CN109376526A - Authority control method, device, electronic equipment and computer readable storage medium - Google Patents
Authority control method, device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN109376526A CN109376526A CN201811134085.7A CN201811134085A CN109376526A CN 109376526 A CN109376526 A CN 109376526A CN 201811134085 A CN201811134085 A CN 201811134085A CN 109376526 A CN109376526 A CN 109376526A
- Authority
- CN
- China
- Prior art keywords
- permission
- subtransaction
- permission grant
- message
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/466—Transaction processing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the present disclosure discloses a kind of authority control method, device, electronic equipment and computer readable storage medium, which comprises receives distributed transaction, and the distributed transaction is split as master transaction and at least one subtransaction;Permission grant operation is carried out to the master transaction;It when permission grant operational feedback permission grant success, is operated using the permission grant that message-oriented middleware executes at least one subtransaction, until permission grant success.The program can carry out the permission control of business service in conjunction with multiple dimensions, improve the scope of application of permission control.
Description
Technical field
This disclosure relates to the technical field of data processing of computer, and in particular to a kind of authority control method, device, electronics
Equipment and computer readable storage medium.
Background technique
With economic development, the continuous expansion of scope of the enterprise, business processes data volume is substantially improved, particularly with cross-region
Enterprise for, have become trend by the way of the multiple data centers of strange land come management company's data, according to the complexity of business,
It needs user to access multiple data centers and carries out business processing, however multiple data centers management be easy to cause business processing chaotic,
The case where rights management is abused.Therefore, permission system comes into being, and permission system is advised according to the safety that permission system is arranged
Then or security strategy, user is accessible and can only access oneself authorized resource.
Currently, permission system is the important component that a nearly all background management system can all be related to, it is main
Syllabus is to carry out permission control to entire background system data.Permission of the permission system for resource controls, and so-called resource is just
It is the thing that all can be authorized, for example, role, the page or interface can be resources.When by permission system to user into
When row authorization, if the permission of user's application is relatively more, a lot of other services will be called, distributed transaction will be related to,
In this case it is necessary that authorization data consistency, avoids the occurrence of the success of some permission grants, some permission grants are lost
The case where losing.The processing mode of the distributed transaction generally used is as follows: a kind of for distributed transaction is split into local matter
Scheme, data consistency is guaranteed by local message table, the program substantially avoided distributed transaction, still, local message
Table is relevant database, and relevant database in handling capacity and aspect of performance there are bottleneck, frequent message of reading and writing can give
Relevant database causes stress, so the program can have performance limitation under high concurrent scene.One kind is to be connect by calling
Scheme of the mouth to business service (the corresponding business of the i.e. above-mentioned resource) rollback for being related to distributed transaction, to business service
After authorization failure, rollback is carried out to the corresponding service authority data of distributed transaction, but the program is generally according to serial side
Formula calls a series of authorization service of business services, and when serial service is more, rollback cost is very high, and much authorization clothes
Business is difficult direct rollback, so there is very much limitation.
Summary of the invention
The embodiment of the present disclosure provides a kind of authority control method, device, electronic equipment and computer readable storage medium.
In a first aspect, providing a kind of authority control method in the embodiment of the present disclosure.
Specifically, the authority control method, comprising:
Distributed transaction is received, and the distributed transaction is split as master transaction and at least one subtransaction;
Permission grant operation is carried out to the master transaction;
When permission grant operational feedback permission grant success, at least one described son is executed using message-oriented middleware
The permission grant of affairs operates, until permission grant success.
With reference to first aspect, the disclosure is in the first implementation of first aspect, the reception distributed transaction, and
The distributed transaction is split as master transaction and at least one subtransaction, comprising:
Receive the distributed transaction;
Obtain the content-data of the distributed transaction;
According to the content-data, the distributed transaction is split as the master transaction and at least one described sub- thing
Business.
With reference to first aspect with the first implementation of first aspect, the disclosure is in second of realization side of first aspect
It is described when permission grant operational feedback permission grant success in formula, using message-oriented middleware execute it is described at least one
The permission grant of subtransaction operates, until permission grant success, comprising:
When permission grant operational feedback permission grant success, PUSH message is generated, is carried in the PUSH message
There is the corresponding permission grant label of at least one described subtransaction;
The PUSH message is pushed by the message-oriented middleware, it is corresponding with permission grant label described to trigger
At least one subtransaction executes the PUSH message, the permission grant operation of at least one subtransaction is carried out, until permission
It authorizes successfully.
Second of implementation with reference to first aspect, the disclosure are also wrapped in the third implementation of first aspect
It includes:
The state that at least one described subtransaction responds the PUSH message is recorded, is obtained comprising at least one subtransaction pair
The information consumption state table for the information consumption state answered;
The information consumption state table is monitored in real time, and processing is repeated the message of consumption.
The third implementation of second of implementation and first aspect with reference to first aspect, the disclosure is in first party
It is described that the PUSH message is pushed by the message-oriented middleware in the 4th kind of implementation in face, with triggering and the permission
At least one corresponding described subtransaction of authorization mark executes the PUSH message, carries out the permission of at least one subtransaction
Authorized operation, until permission grant success, comprising:
The PUSH message is pushed by the message-oriented middleware, it is corresponding with permission grant label described to trigger
At least one subtransaction respectively responds the PUSH message;
Permission grant operation is carried out at least one described subtransaction using local matter mode;
When permission grant operational feedback permission grant success, the PUSH message is abandoned;
When permission grant operational feedback permission grant failure, pushed away using described in message-oriented middleware reacquisition
Message is sent, and the PUSH message and the information consumption state table are compared;
When the consumption status information in the information consumption state table there are the PUSH message, and the consumption status is believed
When breath is successfully, the PUSH message is abandoned;
When the consumption status information in the information consumption state table there are the PUSH message, and the consumption status is believed
When breath is failure, the PUSH message is re-executed, carry out at least one described subtransaction non-permission grant successfully sub- thing
The permission grant of business operates, until permission grant success.
With reference to first aspect, the first implementation, second of implementation of first aspect, first party of first aspect
The third implementation in face and the 4th kind of implementation of first aspect, five kind implementation of the disclosure in first aspect
In, after the progress permission grant operation to the master transaction, further includes:
When permission grant operational feedback permission grant failure, rolling back action is carried out to the master transaction.
With reference to first aspect, the first implementation, second of implementation of first aspect, first party of first aspect
The 5th kind of implementation of the third implementation in face, the 4th kind of implementation of first aspect and first aspect, the disclosure
In the 6th kind of implementation of first aspect,
The distributed transaction includes to authorized transaction and initiating the application affairs to authorized transaction, and the master transaction is institute
Application affairs are stated, at least one described subtransaction is described to authorized transaction.
With reference to first aspect, the first implementation, second of implementation of first aspect, first party of first aspect
The third implementation in face, the 4th kind of implementation of first aspect, first aspect the 5th kind of implementation and first party
The 6th kind of implementation in face, the disclosure is in the 7th kind of implementation of first aspect, further includes:
The permission grant operation of at least one subtransaction, recording exceptional permission grant information, for retrying are monitored in real time
Permission grant uses when operating.
Second aspect provides a kind of permission control device in the embodiment of the present disclosure.
Specifically, the permission control device, comprising:
Receiving module is configured as receiving distributed transaction;
Module is split, is configured as the distributed transaction being split as master transaction and at least one subtransaction;
Authorization module is configured as carrying out the master transaction permission grant operation, and when the permission grant operates
It when feeding back permission grant success, is operated using the permission grant that message-oriented middleware executes at least one subtransaction, until power
Limit authorizes successfully.
In conjunction with second aspect, in the first implementation of second aspect, the fractionation module includes: the disclosure
Acquisition submodule is configured as obtaining the content-data of the distributed transaction;
Submodule is split, is configured as according to the content-data, the distributed transaction is split as the master transaction
With at least one described subtransaction.
In conjunction with the first of second aspect and second aspect implementation, the disclosure is in second of realization side of second aspect
In formula, the authorization module includes:
Submodule is generated, is configured as generating PUSH message when permission grant operational feedback permission grant success,
The corresponding permission grant label of at least one described subtransaction is carried in the PUSH message;
Submodule is authorized, is configured as pushing the PUSH message by the message-oriented middleware, with triggering and the power
It limits at least one corresponding described subtransaction of authorization mark and executes the PUSH message, carry out the power of at least one subtransaction
Authorized operation is limited, until permission grant success.
In conjunction with second of implementation of second aspect, the disclosure is described in the third implementation of second aspect
Permission control device further include:
Record monitors module, is configured as recording the state that at least one described subtransaction responds the PUSH message, obtain
To the information consumption state table comprising the corresponding information consumption state of at least one subtransaction;And the information consumption is monitored in real time
State table, processing are repeated the message of consumption.
In conjunction with second of implementation of second aspect and the third implementation of second aspect, the disclosure is in second party
In the 4th kind of implementation in face, the authorization submodule includes:
Submodule is pushed, is configured as pushing the PUSH message by the message-oriented middleware, with triggering and the power
At least one corresponding described subtransaction of limit authorization mark respectively responds the PUSH message;
Submodule is authorized, is configured as carrying out permission grant behaviour at least one described subtransaction using local matter mode
Make;
Submodule is abandoned, is configured as abandoning the push when permission grant operational feedback permission grant success
Message;
Acquisition submodule is configured as utilizing the message when the permission grant operational feedback permission grant fails
Middleware reacquires the PUSH message;
Submodule is compared, is configured as comparing the PUSH message and the information consumption state table;
The discarding submodule is additionally configured to when there are the consumption of the PUSH message in the information consumption state table
Status information, and when the consumption status information is successfully, abandon the PUSH message;
The authorization submodule is additionally configured to when there are the consumption of the PUSH message in the information consumption state table
Status information, and the consumption status information is when failing, to re-execute the PUSH message, carries out at least one described sub- thing
The permission grant operation of the non-successful subtransaction of permission grant in business, until permission grant success.
The first implementation, second of implementation of second aspect, second party in conjunction with second aspect, second aspect
The third implementation in face and the 4th kind of implementation of second aspect, five kind implementation of the disclosure in second aspect
In, the permission control device further include:
Roll-back module is configured as after the progress permission grant operation to the master transaction, when the permission grant
When operational feedback permission grant fails, rolling back action is carried out to the master transaction.
The first implementation, second of implementation of second aspect, second party in conjunction with second aspect, second aspect
The 5th kind of implementation of the third implementation in face, the 4th kind of implementation of second aspect and second aspect, the disclosure
In the 6th kind of implementation of second aspect,
The distributed transaction includes to authorized transaction and initiating the application affairs to authorized transaction, and the master transaction is institute
Application affairs are stated, at least one described subtransaction is described to authorized transaction.
The first implementation, second of implementation of second aspect, second party in conjunction with second aspect, second aspect
The third implementation in face, the 4th kind of implementation of second aspect, second aspect the 5th kind of implementation and second party
The 6th kind of implementation in face, the disclosure in the 7th kind of implementation of second aspect,
The permission control device further include:
Record monitors module, is configured as monitoring the permission grant operation of at least one subtransaction in real time, record different
Normal permission grant information, use when for retrying permission grant operation.
The third aspect, the embodiment of the present disclosure provide a kind of electronic equipment, including memory and processor, the memory
The computer instruction of authority control method in above-mentioned first aspect is executed for storing one or more support permission control device,
The processor is configured to for executing the computer instruction stored in the memory.The permission control device can be with
Including communication interface, for permission control device and other equipment or communication.
Fourth aspect, the embodiment of the present disclosure provide a kind of computer readable storage medium, for storing permission control dress
Computer instruction used is set, it includes be involved by permission control device for executing authority control method in above-mentioned first aspect
And computer instruction.
The technical solution that the embodiment of the present disclosure provides can include the following benefits:
Above-mentioned technical proposal, by splitting distributed transaction, to the master transaction of fractionation and at least one subtransaction
Different permission grant processing is carried out, the permission control for carrying out business service in conjunction with multiple dimensions is realized, improves permission control
The scope of application.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
In conjunction with attached drawing, by the detailed description of following non-limiting embodiment, the other feature of the disclosure, purpose and excellent
Point will be apparent.In the accompanying drawings:
Fig. 1 shows the flow chart of the authority control method according to one embodiment of the disclosure;
Fig. 2 shows the flow charts of the step S101 of the authority control method of embodiment according to Fig. 1;
Fig. 3 shows the flow chart of the step S103 of the authority control method of embodiment according to Fig. 1;
Fig. 4 shows the flow chart of the authority control method according to another embodiment of the disclosure;
Fig. 5 shows the flow chart of the authority control method according to the another embodiment of the disclosure;
Fig. 6 shows the structural block diagram of the permission control device according to one embodiment of the disclosure;
Fig. 7 shows the structural block diagram of the fractionation module 602 of the permission control device of embodiment according to Fig.6,;
Fig. 8 shows the structural block diagram of the authorization module 603 of the permission control device of embodiment according to Fig.6,;
Fig. 9 shows the structural block diagram of the permission control device according to another embodiment of the disclosure;
Figure 10 shows the structural block diagram of the authorization submodule 802 of the permission control device of embodiment according to Fig.8,;
Figure 11 shows the structural block diagram of the permission control device according to the another embodiment of the disclosure;
Figure 12 shows the structural block diagram of the electronic equipment according to one embodiment of the disclosure;
Figure 13 is adapted for the knot for realizing the computer system of the authority control method according to one embodiment of the disclosure
Structure schematic diagram.
Specific embodiment
Hereinafter, the illustrative embodiments of the disclosure will be described in detail with reference to the attached drawings, so that those skilled in the art can
Easily realize them.In addition, for the sake of clarity, the portion unrelated with description illustrative embodiments is omitted in the accompanying drawings
Point.
In the disclosure, it should be appreciated that the term of " comprising " or " having " etc. is intended to refer to disclosed in this specification
Feature, number, step, behavior, the presence of component, part or combinations thereof, and be not intended to exclude other one or more features,
A possibility that number, step, behavior, component, part or combinations thereof exist or are added.
It also should be noted that in the absence of conflict, the feature in embodiment and embodiment in the disclosure
It can be combined with each other.The disclosure is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
The technical solution that the embodiment of the present disclosure provides is by splitting distributed transaction, master transaction to fractionation and extremely
A few subtransaction carries out different permission grant processing, realizes the permission control that business service is carried out in conjunction with multiple dimensions,
Improve the scope of application of permission control.
Fig. 1 shows the flow chart of the authority control method according to one embodiment of the disclosure.As shown in Figure 1, the permission
Control method includes the following steps S101-S103:
In step s101, distributed transaction is received, and the distributed transaction is split as master transaction and at least one
Subtransaction;
In step s 102, permission grant operation is carried out to the master transaction;
In step s 103, it when permission grant operational feedback permission grant success, is executed using message-oriented middleware
The permission grant of at least one subtransaction operates, until permission grant success.
Mentioned above, permission system is the important composition portion that a nearly all background management system can all be related to
Point, main purpose is to carry out permission control to entire background system data.When being authorized by permission system to user, such as
The permission of fruit user application is relatively more, will call a lot of other services, will be related to distributed transaction, in this case
It is necessary that the case where authorization data consistency, avoids the occurrence of the success of some permission grants, some permission grants fail.Generally
A kind of scheme for distributed transaction to be split into local matter of the processing mode of the distributed transaction used, passes through local message
Table guarantees that data consistency, the program substantially avoided distributed transaction;Another kind for by calling interface to being related to being distributed
The scheme of business service (the corresponding business of i.e. above-mentioned resource) rollback of formula affairs is right after to business service authorization failure
The corresponding service authority data of distributed transaction carry out rollback.But local message table is relevant database, and relationship type number
According to library in handling capacity and aspect of performance there are bottleneck, frequent message of reading and writing can be caused stress to relevant database, so
Under high concurrent scene, the program can have performance limitation.And the scheme of rollback is a series of generally according to serial manner calling
The authorization service of business service, when serial service is more, rollback cost is very high, and many authorization services are difficult directly to return
Rolling, so there is very much limitation.
In view of drawbacks described above, in this embodiment, a kind of authority control method is proposed, this method is by will be distributed
Affairs are split, and are carried out different permission grants to the master transaction of fractionation and at least one subtransaction and are handled, realize combination
Multiple dimensions carry out the permission control of business service, improve the scope of application of permission control.
Wherein, distributed transaction is exactly the participant of self-explanatory characters' business, server, Resource Server and the affairs for supporting affairs
Manager (i.e. permission control device) is located on the different nodes of different distributed systems.Distributed transaction include to
The application affairs of authorized transaction and initiation to authorized transaction, master transaction are application affairs, at least one subtransaction is described wait award
Weigh affairs.
Wherein, permission control device can be manipulable for the entrance of employee or user right to be arranged for user,
In present embodiment, permission control device can control visitor with the permission for the terminal for having visual display devices (such as display)
Family end is communicated, in this way, user can realize employee or use by operating to the visual display devices in terminal
The setting of the permission at family.For example, user is by operation at the terminal, choosing the permissions such as role, the page and printing is employee
1 carries out permission grant, then having selected function choosing-item (i.e. above-mentioned role, the page and printing etc. in extent of competence in user
Function) after, application function button is confirmed by triggering, aforesaid operations information is sent to permission control device, triggers permission Shen
Please, the permission grant for starting to carry out above-mentioned function choosing-item operates, and the operation of entire authority setting is known as distributed transaction, function
The operation that the permission grant operation of option is known as triggering authority application to authorized transaction is known as initiating the application thing to authorized transaction
Business.In the present embodiment, due to the function that function choosing-item is chosen can be it is multiple, may be multiple to authorized transaction
Or one, i.e., in the present embodiment during permission grant, can trigger at least one wait for authorized transaction generate,
It is not limited in present embodiment while carrying out the quantity for waiting for authorized transaction when permission grant.
Wherein, permission control has resource-based permission to control, and also has the permission of based role to control.Resource-based
In permission control device, resource refers to all things that can be authorized, and a page, a data, an interface is all resource.?
In the permission control device of based role, general right access control (RBAC, the Role-Based for using based role
Access Control), in RBAC, permission is associated with role, and user obtains this by becoming the member of appropriate role
The permission of a little roles, to greatly simplifie the management of permission.In a tissue, role be in order to complete various work and
It creates, user is then assigned corresponding role according to its responsibility and qualification, and user can be easily from role's quilt
It is assigned to another role.The merging of the demand and system of role Ke Yixin and assign new permission, and permission can also be according to need
It wants and is recycled from certain role.
In an optional implementation of the present embodiment, permission control device is triggered by user's operation having received
Distributed transaction after, which is split as master transaction and at least one subtransaction, which is
Permission grant operation first is carried out to master transaction, and is that permission grant operation is carried out to master transaction using local matter mode
, permission grant operation can be successfully, it is also possible to failure, and when the feedback permission grant success of permission Authorized operation
When, characterization master transaction Authorized operation success, then the permission grant that can start to carry out at least one specific subtransaction is grasped
Make, here, permission control device can execute the permission grant operation of at least one subtransaction using message-oriented middleware, until
Permission grant success.
Wherein, permission control device use local matter mode to carry out permission grant operation specific implementation to master transaction can be with
To carry out arranging service and asynchronous recovery realization by local data base.
In an optional implementation of the present embodiment, as shown in Fig. 2, the step S101, that is, receive distributed thing
Business, and the step of distributed transaction is split as master transaction and at least one subtransaction, including step S201-S203:
In step s 201, the distributed transaction is received;
In step S202, the content-data of the distributed transaction is obtained;
In step S203, according to the content-data, the distributed transaction is split as the master transaction and described
At least one subtransaction.
In the present embodiment, permission control device can be by carrying out distributed transaction based on the difference of business tine
It splits, permission grant operation first is carried out to master transaction, then permission grant operation is carried out at least one subtransaction, and using not
A different transaction permission Authorized operation is realized in same permission grant operation, improves the flexibility and multiplicity of processing affairs
Property.
Wherein, permission control device can be obtained after receiving distributed transaction by the trigger action of distributed transaction
The content-data of distributed transaction;Wherein, content-data is the corresponding content of business;In this way, the permission control device
According to content-data, distributed transaction is split as at least one subtransaction, i.e., to authorized transaction, and is initiated to authorized transaction
Application affairs (i.e. master transaction).
In the present embodiment, permission control device can provide the power of different business (i.e. function choosing-item) for applicant
Limit, and different business may need that different service servers is called to realize, therefore can just receive distributed transaction.
Wherein, content-data can be understood as the type of business function, for example, mail service, print service, data processing
Business, role's distribution etc..
In an optional implementation of the present embodiment, as shown in figure 3, the step S103, i.e., when permission grant is grasped
When making feedback permission grant success, operated using the permission grant that message-oriented middleware executes at least one subtransaction, until permission
Authorize successful step, including step S301-S302:
In step S301, when the feedback permission grant success of permission Authorized operation, PUSH message is generated, the push disappears
The corresponding permission grant label of at least one subtransaction is carried in breath;
In step s 302, the PUSH message is pushed by the message-oriented middleware, with triggering and the permission grant
It marks at least one corresponding described subtransaction to execute the PUSH message, carries out the permission grant of at least one subtransaction
Operation, until permission grant success.
In the present embodiment, permission control device is that the permission for using message-oriented middleware to carry out at least one subtransaction is awarded
Power operation, and the persistent message function and retray function that message-oriented middleware utilizes successfully realize the power of at least one subtransaction
Limit authorization, improves the success rate of permission grant.
Wherein, message-oriented middleware is applicable in the distributed environment of reliable data transmission.Using message-oriented middleware
Permission control device in, the event of other side is activated between different affairs by transmitting message, completes corresponding operation.When
When the success of permission grant operational feedback permission grant, PUSH message is generated, PUSH message is then sent to message server, is disappeared
It ceases server and message deposit is transmitted to the corresponding business service of at least one subtransaction in several queues, then by PUSH message
Device carries out permission grant operation.Message-oriented middleware can communicate between different platform, it be often used to mask various platforms and
Characteristic between agreement realizes the collaboration between application program, and the advantage is that can provide together between client and server
Step and asynchronous connection, and can message be transmitted or be stored at any time forwarding.
In the present embodiment, when the feedback permission grant success of permission Authorized operation, permission control device triggering is generated
PUSH message, wherein the corresponding permission grant label of at least one subtransaction is carried in the PUSH message, characterization starts
Carry out the permission grant operation of at least one subtransaction;At this moment, permission control device pushes PUSH message by message-oriented middleware,
The PUSH message is executed respectively to trigger at least one subtransaction corresponding with permission grant label, carries out at least one subtransaction
Permission grant operation, using message-oriented middleware persistent message function and retray function until permission grant success.
Wherein, permission control device pushes PUSH message by message-oriented middleware, corresponding with authorization mark extremely with triggering
A few subtransaction respectively responds the PUSH message, carries out Authorized operation to each subtransaction using local matter mode, passes through
The corresponding business service of each subtransaction is called, the permission assignment of business service interface corresponding with each subtransaction is realized, awards
It weighs successfully.
Wherein, authorization mark is each subtransaction label corresponding with PUSH message at least one subtransaction, can be with
It is interpreted as the subscription identity of the PUSH message, message-oriented middleware can carry out message to service server interface by subscribing relationship
Push, i.e. message-oriented middleware push PUSH message according to authorization mark and connect to the corresponding service server of at least one subtransaction
Mouthful, to realize according to PUSH message, carry out the operation of at least one subtransaction permission grant.
Wherein, for the understanding of subscription are as follows: the message producer (publication) into topic, while having news release multiple
Message consumer's (subscription) consumes the message, and the message for being published to topic can be consumed by all subscribers.In other words, specific
A piece of news can be received by multiple consumers (herein referring at least one subtransaction), as long as consumer has subscribed some master
Topic.The message producer (publisher) sends a message to some and is known as in the virtual channel of theme (topic), and topic can be by
Multiple consumers subscribe to.
In an optional implementation of the present embodiment, as shown in figure 4, the method also includes according at least one son
The step of state of transaction response PUSH message, processing is repeated the message of consumption, i.e., as shown in figure 4, the method includes steps
Rapid S401-S402:
In step S401, the state that at least one described subtransaction responds the PUSH message is recorded, is obtained comprising extremely
The information consumption state table of few corresponding information consumption state of a subtransaction;
In step S402, the information consumption state table is monitored in real time, and processing is repeated the message of consumption.
In the present embodiment, permission control device is during carrying out at least one subtransaction by PUSH message,
Permission control device also records the consumption of message by an information consumption state table, and message is avoided to be repeated consumption,
The problem of repetitive endowment, improves the efficiency in licensing process, reduces the redundancy of data processing.
Wherein, information consumption state table, which can be, is being locally created, the number of the consumption status for recording local message
According to structure.In the present embodiment, permission control device executes PUSH message, realizes that carrying out permission at least one subtransaction awards
When power, permission grant success or not is all to be recorded, i.e. record information consumption, in this way, when identical push disappears
Breath generates again, it is desirable to when carrying out the authorization again of the same subtransaction of same subscriber, so that it may pass through information consumption state
The consumption of identical message in table, so that refusal repeats the authorization of the identical subtransaction of same subscriber.
In the present embodiment, for information consumption state table when recording PUSH message, can also record simultaneously is needle
The permission grant of which subtransaction of which user is operated.
In the present embodiment, as long as during permission control device carries out the permission grant of at least one subtransaction,
The state of at least one subtransaction response PUSH message, and also real-time monitoring information consumption status table are recorded, in real time to know
The message for being repeated consumption is found out in variation in information consumption state table, and stops to execute the message for being repeated consumption, abandons quilt
The message of Double Spending.
Wherein, nosql database realizing can be used in information consumption state table, to improve data reading speed.
Further, in an optional implementation of the present embodiment, step S302 passes through the message-oriented middleware
The PUSH message is pushed, executes the push to trigger at least one described subtransaction corresponding with permission grant label
Message carries out the permission grant operation of at least one subtransaction, until the successful step of permission grant, including following step
It is rapid:
The PUSH message is pushed by the message-oriented middleware, it is corresponding with permission grant label described to trigger
At least one subtransaction respectively responds the PUSH message;
Permission grant operation is carried out at least one described subtransaction using local matter mode;
When permission grant operational feedback permission grant success, the PUSH message is abandoned;
When permission grant operational feedback permission grant failure, pushed away using described in message-oriented middleware reacquisition
Message is sent, and the PUSH message and the information consumption state table are compared;
When the consumption status information in the information consumption state table there are the PUSH message, and the consumption status is believed
When breath is successfully, the PUSH message is abandoned;
When the consumption status information in the information consumption state table there are the PUSH message, and the consumption status is believed
When breath is failure, the PUSH message is re-executed, carry out at least one described subtransaction non-permission grant successfully sub- thing
The permission grant of business operates, until permission grant success.
Wherein, permission control device starts to use local matter side according to the PUSH message after getting PUSH message
Formula carries out permission grant operation to each subtransaction at least one subtransaction, and by pair of PUSH message and each subtransaction
It should be related to and write in information consumption state table, after the local matter of a pending complete subtransaction, if run succeeded, just abandon
The corresponding PUSH message of the subtransaction, and update consumption status letter of the PUSH message of the subtransaction in information consumption state table
Breath is successfully.And if the permission grant failure of subtransaction, then using message-oriented middleware message duration function and
Retray function, reacquires the corresponding PUSH message of a subtransaction, and by itself and in local message consumption status table should
The consumption status information of one subtransaction compares, if the PUSH message is success in information consumption state table, stops
Local matter is executed, which does not execute, and abandons this PUSH message, otherwise, it is corresponding to execute a subtransaction
Local matter until run succeeded, accomplish the idempotence of authorization service, be finally reached the consistency of business datum.
Wherein, idempotence, which refers to, repeatedly submits the user of the same operation, and interface only carries out once-through operation, that is, is directed to one
The subtransaction of a user is operated to a permission grant is carried out.Consistency refers in a distributed system, refers to multiple nodes
Data it is consistent.Herein refer to carry out permission grant operation when or all success or all failure.
In an optional implementation of the present embodiment, as shown in figure 5, after the step S102, i.e., to the master
After affairs carry out the step of permission grant operation, the method also includes step S501:
In step S501, when permission grant operational feedback permission grant failure, the master transaction is returned
Rolling operation.
In the present embodiment, in permission control device after the permission grant operation for carrying out master transaction, Ke Nengcun
Fail two kinds as a result, when permission is awarded in the success of permission grant operational feedback permission grant and permission grant operational feedback permission grant
When weighing the failure of operational feedback permission grant, permission control device carries out rolling back action to master transaction, does not just go on subsequent
The permission grant of at least one subtransaction operates, and is only likely to carry out rollback after the operation of master transaction permission grant, at it
It is not realized using rollback mode in implementation process in his authority control method, improves the efficiency of permission control.
In an optional implementation of the present embodiment, the method also includes:
The permission grant operation of at least one subtransaction, recording exceptional permission grant information, for retrying are monitored in real time
Permission grant uses when operating.
In the present embodiment, the permission of at least one subtransaction can be awarded in real time in entire authority control method
Power operation is monitored, and records the data and operation that occur in permission grant operating process, will abnormal permission grant information, supply
Use when retrying permission grant operation, can monitor the processing capacity and situation of message in this way, timely be adjusted, and improve
The availability and scalability of service.
Wherein, abnormal permission grant information may include abnormal information consumption state, and abnormal data disappear with abnormal
Cease processing capacity etc..
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.
Fig. 6 shows the structural block diagram of the permission control device according to one embodiment of the disclosure, which can be by soft
Part, hardware or both are implemented in combination with as some or all of of electronic equipment.As shown in fig. 6, the permission control dress
It sets and includes:
Receiving module 601 is configured as receiving distributed transaction;
Module 602 is split, is configured as the distributed transaction being split as master transaction and at least one subtransaction;
Authorization module 603 is configured as carrying out the master transaction permission grant operation, and when the permission grant is grasped
When making feedback permission grant success, operated using the permission grant that message-oriented middleware executes at least one subtransaction, until
Permission grant success.
Mentioned above, permission system is the important composition portion that a nearly all background management system can all be related to
Point, main purpose is to carry out permission control to entire background system data.When being authorized by permission system to user, such as
The permission of fruit user application is relatively more, will call a lot of other services, will be related to distributed transaction, in this case
It is necessary that the case where authorization data consistency, avoids the occurrence of the success of some permission grants, some permission grants fail.Generally
A kind of scheme for distributed transaction to be split into local matter of the processing mode of the distributed transaction used, passes through local message
Table guarantees that data consistency, the program substantially avoided distributed transaction;Another kind for by calling interface to being related to being distributed
The scheme of business service (the corresponding business of i.e. above-mentioned resource) rollback of formula affairs is right after to business service authorization failure
The corresponding service authority data of distributed transaction carry out rollback.But local message table is relevant database, and relationship type number
According to library in handling capacity and aspect of performance there are bottleneck, frequent message of reading and writing can be caused stress to relevant database, so
Under high concurrent scene, the program can have performance limitation.And the scheme of rollback is a series of generally according to serial manner calling
The authorization service of business service, when serial service is more, rollback cost is very high, and many authorization services are difficult directly to return
Rolling, so there is very much limitation.
In view of drawbacks described above, in this embodiment, a kind of permission control device is proposed, the device is by will be distributed
Affairs are split, and are carried out different permission grants to the master transaction of fractionation and at least one subtransaction and are handled, realize combination
Multiple dimensions carry out the permission control of business service, improve the scope of application of permission control.
Wherein, distributed transaction is exactly the participant of self-explanatory characters' business, server, Resource Server and the affairs for supporting affairs
Manager (i.e. permission control device) is located on the different nodes of different distributed systems.
In an optional implementation of the present embodiment, the distributed transaction includes to authorized transaction and initiating wait award
The application affairs of affairs are weighed, the master transaction is the application affairs, at least one described subtransaction is described to authorized transaction.
Wherein, permission control device can be manipulable for the entrance of employee or user right to be arranged for user,
In present embodiment, permission control device can control visitor with the permission for the terminal for having visual display devices (such as display)
Family end is communicated, in this way, user can realize employee or use by operating to the visual display devices in terminal
The setting of the permission at family.For example, user is by operation at the terminal, choosing the permissions such as role, the page and printing is employee
1 carries out permission grant, then having selected function choosing-item (i.e. above-mentioned role, the page and printing etc. in extent of competence in user
Function) after, application function button is confirmed by triggering, aforesaid operations information is sent to permission control device, triggers permission Shen
Please, the permission grant for starting to carry out above-mentioned function choosing-item operates, and the operation of entire authority setting is known as distributed transaction, function
The operation that the permission grant operation of option is known as triggering authority application to authorized transaction is known as initiating the application thing to authorized transaction
Business.In the present embodiment, due to the function that function choosing-item is chosen can be it is multiple, may be multiple to authorized transaction
Or one, i.e., in the present embodiment during permission grant, can trigger at least one wait for authorized transaction generate,
It is not limited in present embodiment while carrying out the quantity for waiting for authorized transaction when permission grant.
Wherein, permission control has resource-based permission to control, and also has the permission of based role to control.Resource-based
In permission control device, resource refers to all things that can be authorized, and a page, a data, an interface is all resource.?
In the permission control device of based role, general right access control (RBAC, the Role-Based for using based role
Access Control), in RBAC, permission is associated with role, and user obtains this by becoming the member of appropriate role
The permission of a little roles, to greatly simplifie the management of permission.In a tissue, role be in order to complete various work and
It creates, user is then assigned corresponding role according to its responsibility and qualification, and user can be easily from role's quilt
It is assigned to another role.The merging of the demand and system of role Ke Yixin and assign new permission, and permission can also be according to need
It wants and is recycled from certain role.
In an optional implementation of the present embodiment, the distributed transaction triggered by user's operation is being had received
Later, which is split as master transaction and at least one subtransaction, permission grant operation first is carried out to master transaction,
And it is that permission grant operation is carried out to master transaction using local matter mode, permission grant operation can be successfully,
It can be failure, and when the feedback permission grant success of permission Authorized operation, characterization master transaction Authorized operation success, then just
The permission grant that can start to carry out at least one specific subtransaction operates, here it is possible to be executed using message-oriented middleware
The permission grant of at least one subtransaction operates, until permission grant success.
Wherein, using local matter mode to carry out permission grant operation specific implementation to master transaction can be for by local number
Arranging service is carried out according to library and asynchronous recovery is realized.
In an optional implementation of the present embodiment, as shown in fig. 7, the fractionation module 602 includes:
Acquisition submodule 701 is configured as obtaining the content-data of the distributed transaction;
Submodule 702 is split, is configured as according to the content-data, the distributed transaction is split as described take charge
Business and at least one described subtransaction.
It in the present embodiment, can be by being split to distributed transaction based on the difference of business tine, first to master
Affairs carry out permission grant operation, then carry out permission grant operation at least one subtransaction, and award using different permissions
A different transaction permission Authorized operation is realized in power operation, improves the flexibility and diversity of processing affairs.
Wherein, after receiving distributed transaction, distributed transaction can be obtained by the trigger action of distributed transaction
Content-data;Wherein, content-data is the corresponding content of business;In this way, this can be according to content-data, by distributed transaction
It is split as at least one subtransaction, i.e., to authorized transaction, and initiates the application affairs (i.e. master transaction) to authorized transaction.
In the present embodiment, the permission of different business (i.e. function choosing-item) can be provided for applicant, and different industry
Business may need that different service servers is called to realize, therefore can just receive distributed transaction.
Wherein, content-data can be understood as the type of business function, for example, mail service, print service, data processing
Business, role's distribution etc..
In an optional implementation of the present embodiment, as shown in figure 8, the authorization module 603 includes:
Submodule 801 is generated, is configured as generating push when permission grant operational feedback permission grant success and disappearing
It ceases, the corresponding permission grant label of at least one described subtransaction is carried in the PUSH message;
Authorize submodule 802, be configured as pushing the PUSH message by the message-oriented middleware, with triggering with it is described
At least one corresponding described subtransaction of permission grant label executes the PUSH message, carries out at least one subtransaction
Permission grant operation, until permission grant success.
In the present embodiment, be the permission grant of at least one subtransaction is carried out using message-oriented middleware to operate, and
Persistent message function and retray function that message-oriented middleware utilizes successfully realize the permission grant of at least one subtransaction, improve
The success rate of permission grant.
Wherein, message-oriented middleware is applicable in the distributed environment of reliable data transmission.Using message-oriented middleware
Permission control device in, the event of other side is activated between different affairs by transmitting message, completes corresponding operation.When
When the success of permission grant operational feedback permission grant, PUSH message is generated, PUSH message is then sent to message server, is disappeared
It ceases server and message deposit is transmitted to the corresponding business service of at least one subtransaction in several queues, then by PUSH message
Device carries out permission grant operation.Message-oriented middleware can communicate between different platform, it be often used to mask various platforms and
Characteristic between agreement realizes the collaboration between application program, and the advantage is that can provide together between client and server
Step and asynchronous connection, and can message be transmitted or be stored at any time forwarding.
In the present embodiment, when the feedback permission grant success of permission Authorized operation, triggering generates PUSH message,
In, the corresponding permission grant label of at least one subtransaction is carried in the PUSH message, characterization starts to carry out at least one
The permission grant of a subtransaction operates;At this moment, PUSH message is pushed by message-oriented middleware, with triggering and permission grant label pair
At least one subtransaction answered executes the PUSH message respectively, the permission grant operation of at least one subtransaction is carried out, using disappearing
The persistent message function and retray function for ceasing middleware are until permission grant success.
Wherein, PUSH message is pushed by message-oriented middleware, to trigger at least one subtransaction corresponding with authorization mark
The PUSH message is respectively responded, Authorized operation is carried out to each subtransaction using local matter mode, by calling every sub- thing
It is engaged in corresponding business service, realizes the permission assignment of business service interface corresponding with each subtransaction, authorize successfully.
Wherein, authorization mark is each subtransaction label corresponding with PUSH message at least one subtransaction, can be with
It is interpreted as the subscription identity of the PUSH message, message-oriented middleware can carry out message to service server interface by subscribing relationship
Push, i.e. message-oriented middleware push PUSH message according to authorization mark and connect to the corresponding service server of at least one subtransaction
Mouthful, to realize according to PUSH message, carry out the operation of at least one subtransaction permission grant.
Wherein, for the understanding of subscription are as follows: the message producer (publication) into topic, while having news release multiple
Message consumer's (subscription) consumes the message, and the message for being published to topic can be consumed by all subscribers.In other words, specific
A piece of news can be received by multiple consumers (herein referring at least one subtransaction), as long as consumer has subscribed some master
Topic.The message producer (publisher) sends a message to some and is known as in the virtual channel of theme (topic), and topic can be by
Multiple consumers subscribe to.
In an optional implementation of the present embodiment, as shown in figure 9, the permission control device further include:
Record monitors module 901, is configured as recording the state that at least one described subtransaction responds the PUSH message,
Obtain the information consumption state table comprising the corresponding information consumption state of at least one subtransaction;And the message is monitored in real time and is disappeared
Take state table, processing is repeated the message of consumption.
In the present embodiment, during carrying out at least one subtransaction by PUSH message, one can also be passed through
The problem of a information consumption state table records the consumption of message, and message is avoided to be repeated consumption, repetitive endowment, improves
Efficiency in licensing process reduces the redundancy of data processing.
Wherein, information consumption state table, which can be, is being locally created, the number of the consumption status for recording local message
According to structure.In the present embodiment, PUSH message is executed, when realization at least one subtransaction progress permission grant, power
Limit authorization success or not is all to be recorded, i.e. record information consumption, in this way, when identical PUSH message generates again,
When wanting to carry out the authorization again of the same subtransaction of same subscriber, so that it may be disappeared by identical in information consumption state table
The consumption of breath, so that refusal repeats the authorization of the identical subtransaction of same subscriber.
In the present embodiment, for information consumption state table when recording PUSH message, can also record simultaneously is needle
The permission grant of which subtransaction of which user is operated.
In the present embodiment, during the permission grant for carrying out at least one subtransaction, at least one is recorded in real time
Subtransaction responds the state of PUSH message, and also real-time monitoring information consumption status table, to know in information consumption state table
Variation, find out the message for being repeated consumption, and stop to execute and be repeated the message of consumption, abandon the message for being repeated consumption.
Wherein, nosql database realizing can be used in information consumption state table, to improve data reading speed.
In an optional implementation of the present embodiment, as shown in Figure 10, the authorization submodule 802 includes:
Submodule 1001 is pushed, is configured as pushing the PUSH message by the message-oriented middleware, with triggering and institute
It states at least one corresponding described subtransaction of permission grant label and respectively responds the PUSH message;
Submodule 1002 is authorized, is configured as awarding at least one described subtransaction progress permission using local matter mode
Power operation;
Submodule 1003 is abandoned, is configured as when permission grant operational feedback permission grant success, described in discarding
PUSH message;
Acquisition submodule 1004 is configured as when the permission grant operational feedback permission grant fails, using described
Message-oriented middleware reacquires the PUSH message;
Submodule 1005 is compared, is configured as comparing the PUSH message and the information consumption state table;
The discarding submodule 1003 is additionally configured to when there are the PUSH messages in the information consumption state table
Consumption status information, and when the consumption status information is successfully, abandon the PUSH message;
The authorization submodule 1002 is additionally configured to when there are the PUSH messages in the information consumption state table
Consumption status information, and when the consumption status information is failure, re-executes the PUSH message, carry out it is described at least one
The permission grant operation of the non-successful subtransaction of permission grant in subtransaction, until permission grant success.
Wherein, after getting PUSH message, start according to the PUSH message using local matter mode at least one
Each subtransaction in subtransaction carries out permission grant operation, and the corresponding relationship of PUSH message and each subtransaction is write on and is disappeared
It ceases in consumption status table, after the local matter of a pending complete subtransaction, if run succeeded, it is corresponding just to abandon the subtransaction
PUSH message, and updating consumption status information of the PUSH message of the subtransaction in information consumption state table is successfully.And
If the permission grant failure of a subtransaction, then utilize message-oriented middleware message duration function and retray function, weight
Newly obtain the corresponding PUSH message of a subtransaction, and by itself and the subtransaction in local message consumption status table
Consumption status information compares, if the PUSH message is success in information consumption state table, stops executing local matter,
One subtransaction does not execute, and abandons this PUSH message, otherwise, execute the corresponding local matter of a subtransaction until
It runs succeeded, accomplishes the idempotence of authorization service, be finally reached the consistency of business datum.
Wherein, idempotence, which refers to, repeatedly submits the user of the same operation, and interface only carries out once-through operation, that is, is directed to one
The subtransaction of a user is operated to a permission grant is carried out.Consistency refers in a distributed system, refers to multiple nodes
Data it is consistent.Herein refer to carry out permission grant operation when or all success or all failure.
In an optional implementation of the present embodiment, as shown in figure 11, the permission control device further include:
Roll-back module 1101 is configured as after the progress permission grant operation to the master transaction, when the permission
When Authorized operation feeds back permission grant failure, rolling back action is carried out to the master transaction.
In the present embodiment, after the permission grant operation for carrying out master transaction, it is understood that there may be permission grant operation
It feeds back permission grant success and permission grant operational feedback permission grant fails two kinds as a result, when permission Authorized operation feeds back permission
When authorization failure, rolling back action is carried out to master transaction, does not just go on the permission grant behaviour of at least one subsequent subtransaction
Make, be only likely to carry out rollback after the operation of master transaction permission grant, is not that arbitrary process all uses rollback mode real
It is existing, to improve the efficiency of permission control.
In an optional implementation of the present embodiment, the record monitors module, is configured as described in monitoring in real time
The permission grant of at least one subtransaction operates, recording exceptional permission grant information, use when for retrying permission grant operation.
In the present embodiment, can in real time at least one subtransaction permission grant operation be monitored, record
The data and operation occurred in permission grant operating process, will abnormal permission grant information, when for retrying permission grant operation
Use, the processing capacity and situation of message can be monitored in this way, be timely adjusted, improve service availability and can
Retractility.
Wherein, abnormal permission grant information may include abnormal information consumption state, and abnormal data disappear with abnormal
Cease processing capacity etc..
The disclosure also discloses a kind of electronic equipment, and Figure 12 shows the knot of the electronic equipment according to one embodiment of the disclosure
Structure block diagram, as shown in figure 12, the electronic equipment 1200 include memory 1201 and processor 1202;Wherein,
The memory 1201 is for storing one or more computer instruction, wherein one or more computer
Instruction is executed by the processor 1202 to realize any of the above-described method and step.
Figure 13 is suitable for being used to realizing that the structure of the computer system of the authority control method according to disclosure embodiment is shown
It is intended to.
As shown in figure 13, computer system 1300 include central processing unit (CPU) 1301, can according to be stored in only
It reads the program in memory (ROM) 1302 or is loaded into random access storage device (RAM) 1303 from storage section 1308
Program and execute the various processing in above embodiment.In RAM1303, be also stored with system 1300 operate it is required various
Program and data.CPU1301, ROM1302 and RAM1303 are connected with each other by bus 1304.Input/output (I/O) interface
1305 are also connected to bus 1304.
I/O interface 1305 is connected to lower component: the importation 1306 including keyboard, mouse etc.;Including such as cathode
The output par, c 1307 of ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section including hard disk etc.
1308;And the communications portion 1309 of the network interface card including LAN card, modem etc..Communications portion 1309 passes through
Communication process is executed by the network of such as internet.Driver 1310 is also connected to I/O interface 1305 as needed.It is detachable to be situated between
Matter 1311, such as disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 1310, so as to
In being mounted into storage section 1308 as needed from the computer program read thereon.
Particularly, according to embodiment of the present disclosure, method as described above may be implemented as computer software programs.
For example, embodiment of the present disclosure includes a kind of computer program product comprising be tangibly embodied in and its readable medium on
Computer program, the computer program includes program code for executing the authority control method.In such reality
It applies in mode, which can be downloaded and installed from network by communications portion 1309, and/or is situated between from detachable
Matter 1311 is mounted.
Flow chart and block diagram in attached drawing illustrate system, method and computer according to the various embodiments of the disclosure
The architecture, function and operation in the cards of program product.In this regard, each box in course diagram or block diagram can be with
A part of a module, section or code is represented, a part of the module, section or code includes one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong
The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer
The combination of order is realized.
Being described in unit or module involved in disclosure embodiment can be realized by way of software, can also
It is realized in a manner of through hardware.Described unit or module also can be set in the processor, these units or module
Title do not constitute the restriction to the unit or module itself under certain conditions.
As on the other hand, the disclosure additionally provides a kind of computer readable storage medium, the computer-readable storage medium
Matter can be computer readable storage medium included in device described in above embodiment;It is also possible to individualism,
Without the computer readable storage medium in supplying equipment.Computer-readable recording medium storage has one or more than one journey
Sequence, described program is used to execute by one or more than one processor is described in disclosed method.
Above description is only the preferred embodiment of the disclosure and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the disclosure, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed in the disclosure
Can technical characteristic replaced mutually and the technical solution that is formed.
Claims (10)
1. a kind of authority control method characterized by comprising
Distributed transaction is received, and the distributed transaction is split as master transaction and at least one subtransaction;
Permission grant operation is carried out to the master transaction;
When permission grant operational feedback permission grant success, at least one described subtransaction is executed using message-oriented middleware
Permission grant operation, until permission grant success.
2. the method according to claim 1, wherein the reception distributed transaction, and by the distributed thing
Business is split as master transaction and at least one subtransaction, comprising:
Receive the distributed transaction;
Obtain the content-data of the distributed transaction;
According to the content-data, the distributed transaction is split as the master transaction and at least one described subtransaction.
3. method according to claim 1 or 2, which is characterized in that described when the permission grant operational feedback permission is awarded
When weighing successfully, operated using the permission grant that message-oriented middleware executes at least one subtransaction, until permission grant success,
Include:
When permission grant operational feedback permission grant success, PUSH message is generated, is carried in the PUSH message
State the corresponding permission grant label of at least one subtransaction;
Push the PUSH message by the message-oriented middleware, with trigger it is corresponding with permission grant label described at least
One subtransaction executes the PUSH message, the permission grant operation of at least one subtransaction is carried out, until permission grant
Success.
4. according to the method described in claim 3, it is characterized by further comprising:
The state that at least one described subtransaction responds the PUSH message is recorded, is obtained corresponding comprising at least one subtransaction
The information consumption state table of information consumption state;
The information consumption state table is monitored in real time, and processing is repeated the message of consumption.
5. a kind of permission control device characterized by comprising
Receiving module is configured as receiving distributed transaction;
Module is split, is configured as the distributed transaction being split as master transaction and at least one subtransaction;
Authorization module is configured as carrying out the master transaction permission grant operation, and works as the permission grant operational feedback
It when permission grant success, is operated using the permission grant that message-oriented middleware executes at least one subtransaction, until permission is awarded
It weighs successfully.
6. device according to claim 5, which is characterized in that the fractionation module includes:
Acquisition submodule is configured as obtaining the content-data of the distributed transaction;
Submodule is split, is configured as according to the content-data, the distributed transaction is split as the master transaction and institute
State at least one subtransaction.
7. device according to claim 5 or 6, which is characterized in that the authorization module includes:
Submodule is generated, is configured as generating PUSH message when permission grant operational feedback permission grant success, it is described
The corresponding permission grant label of at least one described subtransaction is carried in PUSH message;
Submodule is authorized, is configured as pushing the PUSH message by the message-oriented middleware, be awarded with triggering with the permission
At least one corresponding described subtransaction of token note executes the PUSH message, and the permission for carrying out at least one subtransaction is awarded
Power operation, until permission grant success.
8. device according to claim 7, which is characterized in that the permission control device further include:
Record monitors module, is configured as recording the state that at least one described subtransaction responds the PUSH message, be wrapped
The information consumption state table of the corresponding information consumption state containing at least one subtransaction;And the information consumption state is monitored in real time
Table, processing are repeated the message of consumption.
9. a kind of electronic equipment, which is characterized in that including memory and processor;Wherein,
The memory is for storing one or more computer instruction, wherein one or more computer instruction is by institute
Processor is stated to execute to realize the described in any item method and steps of claim 1-4.
10. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that the computer instruction quilt
Claim 1-4 described in any item method and steps are realized when processor executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811134085.7A CN109376526A (en) | 2018-09-27 | 2018-09-27 | Authority control method, device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811134085.7A CN109376526A (en) | 2018-09-27 | 2018-09-27 | Authority control method, device, electronic equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109376526A true CN109376526A (en) | 2019-02-22 |
Family
ID=65402108
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811134085.7A Pending CN109376526A (en) | 2018-09-27 | 2018-09-27 | Authority control method, device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109376526A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202819A (en) * | 2020-12-02 | 2021-01-08 | 成都掌控者网络科技有限公司 | Distributed control authority method and device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010021928A1 (en) * | 2000-01-07 | 2001-09-13 | Ludwig Heiko H. | Method for inter-enterprise role-based authorization |
| CN103312549A (en) * | 2013-06-26 | 2013-09-18 | 华为技术有限公司 | Transaction management method, device and system |
| CN105824842A (en) * | 2015-01-07 | 2016-08-03 | 阿里巴巴集团控股有限公司 | Distributed transaction processing method and system |
| CN106383737A (en) * | 2016-09-09 | 2017-02-08 | 浪潮软件股份有限公司 | Distributed transaction processing method |
| CN106775959A (en) * | 2016-12-06 | 2017-05-31 | 上海亿账通互联网科技有限公司 | Distributed transaction processing method and system |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN108519918A (en) * | 2018-03-14 | 2018-09-11 | 广东能龙教育股份有限公司 | Distributed transaction processing method based on transaction chain |
-
2018
- 2018-09-27 CN CN201811134085.7A patent/CN109376526A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010021928A1 (en) * | 2000-01-07 | 2001-09-13 | Ludwig Heiko H. | Method for inter-enterprise role-based authorization |
| CN103312549A (en) * | 2013-06-26 | 2013-09-18 | 华为技术有限公司 | Transaction management method, device and system |
| CN105824842A (en) * | 2015-01-07 | 2016-08-03 | 阿里巴巴集团控股有限公司 | Distributed transaction processing method and system |
| CN106383737A (en) * | 2016-09-09 | 2017-02-08 | 浪潮软件股份有限公司 | Distributed transaction processing method |
| CN106775959A (en) * | 2016-12-06 | 2017-05-31 | 上海亿账通互联网科技有限公司 | Distributed transaction processing method and system |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN108519918A (en) * | 2018-03-14 | 2018-09-11 | 广东能龙教育股份有限公司 | Distributed transaction processing method based on transaction chain |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202819A (en) * | 2020-12-02 | 2021-01-08 | 成都掌控者网络科技有限公司 | Distributed control authority method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1244966B1 (en) | Method and apparatus for managing information related to storage activities of data storage systems | |
| US5390316A (en) | Multicomputer complex having a distributed shared memory system for providing a single system view from multiple consoles | |
| KR101021399B1 (en) | Method and apparatus for maintaining consistency of a shared space across multiple endpoints in a peer-to-peer collaborative computer system | |
| US7454751B2 (en) | Fault-tolerant system and methods with trusted message acknowledgement | |
| CN101416208B (en) | The set on the scene of managing rich | |
| US8418191B2 (en) | Application flow control apparatus | |
| JPH06214967A (en) | Decentralized data processing system | |
| EP0467546A2 (en) | Distributed data processing systems | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| US20070156884A1 (en) | High availability for event forwarding | |
| CN109343941A (en) | Task processing method, device, electronic equipment and computer readable storage medium | |
| JPH10187639A (en) | High-availability computer server system | |
| US20060288037A1 (en) | Queued system event notification and maintenance | |
| US7707585B2 (en) | Method, system, and program product for monitoring message flow in a message queuing system | |
| US20030158883A1 (en) | Message processing | |
| CN111858007A (en) | Task scheduling method and device based on message middleware | |
| EP0398649B1 (en) | Remote interrupt processing | |
| CN111555957A (en) | Kafka-based synchronous message service system and implementation method | |
| CN101556683A (en) | Financial service system and implementation method | |
| CN101378329A (en) | Distributed business operation support system and method for implementing distributed business | |
| CN106686077A (en) | System and method for processing network requests across double-layer proxies of data centers in computer rooms | |
| CN109376526A (en) | Authority control method, device, electronic equipment and computer readable storage medium | |
| JPH04271453A (en) | Composite electronic computer | |
| CN111835809B (en) | Work order message distribution method, work order message distribution device, server and storage medium | |
| US6421721B1 (en) | Controlling device access in a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190222 |