institute
The method of stating includes:
The session connection request that client is sent is received, the session connection request includes user account;
When the user account is verified, the corresponding resource access rights of the user account are obtained;
Detect whether the current system resource of the resource sharing service device meets the corresponding resource need of the resource access rights
Seek condition;
When the current system resource of resource sharing service device meets corresponding resource requirement condition, establish and the client
Session connection.
2. the method as described in claim 1, which is characterized in that the resource requirement condition include one of or it
Between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
3. method as claimed in claim 1 or 2, which is characterized in that correspond to multiple resource access rights in the user account
When, whether the current system resource of the detection resource sharing service device meets the corresponding resource of the resource access rights
The step of demand condition, including:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights correspondence
Resource requirement condition judge the money when meeting the corresponding resource requirement condition of any one of resource access rights
The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of each resource access rights
Source demand condition judges that the resource is total when each the corresponding resource requirement condition of the resource access rights meets satisfaction
The current system resource for enjoying server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of multiple resource access rights
The minimum requirements of source demand condition, when the minimum requirements for meeting the corresponding resource requirement condition of multiple resource access rights
When, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights
Part.
4. method as claimed in claim 1 or 2, which is characterized in that the method further includes:
Detect the session connection state between the resource sharing service device and the client;
When it is idle state to detect the session connection state, the session connection between the client is disconnected.
5. method as claimed in claim 1 or 2, which is characterized in that the method further includes:
Corresponding resource access rights are configured for stored user account in the resource sharing service device and the resource is visited
Ask permission corresponding resource requirement condition;
The corresponding resource access rights of the user account and resource requirement condition are stored.
6. a kind of access control apparatus, which is characterized in that be applied to resource sharing service device, deposited in the resource sharing service device
Contain the corresponding resource access rights of user account, user account number and the corresponding resource requirement condition of each resource access rights, institute
Stating device includes:
Receiving module, the session connection request for receiving client transmission, the session connection request includes user account;
Acquisition module, for when the user account is verified, obtaining the corresponding resource access rights of the user account;
Detection module, for detecting whether the current system resource of the resource sharing service device meets the resource access rights
Corresponding resource requirement condition;
Module is established, for when the current system resource of resource sharing service device meets corresponding resource requirement condition, establishing
With the session connection of the client.
7. device as claimed in claim 6, which is characterized in that the resource requirement condition include one of or it
Between arbitrary combination:
The CPU usage of the resource sharing service device is not more than preset CPU usage threshold value;
The memory usage of the resource sharing service device is not more than preset memory usage threshold value;
The bandwidth of the resource sharing service device is not less than preset bandwidth threshold;And
The current sessions connection number of the resource sharing service device is not more than preset session connection number threshold value.
8. device as claimed in claims 6 or 7, which is characterized in that correspond to multiple resource access rights in the user account
When, the detection module is specifically used for:
Whether the current system resource for detecting the resource sharing service device meets any one of resource access rights correspondence
Resource requirement condition judge the money when meeting the corresponding resource requirement condition of any one of resource access rights
The current system resource of source shared server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of each resource access rights
Source demand condition judges that the resource is total when each the corresponding resource requirement condition of the resource access rights meets satisfaction
The current system resource for enjoying server meets the corresponding resource requirement condition of the resource access rights;Or
Whether the current system resource for detecting the resource sharing service device meets the corresponding money of multiple resource access rights
The minimum requirements of source demand condition, when the minimum requirements for meeting the corresponding resource requirement condition of multiple resource access rights
When, judge that the current system resource of the resource sharing service device meets the corresponding resource requirement item of the resource access rights
Part.
9. device as claimed in claims 6 or 7, which is characterized in that
The detection module is additionally operable to detect the session connection state between the resource sharing service device and the client;
Described device further include disconnect module, for detect the session connection state be idle state when, disconnect and institute
State the session connection between client.
10. device as claimed in claims 6 or 7, which is characterized in that described device further includes:
Configuration module, for configuring corresponding resource access right for stored user account in the resource sharing service device
Limit and the corresponding resource requirement condition of the resource access rights;
Memory module, for storing the corresponding resource access rights of the user account and resource requirement condition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810316467.5A CN108683633A (en) | 2018-04-10 | 2018-04-10 | access control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810316467.5A CN108683633A (en) | 2018-04-10 | 2018-04-10 | access control method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108683633A true CN108683633A (en) | 2018-10-19 |
Family
ID=63800867
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810316467.5A Pending CN108683633A (en) | 2018-04-10 | 2018-04-10 | access control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108683633A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109492376A (en) * | 2018-11-07 | 2019-03-19 | 浙江齐治科技股份有限公司 | Control method, device and the fort machine of equipment access authority |
CN110166579A (en) * | 2019-07-16 | 2019-08-23 | 华为技术有限公司 | A kind of server communications method, BAS Broadband Access Server and system |
CN112948337A (en) * | 2021-01-29 | 2021-06-11 | 苏州浪潮智能科技有限公司 | File sharing duration statistical method, system, device and medium |
CN112966256A (en) * | 2021-02-01 | 2021-06-15 | 万翼科技有限公司 | Equipment management method based on building information model and related device |
CN113760569A (en) * | 2021-01-06 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Multi-account management method and system |
US11941139B2 (en) | 2020-12-10 | 2024-03-26 | Disney Enterprises, Inc. | Application-specific access privileges in a file system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103986741A (en) * | 2013-02-08 | 2014-08-13 | 株式会社日立制作所 | Cloud data system, cloud data center, and resource management method of the cloud data center |
CN104135364A (en) * | 2013-04-30 | 2014-11-05 | 鸿富锦精密工业(深圳)有限公司 | Account encryption and decryption system and method |
US9330132B2 (en) * | 2012-10-29 | 2016-05-03 | Anthony Leto | Systems and methods for a transactional-based workflow collaboration platform |
-
2018
- 2018-04-10 CN CN201810316467.5A patent/CN108683633A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9330132B2 (en) * | 2012-10-29 | 2016-05-03 | Anthony Leto | Systems and methods for a transactional-based workflow collaboration platform |
CN103986741A (en) * | 2013-02-08 | 2014-08-13 | 株式会社日立制作所 | Cloud data system, cloud data center, and resource management method of the cloud data center |
CN104135364A (en) * | 2013-04-30 | 2014-11-05 | 鸿富锦精密工业(深圳)有限公司 | Account encryption and decryption system and method |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109492376A (en) * | 2018-11-07 | 2019-03-19 | 浙江齐治科技股份有限公司 | Control method, device and the fort machine of equipment access authority |
CN110166579A (en) * | 2019-07-16 | 2019-08-23 | 华为技术有限公司 | A kind of server communications method, BAS Broadband Access Server and system |
CN110166579B (en) * | 2019-07-16 | 2020-01-03 | 华为技术有限公司 | Server communication method, broadband access server and system |
US11941139B2 (en) | 2020-12-10 | 2024-03-26 | Disney Enterprises, Inc. | Application-specific access privileges in a file system |
CN113760569A (en) * | 2021-01-06 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Multi-account management method and system |
CN113760569B (en) * | 2021-01-06 | 2024-04-05 | 北京沃东天骏信息技术有限公司 | Multi-account management method and system |
CN112948337A (en) * | 2021-01-29 | 2021-06-11 | 苏州浪潮智能科技有限公司 | File sharing duration statistical method, system, device and medium |
CN112948337B (en) * | 2021-01-29 | 2022-12-13 | 苏州浪潮智能科技有限公司 | File sharing duration statistical method, system, device and medium |
CN112966256A (en) * | 2021-02-01 | 2021-06-15 | 万翼科技有限公司 | Equipment management method based on building information model and related device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108683633A (en) | access control method and device | |
CN104754552B (en) | A kind of credible performing environment TEE initial methods and equipment | |
CN107920138B (en) | User unified identification generation method, device and system | |
CN108683679A (en) | More account login methods, device, equipment and the storage medium of Web APP | |
US20110314087A2 (en) | Communication method and apparatus | |
CN112653681B (en) | Multi-feature fusion user login access method, device and system | |
CN104811473B (en) | A kind of method, system and management system for creating virtual non-volatile storage medium | |
CN109672714A (en) | A kind of data processing method and distributed memory system of distributed memory system | |
CN108400898A (en) | The management method and device of resource in cloud data management platform | |
CN109561054A (en) | A kind of data transmission method, controller and access device | |
CN109257229A (en) | A kind of main/standby switching method and device | |
CN112448956A (en) | Authority processing method and device of short message verification code and computer equipment | |
CN114362983A (en) | Firewall policy management method and device, computer equipment and storage medium | |
CN103975567A (en) | Dual-factor authentication method and virtual machine device | |
CN105357239A (en) | Method and device for providing service, and method and device for acquiring service | |
CN109688109A (en) | The verification method and device of identifying code based on client-side information identification | |
CN109947081A (en) | Net connection control method for vehicle and device | |
CN109711193B (en) | Storage space sharing method and device | |
CN103763322A (en) | Method and device for controlling process of software and terminals | |
CN111343240A (en) | Service request processing method and device, electronic equipment and storage medium | |
KR101002765B1 (en) | Apparatus and method for downloading content using the content download server and the P2P control server | |
CN116028290A (en) | Solid state disk testing method, device, equipment and medium | |
CN105871851A (en) | SaaS-based identity authentication method | |
CN107872786B (en) | Control method and smart card | |
CN115480910A (en) | Multi-cluster resource management method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181019 |