CN109828852B - Authority management method, device, system, equipment and readable storage medium - Google Patents
Authority management method, device, system, equipment and readable storage medium Download PDFInfo
- Publication number
- CN109828852B CN109828852B CN201910063016.XA CN201910063016A CN109828852B CN 109828852 B CN109828852 B CN 109828852B CN 201910063016 A CN201910063016 A CN 201910063016A CN 109828852 B CN109828852 B CN 109828852B
- Authority
- CN
- China
- Prior art keywords
- client
- broker
- information
- authorization server
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims description 43
- 238000000034 method Methods 0.000 claims abstract description 54
- 238000013475 authorization Methods 0.000 claims description 123
- 238000004519 manufacturing process Methods 0.000 claims description 34
- 238000004891 communication Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 abstract description 33
- 230000008569 process Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 6
- 238000002955 isolation Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method, a device, a system, equipment and a readable storage medium for managing authority, wherein the method can comprise the following steps: receiving a message request sent by a client, wherein the message request comprises identification information of the client; acquiring the authority information of the client from the cache of the Broker according to the identification information of the client; and authenticating the client according to the authority information corresponding to the client. Thus, the accuracy of message processing can be improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method, an apparatus, a system, a device, and a readable storage medium for rights management.
Background
The message system has the following traditional functional characteristics: asynchronous decoupling of calling among systems, reduction of complexity of the systems, peak clipping and valley filling of flow, convenience for flexible expansion of service, easiness for realization of a final consistency system, avoidance of influence of distributed transactions on performance, support of a P2P (point-to-point calling) mode and a pub/sub (publish/subscribe) mode, reduction of multiple times of calling of Remote Procedure Call (RPC) and the like. At present, the system is widely used in Internet enterprises, and various business systems have the shadows. In addition, with the rapid growth of services, synchronous transmission of a large amount of data is required inside an enterprise, applications such as streaming computing and the like need to be supported by a very stable and efficient transmission channel, and a message system plays an important role therein.
The processing of messages in a messaging system typically involves multiple processing parties, such as a message producer, a message consumer, and so on, and distinguishing between different processing parties is an important aspect in the processing of messages.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a system, a device and a readable storage medium for managing a right, so as to improve accuracy of message processing. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a rights management method, applied to a Broker in a message system, including:
receiving a message request sent by a client, wherein the message request comprises identification information of the client;
acquiring the authority information of the client from the cache of the Broker according to the identification information of the client;
and authenticating the client according to the authority information corresponding to the client.
Optionally, the authority information stored in the cache of the Broker is obtained from a database corresponding to the authorization server.
Optionally, the method for acquiring the permission information stored in the cache of the Broker includes:
when a preset time interval is reached, sending a query instruction to the authorization server so that the authorization server acquires the authority information to be cached, which is stored in the preset time interval, according to the query instruction;
receiving the permission information to be cached sent by the authorization server;
and storing the authority information to be cached to the cache of the Broker.
Optionally, the identification information of the client includes client attribute information for distinguishing whether the client is a producer or a consumer.
Optionally, the authority information corresponding to the client is a random character string Token.
In a second aspect, an embodiment of the present invention provides a rights management apparatus, applied to a Broker in a messaging system, including:
the first receiving module is used for receiving a message request sent by a client, wherein the message request comprises identification information of the client;
the acquisition module is used for acquiring the authority information of the client from the cache of the Broker according to the identification information of the client;
and the authentication module is used for authenticating the client according to the authority information corresponding to the client.
Optionally, the authority information stored in the cache of the Broker is obtained from a database corresponding to the authorization server.
Optionally, the apparatus further comprises:
the sending module is used for sending a query instruction to the authorization server when a preset time interval is reached so that the authorization server can obtain the authority information to be cached, which is stored in the preset time interval, according to the query instruction;
the second receiving module is used for receiving the permission information to be cached sent by the authorization server;
and the storage module is used for storing the permission information to be cached to the cache of the Broker.
In a third aspect, an embodiment of the present invention provides a message system, including: the system comprises a client, an authorization server and a Broker; wherein,
the authorization server is used for storing the authority information of each client into a database corresponding to the authorization server;
when a preset time interval is reached, the Broker sends a query instruction to the authorization server;
the authorization server receives the query instruction; acquiring the permission information to be cached stored in the database within the preset time interval from the database according to the query instruction; determining whether the Broker has the authority to acquire the authority information to be cached; when the Broker is determined to have the authority to acquire the authority information to be cached, the authority information to be cached is sent to the Broker;
the Broker receives the authority information to be cached sent by the authorization server; and storing the authority information to be cached to the cache of the Broker.
The client sends a message request to the Broker, wherein the message request comprises identification information of the client;
the Broker receives the message request sent by the client; acquiring the authority information of the client from the cache of the Broker according to the identification information of the client; and authenticating the client according to the authority information corresponding to the client.
In a fourth aspect, an embodiment of the present invention provides a rights management device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
the memory is used for storing a computer program;
the processor is configured to implement the method steps of the first aspect when executing the program stored in the memory.
In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the method steps of the first aspect described above.
In yet another aspect of the present invention, the present invention further provides a computer program product containing instructions, which when executed on a computer, causes the computer to perform the method steps of the first aspect.
The method, the device, the system, the equipment and the readable storage medium for managing the authority can receive a message request sent by a client, wherein the message request comprises identification information of the client; acquiring the authority information of the client from the cache of the Broker according to the identification information of the client; and authenticating the client according to the authority information corresponding to the client. In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic structural diagram of a message system according to an embodiment of the present invention;
fig. 2 is another schematic structural diagram of a message system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a rights management method according to an embodiment of the invention;
FIG. 4 is another flowchart of a rights management method according to an embodiment of the invention;
FIG. 5 is another flowchart of a rights management method according to an embodiment of the invention;
FIG. 6 is a schematic structural diagram of a rights management device according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of another structure of a rights management device according to an embodiment of the invention;
fig. 8 is a schematic structural diagram of a rights management device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an authorization server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
The existing message system has no centralized authority management and cannot support the authority isolation at the client level. In the message system, a cluster is generally formed by a plurality of devices to perform message processing, a Consumer Group can be formed by a plurality of devices at a production end, and a Producer Group can be formed by a plurality of devices at a consumption end. The existing message system can not support the authority isolation of Consumer Group and Producer Group levels. All the clients look the same at the Broker end and cannot be distinguished and authenticated effectively, that is, the Broker end cannot distinguish whether the client is a production end or a consumption end, and the like, and further there is no way to distinguish different authorities for different clients.
Thus, the accuracy of message processing may be affected. For example, in the process of message delivery, when the Broker is to send a message to the producer, it may not be able to distinguish which client is the producer and which client is the consumer, which may result in that the message cannot be accurately delivered to the producer in a targeted manner.
The method aims to solve the problem that no central authority management exists in the existing message system, and the message system can support authority isolation of a pipeline, a Producer Group and a Consumer Group. The embodiment of the invention provides a method, a device, a system, equipment and a readable storage medium for managing authority. In order to more clearly understand the scheme of the embodiment of the present invention, first, a detailed description is given below of a message system provided in the embodiment of the present invention.
An embodiment of the present invention provides a message system, as shown in fig. 1, including: an authorization server 102, a client 101, and a Broker 103.
The front end determines the authority information of each client. The front end may be the Web (Web page).
As shown in fig. 2, a user such as an administrator generates authority information of each client via the Web. Specifically, the method creates the Topic and a production group and a consumption group through a webpage, wherein the production group can comprise a plurality of production ends, the consumption group can comprise a plurality of consumption ends, and the Topic can comprise a plurality of theme types.
In one implementation, different groups may have different permissions. For example, the production end in the production group has the authority 1 corresponding to the production group, and the consumption end in the consumption group has the authority 2 corresponding to the consumption group.
Therefore, the authority information corresponding to the production group and the authority information corresponding to the consumption group can be respectively determined.
Or, each client in different groups may have different rights respectively. For example, each production end in the production group may have different authorities, and each consumption end in the consumption group may have different authorities.
Therefore, the authority information corresponding to each production end in the production end and the authority information corresponding to each consumption end in the consumption group can be determined.
Specifically, Token corresponding to each client may be generated, where Token is a random character string, and for each client, Token corresponding to the client is a unique random character string corresponding to the client, and may be used to distinguish the client from other clients.
The authorization server 102 stores the authority information of each client in a database corresponding to the authorization server 102.
Authorization server 102 may be understood as a module responsible for issuing and scheduling rights information.
Specifically, the authorization server 102 may be an AuthServer.
The authorization server 102 stores the determined authority information of each client in a database corresponding to the authorization server 102. Such as a Database (DB).
The authority information corresponding to the client is a random character string Token.
Specifically, the generated clients may be saved in correspondence with tokens of the clients. The Token corresponding to the client can be correspondingly stored through the identification information of the client. The identification information of the client may include client attribute information for distinguishing whether the client is a producer or a consumer.
In an implementation manner, only whether the client is the production side or the consumption side is distinguished, and the identification information of the client may only include the client attribute information. If the client is a production end, the client attribute information may be information for marking the client as a production end; when the client is a consumer, the client attribute information may be information that marks the client as a consumer.
In another implementation manner, not only can the client be distinguished as the production side or the consumption side, but also the client can be further distinguished as a specific production side in a production group or a specific consumption side in a consumption group, and the identification information of the client includes, in addition to the client attribute information, information for distinguishing which production side the client is specific when the client is the production side; or information for distinguishing which client is specific to the client when the client is the consumer. Specifically, it may be a server name, number, or the like of the client.
When the preset time interval is reached, the Broker103 sends a query instruction to the authorization server 102.
The preset time interval may be determined according to actual requirements. In one implementation, to avoid frequent interaction of the Broker with the authorization server, a preset time interval with a relatively large value may be set, such as 5 minutes, 10 minutes, and so on.
The Broker103 is the most central part of the messaging system and is responsible for storing, forwarding, etc. messages.
The authorization server 102 receives the query instruction; acquiring authority information to be cached, which is stored in a database within a preset time interval, from the database according to the query instruction; determining whether the Broker has the authority to acquire the authority information to be cached; and when determining that the Broker has the authority to acquire the authority information to be cached, sending the authority information to be cached to the Broker.
The Broker103 receives the authority information to be cached sent by the authorization server 102; and storing the authority information to be cached in the cache of the Broker 103.
The Broker103 periodically queries the authorization server 102 and caches the authority information stored by the authorization server 102 during a preset time interval to the local Broker 103.
The Broker103 stores the received rights information to be cached in a cache. The permission information to be cached is the permission information that is obtained by the authorization server 102 and stored in the database during the preset time interval. Therefore, the client side can be subjected to authority management according to the authority information stored to the cache.
The client 101 sends a message request to the Broker 103. The message request includes identification information of the client.
The Broker103 receives a message request sent by the client; acquiring the authority information of the client from the cache of the Broker103 according to the identification information of the client; and authenticating the client according to the authority information corresponding to the client.
The authority information is obtained from a database corresponding to the authorization server 102 through the authorization server 102 and is stored in a cache.
During the process that the client establishes connection with the Broker103 to perform production and consumption, the Broker103 performs Authentication (Authorization) and Authorization (Authorization) on the client through the authority information in the local cache.
The authentication of the client is performed according to the authority information corresponding to the client, which can also be understood as determining whether the client has authority to execute the operation in the message request, and if so, the authorization can be understood as passing through the message request process of the client. Thus, the operation is executed aiming at the client, and the authority management aiming at the client in the message system is realized.
In the embodiment of the present invention, the Broker103 authenticates each client according to the authority information of each client, which is acquired by the authorization server 102 from the database corresponding to the authorization server 102, and authorizes the client when determining that the client has the authority. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved. The authority management functions, namely authentication and authorization, in the message processing system are realized, and the authority isolation of different client levels is supported. And meanwhile, the safety of message transmission can be improved.
The authority management method provided by the embodiment of the invention can be applied to a message server Broker in a message system. In an alternative embodiment, it can be applied to the message system RockketMQ. The following describes the rights management method provided by the embodiment of the present invention in detail.
An embodiment of the present invention provides a method for managing rights, as shown in fig. 3, the method may include:
s301, receiving a message request sent by a client.
The message request may include identification information of the client.
The identification information of the client may include client attribute information for distinguishing whether the client is a producer or a consumer.
In an implementation manner, only whether the client is the production side or the consumption side is distinguished, and the identification information of the client may only include the client attribute information. If the client is a production end, the client attribute information may be information for marking the client as a production end; when the client is a consumer, the client attribute information may be information that marks the client as a consumer.
In another implementation manner, not only can the client be distinguished as the production side or the consumption side, but also the client can be further distinguished as a specific production side in a production group or a specific consumption side in a consumption group, and the identification information of the client includes, in addition to the client attribute information, information for distinguishing which production side the client is specific when the client is the production side; or information for distinguishing which client is specific to the client when the client is the consumer. Specifically, it may be a server name, number, or the like of the client.
The message request may also include processing of the client request, such as sending a message to another client, and so on.
S302, according to the identification information of the client, the authority information of the client is obtained from the cache of the Broker.
In an implementation manner, the authority information corresponding to the client is a random character string Token.
In another implementation, the permission information may also be in the form of a username/password.
The authority information is obtained from a database corresponding to the authorization server through the authorization server and is stored in the cache.
And the authorization server stores the pre-generated authority information of each client into a database corresponding to the authorization server. And when the Broker inquires the authorization server, the authorization server sends the authority information to the Broker, and the Broker stores the authority information in a cache. Therefore, the Broker can manage the authority of the client through the authority information in the local cache.
However, the present embodiment is not limited to the authorization server obtaining the authority information from its corresponding database, and the authorization server may also obtain the authority information from other servers or other terminal devices.
And S303, authenticating the client according to the authority information corresponding to the client.
In the process that the client establishes connection with the Broker for production and consumption, the Broker authenticates the client through the authority information in the local cache, and further authorizes the client.
The method comprises the steps of authenticating a client according to authority information corresponding to the client, judging whether the client has authority to execute operation in a message request, and if the client has the authority to execute the operation in the message request, executing the operation aiming at the client to realize authority management aiming at the client in a message system.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
In an alternative embodiment of the present invention, the Broker periodically queries the authorization server and caches the permission information stored in the database during a preset time interval to the Broker locally.
As shown in fig. 4, the Broker obtains the authority information from the database corresponding to the authorization server, which may include:
s401, when the preset time interval is reached, the Broker sends a query instruction to the authorization server.
The preset time interval may be determined according to actual requirements. In one implementation, to avoid frequent interaction of the Broker with the authorization server, a preset time interval with a relatively large value may be set, such as 5 minutes, 10 minutes, and so on.
Specifically, as shown in fig. 5, the method may include:
s501, the authorization server receives a query instruction sent by the Broker.
And S502, the authorization server acquires the authority information to be cached, which is stored in the database within a preset time interval, from the database corresponding to the authorization server according to the query instruction.
In an optional embodiment of the present invention, before the authorization server sends the permission information to be cached to the Broker, the authorization server may further include:
and determining whether the Broker has the authority to acquire the authority information to be cached.
And sending the permission information to be cached to the Broker, including:
and when determining that the Broker has the authority to acquire the authority information to be cached, sending the authority information to be cached to the Broker.
Different brokers may have different access rights. The authorization server can verify the authority of the Broker when receiving the query instruction sent by the Broker. Specifically, the access authority information of each Broker may be generated in advance, and when receiving an inquiry instruction sent by the Broker, the authorization server obtains the access authority information of the Broker, and determines whether the Broker has authority to obtain and whether the authorization server stores the authority information to the database during a preset time interval according to the access authority information. And when determining that the Broker has the authority to acquire the authority information to be cached, the authorization server sends the authority information to be cached to the Broker.
And the Broker stores the received authority information to be cached into a cache. And the permission information to be cached is the permission information which is acquired by the authorization server and stored in the database during the preset time interval. Therefore, the client side can be subjected to authority management according to the authority information stored to the cache.
S503, the authorization server sends the authority information to be cached to the Broker.
S402, the Broker receives the authority information to be cached, which is sent by the authorization server and acquired according to the query instruction.
And S403, the Broker stores the authority information to be cached into the cache of the Broker.
Therefore, the Broker can manage the authority of the client through the authority information in the local cache.
The embodiment of the invention realizes the authority authentication function which is not available in the existing message system such as the message system RocketMQ, and can support the complete isolation of authority at the Topic level. And the authentication function is supported by Token, authentication center and cache. And stable RocktMQ basic service is provided, and effective isolation of service is realized by providing brand new centralized authentication service. And can support the message system of the large service scale, for example the service scale can reach 300 clusters, 1200+ servers.
An embodiment of the present invention provides a rights management apparatus, which is applied to a Broker in a message system, and as shown in fig. 6, the rights management apparatus may include:
a first receiving module 601, configured to receive a message request sent by a client, where the message request includes identification information of the client;
an obtaining module 602, configured to obtain, according to the identifier information of the client, permission information of the client from a cache of the Broker;
the authentication module 603 is configured to authenticate the client according to the authority information corresponding to the client.
In the embodiment of the invention, the Broker authenticates and authorizes each client according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
Optionally, the authority information stored in the cache of the Broker is obtained from a database corresponding to the authorization server.
Optionally, the apparatus further comprises:
the sending module is used for sending a query instruction to the authorization server when the preset time interval is reached so that the authorization server receives the query instruction, acquiring the authority information to be cached, which is stored in the database within the preset time interval, from the database according to the query instruction, and sending the authority information to be cached to the Broker;
the second receiving module is used for receiving the permission information to be cached sent by the authorization server;
and the storage module is used for storing the authority information to be cached into the cache of the Broker.
Optionally, the identification information of the client includes client attribute information for distinguishing whether the client is a producer or a consumer.
Optionally, the authority information corresponding to the client is a random character string Token.
It should be noted that, the rights management device provided in the embodiments of the present invention is a device to which the rights management method applied to the Broker is applied, and all embodiments of the rights management method applied to the Broker are applicable to the device, and can achieve the same or similar beneficial effects.
An embodiment of the present invention provides an authority management device, which is applied to an authorization server, and as shown in fig. 7, the authority management device may include:
a receiving module 701, configured to receive a query instruction sent by a Broker;
an obtaining module 702, configured to obtain, according to the query instruction, to-be-cached permission information stored in a database within a preset time interval from the database corresponding to the authorization server;
the sending module 703 is configured to send the permission information to be cached to the Broker, so that the Broker receives the permission information to be cached, and stores the permission information to be cached in the cache of the Broker.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
Optionally, the apparatus further comprises:
the determining module is used for determining whether the Broker has the authority to acquire the authority information to be cached;
and the sending module is specifically used for sending the permission information to be cached to the Broker when the Broker is determined to have permission to acquire the permission information to be cached.
It should be noted that the rights management apparatus provided in the embodiments of the present invention is an apparatus to which the above rights management method applied to the authorization server is applied, and all embodiments of the above rights management method applied to the authorization server are applicable to the apparatus and can achieve the same or similar beneficial effects.
The embodiment of the present invention further provides a rights management device, as shown in fig. 8, including a processor 801, a communication interface 802, a memory 803, and a communication bus 804, where the processor 801, the communication interface 802, and the memory 803 complete mutual communication through the communication bus 804.
A memory 803 for storing a computer program;
the processor 801 is configured to implement the method steps of the rights management method applied to the Broker in the above embodiment when executing the program stored in the memory 803.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
The embodiment of the present invention further provides an authorization server, as shown in fig. 9, which includes a processor 901, a communication interface 902, a memory 903 and a communication bus 904, where the processor 901, the communication interface 902, and the memory 903 complete mutual communication through the communication bus 904.
A memory 903 for storing computer programs;
the processor 901 is configured to implement the method steps of the rights management method applied to the authorization server in the foregoing embodiments when executing the program stored in the memory 903.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
The communication bus mentioned in the above right management device or authorization server may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the rights management device or the authorization server and other devices.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In still another embodiment provided by the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to perform the method steps of the rights management method applied to the Broker in the above-described embodiment.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
In yet another embodiment provided by the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, which when run on a computer, cause the computer to perform the method steps of the rights management method applied to the authorization server in the above-mentioned embodiment.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
In yet another embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method steps of the above-described embodiment applied to the method of rights management of a Broker.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method steps of the method of rights management applied to an authorization server in the above-mentioned embodiments.
In the embodiment of the invention, the Broker authenticates each client respectively according to the authority information of each client, which is acquired by the authorization server from the database corresponding to the authorization server. Therefore, each client can be distinguished, and the authority corresponding to the authority information of each client is determined for each client in the message processing process, so that the message processing accuracy can be improved.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus, the device, the computer-readable storage medium, and the computer program product embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and in relation to the description, reference may be made to some of the description of the method embodiments.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (6)
1. A rights management method applied to a Broker in a messaging system, comprising:
receiving a message request sent by a client, wherein the message request comprises identification information of the client;
acquiring the authority information of the client from the cache of the Broker according to the identification information of the client; the identification information of the client comprises client attribute information for distinguishing whether the client is a production end or a consumption end;
authenticating the client according to the authority information corresponding to the client;
the method further comprises the following steps:
when a preset time interval is reached, sending a query instruction to an authorization server, wherein the query instruction is used for acquiring access authority information of the Broker when the authorization server receives the query instruction, the authorization server acquires to-be-cached authority information stored in a database in the preset time interval from the database corresponding to the authorization server according to the query instruction, and the access authority information is used for determining whether the Broker has authority to acquire and storing to-be-cached authority information to the database by the authorization server during the preset time interval according to the access authority information, so that the authorization server sends the to-be-cached authority information to the Broker when determining that the Broker has the authority to acquire the to-be-cached authority information;
receiving the permission information to be cached sent by the authorization server;
and storing the authority information to be cached to the cache of the Broker.
2. The method according to claim 1, wherein the right information corresponding to the client is a random string Token.
3. A rights management device, applied to a Broker in a messaging system, comprising:
the first receiving module is used for receiving a message request sent by a client, wherein the message request comprises identification information of the client;
the acquisition module is used for acquiring the authority information of the client from the cache of the Broker according to the identification information of the client; the identification information of the client comprises client attribute information for distinguishing whether the client is a production end or a consumption end;
the authentication module is used for authenticating the client according to the authority information corresponding to the client;
the device further comprises:
a sending module, configured to send a query instruction to an authorization server when a preset time interval is reached, where the query instruction is used for the authorization server to obtain access right information of the Broker when the query instruction is received, and the authorization server obtains, according to the query instruction, to-be-cached right information stored in a database within the preset time interval from the database corresponding to the authorization server, where the access right information is used for the authorization server to determine, according to the access right information, whether the Broker has a right to obtain and to-be-cached right information stored in the database by the authorization server during the preset time interval, so that the authorization server sends the to-be-cached right information to the Broker when determining that the Broker has a right to obtain the to-be-cached right information;
the second receiving module is used for receiving the permission information to be cached sent by the authorization server;
and the storage module is used for storing the permission information to be cached to the cache of the Broker.
4. A messaging system, comprising: the system comprises a client, an authorization server and a Broker; wherein,
the authorization server stores the authority information of each client in a database corresponding to the authorization server;
when a preset time interval is reached, the Broker sends a query instruction to the authorization server;
the authorization server receives the query instruction; acquiring the permission information to be cached stored in the database within the preset time interval from the database according to the query instruction; when receiving a query instruction sent by the Broker, the authorization server acquires the access authority information of the Broker; determining whether the Broker has authority to acquire and the authorization server stores the authority information to be cached in a database during a preset time interval according to the access authority information; when the Broker is determined to have the authority to acquire the authority information to be cached, the authority information to be cached is sent to the Broker;
the Broker receives the authority information to be cached sent by the authorization server; storing the authority information to be cached to the cache of the Broker;
the client sends a message request to the Broker, wherein the message request comprises identification information of the client;
the Broker receives the message request sent by the client; acquiring the authority information of the client from the cache of the Broker according to the identification information of the client, wherein the identification information of the client comprises client attribute information for distinguishing whether the client is a production end or a consumption end; and authenticating the client according to the authority information corresponding to the client.
5. The authority management device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor, when executing the program stored in the memory, implementing the method steps of any of claims 1-2.
6. A computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the method steps of any of claims 1-2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910063016.XA CN109828852B (en) | 2019-01-23 | 2019-01-23 | Authority management method, device, system, equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910063016.XA CN109828852B (en) | 2019-01-23 | 2019-01-23 | Authority management method, device, system, equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109828852A CN109828852A (en) | 2019-05-31 |
CN109828852B true CN109828852B (en) | 2021-09-24 |
Family
ID=66861897
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910063016.XA Active CN109828852B (en) | 2019-01-23 | 2019-01-23 | Authority management method, device, system, equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109828852B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064608A (en) * | 2019-12-11 | 2020-04-24 | 北京奇艺世纪科技有限公司 | Master-slave switching method and device of message system, electronic equipment and storage medium |
CN111147496B (en) * | 2019-12-27 | 2022-04-08 | 北京奇艺世纪科技有限公司 | Data processing method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108632354A (en) * | 2018-04-02 | 2018-10-09 | 新华三云计算技术有限公司 | Physical machine receives pipe method, apparatus and cloud desktop management platform |
CN109257370A (en) * | 2018-10-22 | 2019-01-22 | 武汉极意网络科技有限公司 | The processing system of checking request |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8402527B2 (en) * | 2010-06-17 | 2013-03-19 | Vmware, Inc. | Identity broker configured to authenticate users to host services |
CN104980441A (en) * | 2015-06-26 | 2015-10-14 | 浪潮软件股份有限公司 | Method for implementing tenant authentication mechanism |
CN107659542A (en) * | 2016-07-26 | 2018-02-02 | 阿里巴巴集团控股有限公司 | A kind of method for authenticating and server |
CN106815099B (en) * | 2017-01-19 | 2020-09-18 | 腾讯科技(深圳)有限公司 | Authentication system and method |
CN107124431B (en) * | 2017-06-22 | 2020-03-06 | 浙江数链科技有限公司 | Authentication method, device, computer readable storage medium and authentication system |
CN108039064A (en) * | 2017-12-29 | 2018-05-15 | 北京悦畅科技有限公司 | Management method, server and the system of parking data |
-
2019
- 2019-01-23 CN CN201910063016.XA patent/CN109828852B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108632354A (en) * | 2018-04-02 | 2018-10-09 | 新华三云计算技术有限公司 | Physical machine receives pipe method, apparatus and cloud desktop management platform |
CN109257370A (en) * | 2018-10-22 | 2019-01-22 | 武汉极意网络科技有限公司 | The processing system of checking request |
Also Published As
Publication number | Publication date |
---|---|
CN109828852A (en) | 2019-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109711122B (en) | Authority management method, device, system, equipment and readable storage medium | |
CN107425981B (en) | Block chain-based digital certificate management method and system | |
RU2577191C2 (en) | Permission-accessible data cache management | |
US20080103854A1 (en) | Access Control Within a Publish/Subscribe System | |
CN110417863B (en) | Method and device for generating identity identification code and method and device for authenticating identity | |
CN103716326A (en) | Resource access method and URG | |
CN111400777B (en) | Network storage system, user authentication method, device and equipment | |
US20150149530A1 (en) | Redirecting Access Requests to an Authorized Server System for a Cloud Service | |
CN109150800B (en) | Login access method, system and storage medium | |
US20130246453A1 (en) | Method of extending web service application programming interfaces using query languages | |
CN110445615B (en) | Network request security verification method, device, medium and electronic equipment | |
US10650153B2 (en) | Electronic document access validation | |
CN112511316B (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
CN111355986B (en) | Message processing method and device in live broadcast room and storage medium | |
CN111212135A (en) | Message subscription method, device, system, electronic equipment and storage medium | |
CN109828852B (en) | Authority management method, device, system, equipment and readable storage medium | |
US11153293B1 (en) | Identity information linking | |
CN103179099A (en) | Unified certification method for accessing to open website platforms and website platform | |
CN110704820A (en) | Login processing method and device, electronic equipment and computer readable storage medium | |
WO2019175427A1 (en) | Method, device and medium for protecting work based on blockchain | |
CN111371889B (en) | Message processing method and device, internet of things system and storage medium | |
US20080086766A1 (en) | Client-based pseudonyms | |
CN116438778A (en) | Persistent source value of assumed alternate identity | |
US11075922B2 (en) | Decentralized method of tracking user login status | |
US20070050371A1 (en) | Interacting with an online database through a variety of communications media |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |