CN109889524A - A kind of authentication device and method of the cloud computing application system based on tree - Google Patents
A kind of authentication device and method of the cloud computing application system based on tree Download PDFInfo
- Publication number
- CN109889524A CN109889524A CN201910141763.0A CN201910141763A CN109889524A CN 109889524 A CN109889524 A CN 109889524A CN 201910141763 A CN201910141763 A CN 201910141763A CN 109889524 A CN109889524 A CN 109889524A
- Authority
- CN
- China
- Prior art keywords
- tree
- information
- resource
- user
- openstack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013475 authorization Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The authentication device and method for the cloud computing application system based on tree that the invention discloses a kind of, belong to field of cloud computer technology.The authentication device of cloud computing application system based on tree of the invention, using resource layer as line of demarcation, the above are user information-resource information trees for resource layer, it is OpenStack platform information-resource information tree below resource layer, user information-the resource information tree is using user as root node, user possesses child node, and child node extension realizes that user information-resource information tree is extending transversely;The OpenStack platform information-affiliated the platform of resource information tree storage resource information.The authentication device of the cloud computing application system based on tree of the invention can realize better attended operation between trans-regional, have good application value.
Description
Technical field
The present invention relates to field of cloud computer technology, specifically provide a kind of authentication device of cloud computing application system based on tree
And method.
Background technique
Currently, the various services that all cloud computing large manufacturers provide, all be unable to do without OpenStack, and
OpenStack platform itself has module Keystone and carries out authentication to service, and basic authentication is as follows:
The first, the technical solution of single OpenStack platform authentication
The authentication of OpenStack platform itself:
1), user logs in, and inputs username and password, the i.e. name in an account book and password of OpenStack platform;
2), OpenStack Keystone checks Credentials to confirm user identity;
3) after user's confirmation, Keystone can return to the Endpoint and Token of each resource;
4) user takes temporary Token, so that it may carry out corresponding resource operation.
The second, the technical solution of multiple OpenStack platform authentications
1) user logs in, and inputs username and password, the i.e. name in an account book and password of OpenStack platform;
2) OpenStack platform is determined by Region parameter selection;
3) OpenStack Keystone checks Credentials to confirm user identity;
4) after user's confirmation, Keystone can return to the Endpoint and Token of each resource;
5) after user's confirmation, Keystone can return to the Endpoint and Token of each resource;
6) the OpenStack platform of selection confirmation before the parameter operated will be sent to.
Two kinds of authentications of the above OpenStack, are all the abundant applications of OpenStack Keystone module.It is single simple
OpenStack, moreover it is possible to simple and easy, but be related to multiple platforms, jumping for one of the various parameters is more troublesome;And it is every
There are also the differentiations of project and user by a OpenStack itself.So for the multiple platforms in strange land, original Keystone mirror
Although power is also able to satisfy authentication requirement, inconvenient.And if the trans-regional purchase product of single user, each
OpenStack platform must all increase corresponding user newly, have certain limitation.
Summary of the invention
Technical assignment of the invention is in view of the above problems, to provide a kind of simple powerful traditional authentication device,
And the authentication device of the cloud computing application system based on tree of better attended operation can be realized between trans-regional.
The further technical assignment of the present invention is to provide a kind of right discriminating system of cloud computing application system based on tree.
To achieve the above object, the present invention provides the following technical scheme that
A kind of authentication device of the cloud computing application system based on tree, described device is using resource layer as line of demarcation, resource layer
It is OpenStack platform information-resource information tree the above are user information-resource information tree, below resource layer, user's letter
For breath-resource information tree using user as root node, user possesses child node, and user information-resource information tree is realized in child node extension
It is extending transversely;The OpenStack platform information-affiliated the platform of resource information tree storage resource information.
The authentication device of the cloud computing application system based on tree, which will be set, and OpenStack is functional combines, and leads to
Cross horizontally and vertically scalable, realization subscription authentication.By storing two tree-like authentication tables, it is multiple in strange land to solve single user
OpenStack platform, the problem of resource authentication trouble, while can solve single area, the same user is multiple
OpenStack platform resource authenticates problem.It avoids on single area, the same user, multiple OpenStack platforms, uses
The trouble that OpenStack platform itself authenticates, it is only necessary to store user information-resource information authentication tree information and OpenStack
Platform information-resource information authentication tree information.
Preferably, the user information-resource information tree child node layer is with the made OpenStack item id of resource or money
The payment type in source is classified.
Preferably, in the user information-resource information tree first time child node possess key layers for authenticate classification,
Realize user information-resource information tree Longitudinal Extension.
For user information-resource information tree using user as root node, user can possess any child node, child node extension
Realize that user information-resource information tree is extending transversely, child node layer can be classified with any information, be can be resource and made
OpenStack item id is also possible to the payment type of resource.Any infinite Layer Key can be possessed after first time child node to use
Classify in authentication, first layer can also not have directly, to realize user information-resource information tree Longitudinal Extension.
Preferably, multiple OpenStack platforms are deposited when sharing in the OpenStack platform information-resource information tree
Storage.
Since OpenStack platform and user are not related, so the affiliated platform of storage resource information is only needed, when
So, can also be with as the tree of upper layer if there is necessary demand, horizontal and vertical while arbitrary extension.If only one
OpenStack platform, lower layer OpenStack platform information-resource information tree is just not present in that;Lower layer's OpenStack platform letter
Breath-resource information tree multiple OpenStack platforms store when sharing.
A kind of method for authenticating of the cloud computing application system based on tree, database storage resources data and mirror in this method
The data of Quan Shu, user are logged in by user information itself, log on to web control interface, and interface is looked into according to user information
The tree-like authorization data for asking user information and resource information, returns results to interface and is shown;OpenStack platform provides cloud
Infrastructure service is calculated, is logged in from the background by the information of administrator.
When operating in database storage resources data and the data of authentication tree to resource, it occurs in page operation
Afterwards, parameter is transmitted to backstage, passes through the authentication tree of query resource information and OpenStack platform information from the background, logs in
OpenStack platform is inquired.
OpenStack platform provides cloud computing basic services, is logged in from the background by the information of administrator, in this way
One can arbitrarily operate all resources, it is not necessary to which OpenStack of using trouble itself is authenticated.Pass through OpenStack API
Basic resource is operated, realizes the basic function of cloud computing.
Preferably, user logs on to Web control interface by user information when logging resource is shown in this method, after
Platform is obtained all resource UUID of user and is passed through with resource identification by user information searching user's information-resource information tree
OpenStack platform query resource information obtains result and returns to interface display.
Preferably, user clicks creation operation in Web control interface in this method when asset creation, and fill in corresponding
Parameter determines OpenStack platform from the background according to undetermined parameter, logs in OpenStack platform and carries out relevant operation, operation at
After function, corresponding resource information and authentication information are stored, returns to interface in interface display.
Preferably, the detailed process based on single OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3) it, is operated in system web interface, parameter is transmitted to backstage;
4), backstage manager's unified login carries out resource operation according to parameter;
5) operating result, is returned, page furbishing, and the authentication tree information in more new database are carried out.
Preferably, the detailed process based on multiple OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3), by authentication tree information, affiliated OpenStack platform information is inquired;
4), by the affiliated OpenStack platform information of acquisition, OpenStack platform is logged in;
5) respective resources operation, is carried out according to operating parameter;
6) operating result, refresh page, and the authentication tree information updated storage, are returned.
Compared with prior art, the method for authenticating of the cloud computing application system of the invention based on tree has following prominent
The utility model has the advantages that
(1) real by user information-resource information authentication tree and OpenStack platform information-resource information authentication tree
Existing single user, the resource authentication with regional, multiple OpenStack platform, concise storage corresponding information are applied to cloud
Application system is calculated, multiple OpenStack are avoided, is owned by the numerous and disorderly of authentication itself;
(2) real by user information-resource information authentication tree and OpenStack platform information-resource information authentication tree
Show the resource authentication of single user, multiple regional, multiple OpenStack platforms, concise storage corresponding information is applied to
Cloud computing application system avoids multiple OpenStack, is owned by the numerous and disorderly of authentication itself;
(3) by user information-resource information authentication tree, the resource of single user, single OpenStack platform are realized
Authentication, more concise storage corresponding information are applied to cloud computing application system, have good application value.
Detailed description of the invention
Fig. 1 is the topological diagram of the authentication device of the cloud computing application system of the present invention based on tree;
Fig. 2 is the flow chart of the method for authenticating of the cloud computing application system of the present invention based on tree;
Fig. 3 be in the method for authenticating of the cloud computing application system of the present invention based on tree based on single OpenStack and
The applicating flow chart of tree;
Fig. 4 be in the method for authenticating of the cloud computing application system of the present invention based on tree based on multiple OpenStack and
The applicating flow chart of tree;
Specific embodiment
Authentication device and side below in conjunction with drawings and examples, to the cloud computing application system of the invention based on tree
Method is described in further detail.
Embodiment
As shown in Figure 1, the authentication device of the cloud computing application system of the invention based on tree, using resource layer as line of demarcation,
Resource layer is OpenStack platform information-resource information tree below resource layer the above are user information-resource information tree, described
For user information-resource information tree using user as root node, user possesses child node, and user information-resource is realized in child node extension
Inforamtion tree is extending transversely;The OpenStack platform information-affiliated the platform of resource information tree storage resource information.
For user information-resource information tree using user as root node, user can possess any child node, child node extension
Realize that user information-resource information tree is extending transversely, child node layer can be classified with any information, be can be resource and made
OpenStack item id is also possible to the payment type of resource.Any infinite Layer Key can be possessed after first time child node to use
Classify in authentication, first layer can also not have directly, to realize user information-resource information tree Longitudinal Extension.
Since OpenStack platform and user are not related, so the affiliated platform of storage resource information is only needed, when
So, can also be with as the tree of upper layer if there is necessary demand, horizontal and vertical while arbitrary extension.If only one
OpenStack platform, lower layer OpenStack platform information-resource information tree is just not present in that;Lower layer's OpenStack platform letter
Breath-resource information tree multiple OpenStack platforms store when sharing.
As shown in Fig. 2, the method for authenticating of the cloud computing application system of the invention based on tree, database storage resources data
And the data of authentication tree, user are logged in by user information itself, log on to web control interface, interface is according to user
The tree-like authorization data of information, searching user's information and resource information, returns results to interface and is shown.Resource is grasped
When making, after interface operation generation, parameter is transmitted to backstage, is believed from the background by query resource information and OpenStack platform
The authentication tree of breath logs in OpenStack platform and is inquired.OpenStack platform provides cloud computing basic services, passes through from the background
The information of administrator logs in, and so can arbitrarily operate all resources, it is not necessary to using trouble
OpenStack itself is authenticated.Basic resource is operated by OpenStack API, realizes the basic function of cloud computing.
Common JavaWeb application system bottom is OpenStack basic resource layer, passes through unified OpenStack from the background
Platform administrator user information is logged in, to obtain OpenStack API to underlying resource mirror image operation.Middle layer is several
It is stored according to authentication information, it is main to store upper-layer user's information-resource information authentication tree and OpenStack platform information-resource letter
Breath authentication tree.It when user operates resource by the page, is authenticated by inquiry set information from the background, where acquisition resource
Then OpenStack platform information carries out bottom application operating.The JavaWeb of top layer logs in display, and user passes through user name
Password login Web controls the page, carries out resource query and display by resource information tree from the background.
When logging resource is shown, user logs on to Web control interface by user information, is inquired from the background by user information
User information-resource information tree obtains all resource UUID of user, with resource identification, is inquired and is provided by OpenStack platform
Source information obtains result and returns to interface display.When asset creation, user clicks creation operation in Web control interface, and fills in phase
Parameter is answered, from the background according to undetermined parameter, determines OpenStack platform, OpenStack platform is logged in and carries out relevant operation, operation
After success, corresponding resource information and authentication information are stored, returns to interface in interface display.
As shown in figure 3, the detailed process based on single OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3) it, is operated in system web interface, parameter is transmitted to backstage;
4), backstage manager's unified login carries out resource operation according to parameter;
5) operating result, is returned, page furbishing, and the authentication tree information in more new database are carried out.
As shown in figure 4, the detailed process based on multiple OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3), by authentication tree information, affiliated OpenStack platform information is inquired;
4), by the affiliated OpenStack platform information of acquisition, OpenStack platform is logged in;
5) respective resources operation, is carried out according to operating parameter;
6) operating result, refresh page, and the authentication tree information updated storage, are returned.
The authentication device of the cloud computing application system based on tree, which will be set, and OpenStack is functional combines, and leads to
Cross horizontally and vertically scalable, realization subscription authentication.By storing two tree-like authentication tables, it is multiple in strange land to solve single user
OpenStack platform, the problem of resource authentication trouble, while can solve single area, the same user is multiple
OpenStack platform resource authenticates problem.It avoids on single area, the same user, multiple OpenStack platforms, uses
The trouble that OpenStack platform itself authenticates, it is only necessary to store user information-resource information authentication tree information and OpenStack
Platform information-resource information authentication tree information.
Embodiment described above, the only present invention more preferably specific embodiment, those skilled in the art is at this
The usual variations and alternatives carried out within the scope of inventive technique scheme should be all included within the scope of the present invention.
Claims (9)
1. a kind of authentication device of the cloud computing application system based on tree, it is characterised in that: described device is boundary with resource layer
Line, resource layer are OpenStack platform information-resource information trees below resource layer the above are user information-resource information tree,
For the user information-resource information tree using user as root node, user possesses child node, and user information-is realized in child node extension
Resource information tree is extending transversely;The OpenStack platform information-affiliated the platform of resource information tree storage resource information.
2. the authentication device of the cloud computing application system according to claim 1 based on tree, it is characterised in that: the user
Information-resource information tree child node layer is classified with the payment type of the made OpenStack item id of resource or resource.
3. the authentication device of the cloud computing application system according to claim 1 or 2 based on tree, it is characterised in that: described
In user information-resource information tree first time child node possess key layers for authenticate classify, realization user information-resource information
The Longitudinal Extension of tree.
4. the authentication device of the cloud computing application system according to claim 3 based on tree, it is characterised in that: described
In OpenStack platform information-resource information tree, multiple OpenStack platforms store when sharing.
5. a kind of method for authenticating of the cloud computing application system based on tree, it is characterised in that: database storage resources in this method
Data and the data of authentication tree, user logged in by user information itself, logs on to web control interface, interface according to
The tree-like authorization data of user information, searching user's information and resource information, returns results to interface and is shown;
OpenStack platform provides cloud computing basic services, is logged in from the background by the information of administrator.
6. the method for authenticating of the cloud computing application system according to claim 5 based on tree, it is characterised in that: in this method
When logging resource is shown, user logs on to Web control interface by user information, inquires user's letter by user information from the background
Breath-resource information tree obtains all resource UUID of user, with resource identification, is believed by OpenStack platform query resource
Breath obtains result and returns to interface display.
7. the method for authenticating of the cloud computing application system according to claim 5 or 6 based on tree, it is characterised in that: the party
In method when asset creation, user clicks creation operation in Web control interface, and fills in relevant parameter, from the background according to undetermined parameter,
It determines OpenStack platform, logs in OpenStack platform and carry out relevant operation, after operating successfully, store corresponding resource information
And authentication information, interface is returned in interface display.
8. the method for authenticating of the cloud computing application system according to claim 7 based on tree, it is characterised in that: based on single
The detailed process of OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3) it, is operated in system web interface, parameter is transmitted to backstage;
4), backstage manager's unified login carries out resource operation according to parameter;
5) operating result, is returned, page furbishing, and the authentication tree information in more new database are carried out.
9. the method for authenticating of the cloud computing application system according to claim 7 based on tree, it is characterised in that: based on multiple
The detailed process of OpenStack and tree are as follows:
1), system user logs in, and obtains user name password;
2), by the relationship of tree, database table is inquired, respective resources is obtained and shows;
3), by authentication tree information, affiliated OpenStack platform information is inquired;
4), by the affiliated OpenStack platform information of acquisition, OpenStack platform is logged in;
5) respective resources operation, is carried out according to operating parameter;
6) operating result, refresh page, and the authentication tree information updated storage, are returned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910141763.0A CN109889524A (en) | 2019-02-26 | 2019-02-26 | A kind of authentication device and method of the cloud computing application system based on tree |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910141763.0A CN109889524A (en) | 2019-02-26 | 2019-02-26 | A kind of authentication device and method of the cloud computing application system based on tree |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109889524A true CN109889524A (en) | 2019-06-14 |
Family
ID=66929376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910141763.0A Pending CN109889524A (en) | 2019-02-26 | 2019-02-26 | A kind of authentication device and method of the cloud computing application system based on tree |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889524A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112989294A (en) * | 2019-12-16 | 2021-06-18 | 浙江宇视科技有限公司 | Authentication method, device, server and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593229A (en) * | 2013-11-26 | 2014-02-19 | 西安工程大学 | Integrating and uniform dispatching frame of heterogeneous cloud operation systems and dispatching method thereof |
| US20160366233A1 (en) * | 2015-06-10 | 2016-12-15 | Platform9, Inc. | Private Cloud as a service |
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| CN107181808A (en) * | 2017-06-01 | 2017-09-19 | 安徽祥云科技有限公司 | A kind of privately owned cloud system and operation method |
| CN108062248A (en) * | 2017-12-08 | 2018-05-22 | 华胜信泰信息产业发展有限公司 | Method for managing resource, system, equipment and the storage medium of isomery virtual platform |
| CN109063457A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | The cross-platform login unified certification interconnection method of one kind, storage medium, electronic equipment |
-
2019
- 2019-02-26 CN CN201910141763.0A patent/CN109889524A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593229A (en) * | 2013-11-26 | 2014-02-19 | 西安工程大学 | Integrating and uniform dispatching frame of heterogeneous cloud operation systems and dispatching method thereof |
| US20160366233A1 (en) * | 2015-06-10 | 2016-12-15 | Platform9, Inc. | Private Cloud as a service |
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| CN107181808A (en) * | 2017-06-01 | 2017-09-19 | 安徽祥云科技有限公司 | A kind of privately owned cloud system and operation method |
| CN108062248A (en) * | 2017-12-08 | 2018-05-22 | 华胜信泰信息产业发展有限公司 | Method for managing resource, system, equipment and the storage medium of isomery virtual platform |
| CN109063457A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | The cross-platform login unified certification interconnection method of one kind, storage medium, electronic equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112989294A (en) * | 2019-12-16 | 2021-06-18 | 浙江宇视科技有限公司 | Authentication method, device, server and storage medium |
| CN112989294B (en) * | 2019-12-16 | 2022-08-23 | 浙江宇视科技有限公司 | Authentication method, device, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8195743B2 (en) | Extensible and programmable multi-tenant service architecture | |
| CN103299594B (en) | System and method for extendible authentication framework | |
| CN102611705B (en) | A kind of general calculation account management system and its implementation | |
| US9069979B2 (en) | LDAP-based multi-tenant in-cloud identity management system | |
| CN102984159B (en) | Based on secure accessing logic control method and the Platform Server of terminal access behavior | |
| CN101714996B (en) | Authentication system and method based on peer-to-peer computing network | |
| CN104301418A (en) | Cross-domain single point login system and method based on SAML | |
| CN104123616A (en) | Cloud computing system towards multiple tenants | |
| CN106470184A (en) | Safety certifying method, apparatus and system | |
| US10848522B2 (en) | Just-in-time access based on screening criteria to maintain control of restricted data in cloud computing environments | |
| CN110177109B (en) | Double-proxy cross-domain authentication system based on identification password and alliance chain | |
| CN104954466A (en) | Smart service system of Internet of things based on software definition | |
| US10523667B2 (en) | Framework for executing operations on systems | |
| US9087322B1 (en) | Adapting service provider products for multi-tenancy using tenant-specific service composition functions | |
| CN107070894A (en) | A kind of software integrating method based on enterprise's cloud service platform | |
| WO2008157095A1 (en) | Multiple user authentications on a communications device | |
| CN105354482A (en) | Single sign-on method and device | |
| CN109756584A (en) | Domain name analytic method, domain name mapping device and computer readable storage medium | |
| US20130312068A1 (en) | Systems and methods for administrating access in an on-demand computing environment | |
| US20230079770A1 (en) | Controlling access to microservices within a multi-tenancy framework | |
| US20170026361A1 (en) | Federated Single Sign-On to Hadoop Cluster | |
| CN109889524A (en) | A kind of authentication device and method of the cloud computing application system based on tree | |
| CN110728603A (en) | Education resource sharing method and system based on education cloud platform | |
| CN108243164B (en) | Cross-domain access control method and system for E-government cloud computing | |
| WO2014036716A1 (en) | Telecommunication information networking architecture-based system for mapping logical delivery point to physical delivery point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190614 |
|
| RJ01 | Rejection of invention patent application after publication |