CN109688162B - Multi-tenant database implementation method and system - Google Patents

Multi-tenant database implementation method and system Download PDF

Info

Publication number
CN109688162B
CN109688162B CN201910124100.8A CN201910124100A CN109688162B CN 109688162 B CN109688162 B CN 109688162B CN 201910124100 A CN201910124100 A CN 201910124100A CN 109688162 B CN109688162 B CN 109688162B
Authority
CN
China
Prior art keywords
user
tenant
interceptor
state
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910124100.8A
Other languages
Chinese (zh)
Other versions
CN109688162A (en
Inventor
宋伟伟
张冬霞
邵辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur General Software Co Ltd
Original Assignee
Inspur General Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur General Software Co Ltd filed Critical Inspur General Software Co Ltd
Priority to CN201910124100.8A priority Critical patent/CN109688162B/en
Publication of CN109688162A publication Critical patent/CN109688162A/en
Application granted granted Critical
Publication of CN109688162B publication Critical patent/CN109688162B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/148Migration or transfer of sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and a system for realizing multi-tenant data sub-database, belonging to the technical field of computer cloud computing, wherein a login check interceptor is used for realizing user login and sesion validity check; the user state validity check is realized by using a user state interceptor; the method comprises the steps that a tenant state interceptor is used for verifying the validity of a tenant state; data access security verification is achieved through the use of a security access interceptor. A multi-tenant data sub-database implementation system is characterized by comprising a login check interceptor, a user state interceptor, a tenant state interceptor and a security access interceptor. The invention can ensure the data isolation and safety of each tenant, makes different interceptors mutually independent, meets the requirements of login effectiveness, user state validity, tenant state normality and data access safety, and is suitable for the user access control of the SaaS system.

Description

Multi-tenant database implementation method and system
Technical Field
The invention relates to the technical field of computer cloud computing, in particular to a method and a system for realizing multi-tenant data sub-database.
Background
Multi-tenant technology (english) or multi-tenancy technology is a software architecture technology that explores how to share the same system or program components in a multi-user environment and still ensures data isolation among users.
In multi-tenant technology, a tenant (tenant) refers to a client that uses a system or computer computing resource, but in multi-tenant technology, the tenant contains all data that can be identified as a designated user in the system. The tenant is based on an application system or a computing resource developed or built by a supplier, the application system designed by the supplier can accommodate more than one user to use in the same environment, and in order to enable the environment capability of multiple users to use in the same application program and computing environment, the application program and the computing environment need to be specially designed, so that the system platform can allow multiple identical application programs to run simultaneously, and besides, the protection of the privacy and the security of tenant data is one of the keys of the multi-tenant technology.
The multi-tenant technology is one of core technologies of the SaaS application, the main research problem is the multiplexing problem of a system or an application component in a multi-tenant environment, and the key is to ensure the legality of access control of each tenant user.
Disclosure of Invention
The technical task of the invention is to provide a method and a system for realizing multi-tenant data sub-database, which can realize multi-tenant data sub-database and ensure the data isolation and safety of each tenant.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a multi-tenant data sub-database implementation method is characterized in that a login check interceptor is used for achieving user login and sessionvalidity check; the user state validity check is realized by using a user state interceptor; the method comprises the steps that a tenant state interceptor is used for verifying the validity of a tenant state; data access security verification is achieved through the use of a security access interceptor. Different interceptors are mutually independent, and the requirements of login effectiveness, user state validity, tenant state normality and data access security are met.
Preferably, the login verification interceptor verifies the access submission data, such as a user name and a password; and checking the value of the seesion to judge whether the value exists or not and whether the value is overtime.
Further, configuring a login verification interceptor AuthenticationFilter in a web.xml file in the project, wherein the login verification interceptor firstly judges the request type, namely a login request or a data access request;
when the login request is carried out, verifying the access submitted data, such as a user name, a password and the like, and returning to a login page if the verification fails;
when data access requests, the session value of the jsession field in the header in the request is checked, whether the jsession field exists or is overtime is judged, and if the jsession field does not exist or is overtime, the login page is jumped to.
Preferably, the user state interceptor checks the locking state of the user; checking whether the user information is comprehensive or not, such as a user mailbox; checking whether the user binds with the tenant; and checking whether the user performs real-name authentication.
Xml file in project, configuring user state interceptor userininfostatusfilter,
intercepting a user lock, inquiring a redis database, judging a user lock state field, and jumping to a user abnormal state reminding interface if the user is locked;
intercepting user information incompletely, inquiring a redis database, judging the user information, and jumping to a user abnormal state reminding interface if necessary information such as a user binding mailbox is incomplete;
intercepting unbound tenants of a user, inquiring a redis database, judging whether the user is bound to the tenants, and jumping to a user abnormal state reminding interface if the user is not bound to the tenants;
and (4) intercepting the user without authentication, inquiring a redis database, judging whether the user performs real-name verification, and if the user does not perform real-name authentication, jumping to a user real-name authentication interface.
Preferably, the tenant state interceptor checks the locking state of the tenant, checks the service period of the tenant, and judges whether the locking state is in the service period.
Xml file in project, configuring tenant state interceptor TenantInfoStatusFilter,
the method comprises the steps of tenant locking interception, querying a redis database, judging the locking state of a tenant where a user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface;
and (4) the tenant service is intercepted in an overdue mode, a redis database is inquired, the service period state of the tenant where the user is located is judged, and if the service period state is not in the service period, the tenant service charge continuation reminding interface is skipped to.
Preferably, the security access interceptor verifies the security of the user according to the access frequency of the user, and verifies the security of the user according to the resource consumption of the user access.
Xml file in project, configuring security access interceptor SecurityFilter,
high-frequency access interception is carried out, the access times are recorded each time a user initiates data access, and when the request times within a set time (such as within 10 minutes) of the user exceed the configuration limit of the tenant, a safe access reminding interface is skipped;
and intercepting high resource access, recording the number of resources consumed by the access function each time a user initiates data access, and jumping to a safety access reminding interface when the total number of requested resources within a specified time (such as within 10 minutes) of the user exceeds the configuration limit of the tenant.
The invention also discloses a multi-tenant data sub-database implementation system, which comprises a login check interceptor, a user state interceptor, a tenant state interceptor and a security access interceptor,
the login check interceptor checks access submitted data (such as a user name and a password), checks a segment value and judges whether the access submitted data exist or not and whether the access submitted data exceed the set value or not; the method is used for user login and session validity check;
configuring a login verification interceptor AuthenticationFilter in a web.xml file in a project, wherein the login verification interceptor firstly judges the type of a request, namely a login request or a data access request;
when the login request is carried out, verifying the access submitted data, such as a user name and a password, and returning to a login page if the verification fails;
when a data access request is made, checking the session value of a jseision field in a header in the request, judging whether the jseision field exists or overtime, and if the jsion field does not exist or the jsion field is overtime, jumping to a login page;
the user state interceptor checks the locking state of the user, checks whether the user information is comprehensive (such as a user mailbox), checks whether the user is tenant bound, checks whether the user is real-name authenticated and is used for checking the validity of the user state;
in a web.xml file in a project, configuring a user state interceptor UserInfoStatusFilter, locking and intercepting a user, inquiring a redis database, judging a user locking state field, and if the user is locked, jumping to a user abnormal state reminding interface;
intercepting user information incompletely, inquiring a redis database, judging the user information, and jumping to a user abnormal state reminding interface if necessary information such as a user binding mailbox is incomplete;
intercepting unbound tenants of a user, inquiring a redis database, judging whether the user is bound to the tenants, and jumping to a user abnormal state reminding interface if the user is not bound to the tenants;
intercepting a user without authentication, inquiring a redis database, judging whether the user performs real-name verification, and jumping to a user real-name authentication interface if the user does not perform real-name authentication;
the tenant state interceptor checks the locking state of the tenant, checks the service period of the tenant, judges whether the tenant is in the server or not and is used for checking the validity of the tenant state;
in a web.xml file in a project, configuring a tenant state interceptor TenantInfoStatusFilter, locking and intercepting a tenant, inquiring a redis database, judging the locking state of the tenant where a user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface;
the tenant service is intercepted in an overdue mode, a redis database is inquired, the service period state of a tenant where a user is located is judged, and if the service period state is not in the service period, a tenant renewal reminding interface is skipped;
the safety access interceptor is used for verifying the safety of the user according to the access frequency of the user and verifying the safety of the user according to the resource consumption of the user access, and is used for verifying the safety of data access;
xml file in project, configuring security access interceptor SecurityFilter,
high-frequency access interception is carried out, the access times are recorded each time a user initiates data access, and when the request times within the set time of the user exceed the tenant configuration limit, the user jumps to a safety access reminding interface;
and intercepting high resource access, recording the number of resources consumed by an access function each time a user initiates data access, and jumping to a safety access reminding interface when the total number of requested resources in the time specified by the user exceeds the configuration limit of the tenant.
Compared with the prior art, the multi-tenant data sub-database implementation method and the multi-tenant data sub-database implementation system have the following beneficial effects:
the method can realize database partitioning of multiple tenants, ensures data isolation and safety of each tenant, is suitable for user access control of the SaaS system, uses different interceptors to be mutually independent, and can simultaneously meet the requirements of login effectiveness, user state legality, tenant state normal shape and data access safety.
The method can realize effective control of user access through the filter principle through configuration and code logic, the realized access control increases the control capability based on the access amount and the SaaS service period, not only ensures the high efficiency of the interceptor, but also increases the safety, and meanwhile, the method and the system are loosely coupled with the SaaS product, and can be conveniently and quickly transplanted.
Drawings
FIG. 1 is a schematic diagram of a multi-tenant database implementation method of the present invention.
Detailed Description
A multi-tenant data sub-database implementation method is characterized in that a login check interceptor is used for achieving user login and sessionvalidity check; the user state validity check is realized by using a user state interceptor; the method comprises the steps that a tenant state interceptor is used for verifying the validity of a tenant state; data access security verification is achieved through the use of a security access interceptor.
The check interceptor is logged in to the network,
access submission data may be verified, e.g., username, password;
the session value can be checked to judge whether the session value exists or not and whether the session value is overtime or not;
a user status interceptor for intercepting a status of the user,
the locking state of the user can be verified;
whether the user information is comprehensive or not can be checked, such as a user mailbox;
whether the user binds with the tenant or not can be checked;
whether the user carries out real-name authentication or not can be verified;
a tenant state interceptor for intercepting a state of a tenant,
the locking state of the tenant can be checked;
the service period of the tenant can be checked to judge whether the tenant is in the service period;
a security access interceptor for intercepting a security access,
the security of the user can be verified according to the access frequency of the user;
the security of the user can be checked according to the resource consumption amount accessed by the user.
The design and the coding of the interceptor are realized by the following steps:
1. login check interceptor
Xml file in project, configuring login check interceptor, the login check interceptor first judges the request type, whether it is login request or data access request.
When the login request is made, verifying the access submitted data, such as a user name and a password, and if the verification fails, returning to a login page;
when the data access request is carried out, the session value of the jsession field in the header in the request is checked, and whether the jsession field exists or not and whether the jsession field is overtime or not are judged. And if the session does not exist or the session is overtime, jumping to a login page.
2. User state interceptor
Xml file in project, configuring login check interceptor userininfostatusfilter.
And 2.1, locking and intercepting the user. And querying a redis database, judging a user locking state field, and if the user is locked, jumping to a user abnormal state reminding interface.
And 2.2, not intercepting all the user information. And querying a redis database, judging user information, and if necessary information such as a user binding mailbox is not complete, jumping to a user abnormal state reminding interface.
And 2.3, intercepting unbound tenants of the user. And querying a redis database, judging whether the user is bound with the tenant, and if the user is not bound with the tenant, jumping to a user abnormal state reminding interface.
2.4, the user is not authenticated and intercepted. And querying a redis database, judging whether the user carries out real-name verification, and if the user does not carry out real-name authentication, jumping to a user real-name authentication interface.
3. Tenant state interceptor
Xml file in project, configure login check interceptor tenantlnfostatusfilter.
And 3.1, locking and intercepting the tenant. And querying a redis database, judging the locking state of the tenant where the user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface.
And 3.2, the tenant service is intercepted for an extended period. And querying a redis database, judging the service period state of the tenant where the user is located, and if the service period state is not in the service period, jumping to a tenant renewal reminding interface.
4. Security access interceptor
Xml file in project, configuring login check interceptor SecurityFilter.
4.1, high frequency access interception. And recording the access times each time the user initiates data access, and jumping to a safety access reminding interface when the request times of the user within 10 minutes exceed the tenant configuration limit.
4.2, high resource access interception. And recording the number of resources consumed by the access function each time the user initiates data access, and jumping to a safety access reminding interface when the total number of the requested resources in 10 minutes of the user exceeds the configuration limit of the tenant.
The logic implementation of the method is as follows:
user login unified interception rectification:
xml, this filter follows all filters.
Figure BDA0001973025610000071
Figure BDA0001973025610000081
The authentication filter kernel code is as follows:
Figure BDA0001973025610000082
Figure BDA0001973025610000091
the user state filter kernel code is as follows:
Figure BDA0001973025610000092
Figure BDA0001973025610000101
the tenant state filter core code is as follows:
Figure BDA0001973025610000102
the secure access core code is as follows:
Figure BDA0001973025610000103
Figure BDA0001973025610000111
Figure BDA0001973025610000121
a multi-tenant data sub-database implementation system comprises a login check interceptor, a user state interceptor, a tenant state interceptor and a security access interceptor,
the login check interceptor checks access submitted data (such as a user name and a password), checks a segment value and judges whether the access submitted data exist or not and whether the access submitted data exceed the set value or not; the method is used for user login and session validity check;
configuring a login verification interceptor AuthenticationFilter in a web.xml file in a project, wherein the login verification interceptor firstly judges the type of a request, namely a login request or a data access request;
when the login request is carried out, verifying the access submitted data, such as a user name and a password, and returning to a login page if the verification fails;
when a data access request is made, checking the session value of a jseision field in a header in the request, judging whether the jseision field exists or overtime, and if the jsion field does not exist or the jsion field is overtime, jumping to a login page;
the user state interceptor checks the locking state of the user, checks whether the user information is comprehensive (such as a user mailbox), checks whether the user is tenant bound, checks whether the user is real-name authenticated and is used for checking the validity of the user state;
in a web.xml file in a project, configuring a user state interceptor UserInfoStatusFilter, locking and intercepting a user, inquiring a redis database, judging a user locking state field, and if the user is locked, jumping to a user abnormal state reminding interface;
intercepting user information incompletely, inquiring a redis database, judging the user information, and jumping to a user abnormal state reminding interface if necessary information such as a user binding mailbox is incomplete;
intercepting unbound tenants of a user, inquiring a redis database, judging whether the user is bound to the tenants, and jumping to a user abnormal state reminding interface if the user is not bound to the tenants;
intercepting a user without authentication, inquiring a redis database, judging whether the user performs real-name verification, and jumping to a user real-name authentication interface if the user does not perform real-name authentication;
the tenant state interceptor checks the locking state of the tenant, checks the service period of the tenant, judges whether the tenant is in the server or not and is used for checking the validity of the tenant state;
in a web.xml file in a project, configuring a tenant state interceptor TenantInfoStatusFilter, locking and intercepting a tenant, inquiring a redis database, judging the locking state of the tenant where a user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface;
the tenant service is intercepted in an overdue mode, a redis database is inquired, the service period state of a tenant where a user is located is judged, and if the service period state is not in the service period, a tenant renewal reminding interface is skipped;
the safety access interceptor is used for verifying the safety of the user according to the access frequency of the user and verifying the safety of the user according to the resource consumption of the user access, and is used for verifying the safety of data access;
xml file in project, configuring security access interceptor SecurityFilter,
high-frequency access interception is carried out, the access times are recorded each time a user initiates data access, and when the request times within the set time of the user exceed the tenant configuration limit, the user jumps to a safety access reminding interface;
and intercepting high resource access, recording the number of resources consumed by an access function each time a user initiates data access, and jumping to a safety access reminding interface when the total number of requested resources in the time specified by the user exceeds the configuration limit of the tenant.
The present invention can be easily implemented by those skilled in the art from the above detailed description. It should be understood, however, that the intention is not to limit the invention to the particular embodiments described. On the basis of the disclosed embodiments, a person skilled in the art can combine different technical features at will, thereby implementing different technical solutions.
In addition to the technical features described in the specification, the technology is known to those skilled in the art.

Claims (6)

1. A multi-tenant data sub-database implementation method is characterized in that user login and session validity verification are achieved through a login verification interceptor; the user state validity check is realized by using a user state interceptor; the method comprises the steps that a tenant state interceptor is used for verifying the validity of a tenant state; data access security verification is achieved by using a security access interceptor;
configuring a login checking interceptor, wherein the login checking interceptor is configured,
the login verification interceptor firstly judges the request type, whether the request is a login request or a data access request;
when the login request is carried out, verifying the access submitted data, and if the verification is not passed, returning to a login page;
when a data access request is made, checking the session value of a jseision field in a header in the request, judging whether the jseision field exists or overtime, and if the jsion field does not exist or the jsion field is overtime, jumping to a login page;
configuring a user state interceptor to be used in the system,
intercepting a user lock, inquiring a redis database, judging a user lock state field, and jumping to a user abnormal state reminding interface if the user is locked;
intercepting user information incompletely, querying a redis database, judging the user information, and jumping to a user abnormal state reminding interface if the user information is necessary to be incomplete;
intercepting unbound tenants of a user, inquiring a redis database, judging whether the user is bound to the tenants, and jumping to a user abnormal state reminding interface if the user is not bound to the tenants;
intercepting a user without authentication, inquiring a redis database, judging whether the user performs real-name verification, and jumping to a user real-name authentication interface if the user does not perform real-name authentication;
configuring a tenant state interceptor, wherein the tenant state interceptor,
the method comprises the steps of tenant locking interception, querying a redis database, judging the locking state of a tenant where a user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface;
the tenant service is intercepted in an overdue mode, a redis database is inquired, the service period state of a tenant where a user is located is judged, and if the service period state is not in the service period, a tenant renewal reminding interface is skipped;
a security access interceptor is configured to,
high-frequency access interception is carried out, the access times are recorded each time a user initiates data access, and when the request times within the set time of the user exceed the tenant configuration limit, the user jumps to a safety access reminding interface;
and intercepting high resource access, recording the number of resources consumed by an access function each time a user initiates data access, and jumping to a safety access reminding interface when the total number of requested resources in the time specified by the user exceeds the configuration limit of the tenant.
2. The method and system for implementing multi-tenant data banking according to claim 1 are characterized in that a login check interceptor checks access submission data, including a user name and a password; and checking the value of the seesion to judge whether the value exists or not and whether the value is overtime.
3. The method for implementing multi-tenant data banking according to claim 1, wherein a user state interceptor verifies a locking state of a user, whether user information is comprehensive or not, whether tenant binding is performed or not, and whether real-name authentication is performed or not.
4. The method as claimed in claim 1, wherein the tenant state interceptor checks the locking state of the tenant, checks the service period of the tenant, and determines whether the tenant is in the service period.
5. The method as claimed in claim 1, wherein the security access interceptor checks the security of the database according to the access frequency of the user, and checks the security of the database according to the resource consumption of the user.
6. A multi-tenant data sub-database implementation system is characterized by comprising a login check interceptor, a user state interceptor, a tenant state interceptor and a security access interceptor,
the login verification interceptor verifies the access submitted data and the session value, and is used for verifying user login and session validity;
the user state interceptor checks the locking state of the user, checks whether the user information is comprehensive, checks whether the user is tenant bound, checks whether the user is real-name authenticated and is used for checking the validity of the user state;
the tenant state interceptor checks the locking state of the tenant, checks the service period of the tenant and is used for checking the validity of the tenant state;
the safety access interceptor is used for verifying the safety of the user according to the access frequency of the user and verifying the safety of the user according to the resource consumption of the user access, and is used for verifying the safety of data access;
configuring a login checking interceptor, wherein the login checking interceptor is configured,
the login verification interceptor firstly judges the request type, whether the request is a login request or a data access request;
when the login request is carried out, verifying the access submitted data, and if the verification is not passed, returning to a login page;
when a data access request is made, checking the session value of a jseision field in a header in the request, judging whether the jseision field exists or overtime, and if the jsion field does not exist or the jsion field is overtime, jumping to a login page;
configuring a user state interceptor to be used in the system,
intercepting a user lock, inquiring a redis database, judging a user lock state field, and jumping to a user abnormal state reminding interface if the user is locked;
intercepting user information incompletely, querying a redis database, judging the user information, and jumping to a user abnormal state reminding interface if the user information is necessary to be incomplete;
intercepting unbound tenants of a user, inquiring a redis database, judging whether the user is bound to the tenants, and jumping to a user abnormal state reminding interface if the user is not bound to the tenants;
intercepting a user without authentication, inquiring a redis database, judging whether the user performs real-name verification, and jumping to a user real-name authentication interface if the user does not perform real-name authentication;
configuring a tenant state interceptor, wherein the tenant state interceptor,
the method comprises the steps of tenant locking interception, querying a redis database, judging the locking state of a tenant where a user is located, and if the tenant is locked, jumping to a tenant abnormal state reminding interface;
the tenant service is intercepted in an overdue mode, a redis database is inquired, the service period state of a tenant where a user is located is judged, and if the service period state is not in the service period, a tenant renewal reminding interface is skipped;
a security access interceptor is configured to,
high-frequency access interception is carried out, the access times are recorded each time a user initiates data access, and when the request times within the set time of the user exceed the tenant configuration limit, the user jumps to a safety access reminding interface;
and intercepting high resource access, recording the number of resources consumed by an access function each time a user initiates data access, and jumping to a safety access reminding interface when the total number of requested resources in the time specified by the user exceeds the configuration limit of the tenant.
CN201910124100.8A 2019-02-19 2019-02-19 Multi-tenant database implementation method and system Active CN109688162B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910124100.8A CN109688162B (en) 2019-02-19 2019-02-19 Multi-tenant database implementation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910124100.8A CN109688162B (en) 2019-02-19 2019-02-19 Multi-tenant database implementation method and system

Publications (2)

Publication Number Publication Date
CN109688162A CN109688162A (en) 2019-04-26
CN109688162B true CN109688162B (en) 2021-12-21

Family

ID=66196514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910124100.8A Active CN109688162B (en) 2019-02-19 2019-02-19 Multi-tenant database implementation method and system

Country Status (1)

Country Link
CN (1) CN109688162B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245822B (en) * 2020-01-08 2023-03-14 北京小米松果电子有限公司 Remote procedure call processing method and device and computer storage medium
CN111491012B (en) * 2020-03-27 2023-05-09 北京尚医智信健康管理有限公司 SaaS multi-tenant data isolation access method and device, electronic equipment and storage medium
CN114726632B (en) * 2022-04-14 2024-04-05 广州鑫景信息科技服务有限公司 Login method, login equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102104607A (en) * 2011-03-10 2011-06-22 易程(苏州)软件股份有限公司 Method, device and system for controlling safety of service access
CN103036856A (en) * 2011-10-09 2013-04-10 镇江金软计算机科技有限责任公司 Multi-tenant system achievement based on software as a service (SAAS) application
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
US9083770B1 (en) * 2013-11-26 2015-07-14 Snapchat, Inc. Method and system for integrating real time communication features in applications
CN106878335A (en) * 2017-03-28 2017-06-20 武汉斗鱼网络科技有限公司 A kind of method and system for login authentication
CN107172038A (en) * 2017-05-11 2017-09-15 深信服科技股份有限公司 A kind of information processing method and safety service platform for being used to provide security service
CN109040066A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud security product

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102104607A (en) * 2011-03-10 2011-06-22 易程(苏州)软件股份有限公司 Method, device and system for controlling safety of service access
CN103036856A (en) * 2011-10-09 2013-04-10 镇江金软计算机科技有限责任公司 Multi-tenant system achievement based on software as a service (SAAS) application
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
US9083770B1 (en) * 2013-11-26 2015-07-14 Snapchat, Inc. Method and system for integrating real time communication features in applications
CN106878335A (en) * 2017-03-28 2017-06-20 武汉斗鱼网络科技有限公司 A kind of method and system for login authentication
CN107172038A (en) * 2017-05-11 2017-09-15 深信服科技股份有限公司 A kind of information processing method and safety service platform for being used to provide security service
CN109040066A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud security product

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《基于OpenStack的多租户数据安全保护技术研究》;袁雪波;《中国优秀硕士学位论文全文数据库》;20180315;论文第33-47页 *
《虚拟化IaaS 环境安全域与访问控制模型研究》;尹学渊等;《小型微型计算机系统》;20190131;全文 *

Also Published As

Publication number Publication date
CN109688162A (en) 2019-04-26

Similar Documents

Publication Publication Date Title
CN112073400B (en) Access control method, system, device and computing equipment
US11784823B2 (en) Object signing within a cloud-based architecture
US8904549B2 (en) Server system, control method, and storage medium for securely executing access to data of a tenant
EP1914658B1 (en) Identity controlled data center
CN111314340B (en) Authentication method and authentication platform
CN109981561A (en) Monomer architecture system moves to the user authen method of micro services framework
CN109688162B (en) Multi-tenant database implementation method and system
US20130081126A1 (en) System and method for transparent single sign-on
CN103259663A (en) User unified authentication method in cloud computing environment
CN103780580B (en) Method, server and system for providing capability access strategy
CN102479304A (en) Method, client and system for software access control
CN109446833A (en) A kind of authorization check method and electronic equipment based on educational system
CN110290150A (en) A kind of login validation method and login authentication device of Virtual Private Network VPN
CN106161348A (en) A kind of method of single-sign-on, system and terminal
CN109962892A (en) A kind of authentication method and client, server logging in application
RU2415466C1 (en) Method of controlling identification of users of information resources of heterogeneous computer network
CN106537873B (en) Establish the secure computing devices for virtualization and management
CN106936760A (en) A kind of apparatus and method of login Openstack cloud system virtual machines
KR20210015757A (en) Secure data processing
CN109359450A (en) Safety access method, device, equipment and the storage medium of linux system
EP3036674B1 (en) Proof of possession for web browser cookie based security tokens
CN101291333A (en) Controlling method of used node number by network software
CN115150154B (en) User login authentication method and related device
CN117240621B (en) Processing method and device of network request, computer readable medium and electronic equipment
US11533306B2 (en) Processes and method for safe of use, monitoring and management of device accounts in terminal manner

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211129

Address after: No. 1036, Shandong high tech Zone wave road, Ji'nan, Shandong

Applicant after: Inspur Genersoft Co.,Ltd.

Address before: 250100 No. 2877 Kehang Road, Sun Village Town, Jinan High-tech District, Shandong Province

Applicant before: SHANDONG INSPUR GENESOFT INFORMATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant