CN109948356A - One kind is based on service call authority control method under micro services framework - Google Patents
One kind is based on service call authority control method under micro services framework Download PDFInfo
- Publication number
- CN109948356A CN109948356A CN201910228644.9A CN201910228644A CN109948356A CN 109948356 A CN109948356 A CN 109948356A CN 201910228644 A CN201910228644 A CN 201910228644A CN 109948356 A CN109948356 A CN 109948356A
- Authority
- CN
- China
- Prior art keywords
- micro services
- permission
- service
- authorization
- redis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000013475 authorization Methods 0.000 claims abstract description 22
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 claims 1
- 238000005303 weighing Methods 0.000 claims 1
- 241000700189 Hystrix <Rodentia> Species 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
Abstract
The invention discloses one kind based on service call authority control method under micro services framework, authorization of service and service call the permission control of the micro services for being registered based on registration center;Micro services support that platform provides micro services Authorized operation function, permission is saved in Oracle and Redis;Permission is pushed to authorization micro services end, carries out authorization check control by the subscription issue mechanism provided by Redis;It include: micro services Authorized operation, permission saves and publication, permission control, permission control client jar packet use.The present invention is carried out permission control, prevents illegal service call to the micro services registered based on registration center by authorization, is prevented interface and is called security risk.
Description
Technical field
The invention belongs to software technology fields, are based under Spring Cloud micro services framework to be a kind of, between micro services
The mechanism of permission control is called, it is specifically a kind of based on service call authority control method under micro services framework.
Background technique
Spring Cloud is the micro services framework developing instrument realized based on Spring Boot.It is micro services
Configuration management involved in framework, service improvement, breaker, Intelligent routing, micro code, control bus, global lock, decision are competing
The operations such as choosing, distributed conversation and cluster condition managing provide a kind of simple development scheme.
Spring Boot is the completely new frame provided by Pivotal team, and purpose of design is answered for simplifying Spring
Initially build and development process.The frame is configured using specific mode, uses the reason of " habit is better than configuration "
It reads, to make developer not in the configuration for needing to define stereotyping.Creation one independent fortune is easy to using Spring Boot
Capable Spring project, and seldom configuration hardly can be configured or used using Spring.
Spring Cloud Ribbon is the client load equilibrium tool based on HTTP and TCP, it is based on
Netfiix Ribbon is realized.By the encapsulation of Spring Cloud, easily service-oriented REST template can be requested
It is automatically converted to the service call of client load equilibrium.Although a Spring Cloud Ribbon only tool class framework,
It needs independent deployment unlike service register center, configuration center, gateway, but it is almost present in each
In the micro services and infrastructure of SpringCloud building, the calling between micro services, the contents such as request forwarding of gateway, in fact
It is all to be realized by Ribbon on border.
Spring Cloud Hystrix realizes a series of service protection functions such as breaker, thread isolation, is based on
What the Open Framework Hystrix of Netflix was realized, which aims at by controlling those access remote systems, service
With the node of third party library, to provide more powerful fault-tolerant ability to delay and failure.Hystrix has service degradation, clothes
Business fusing, thread and signal isolation, request caching, request merges and the powers such as service monitoring.
Spring Cloud Feign based on Netflix Feign realize, incorporate Spring Cloud Ribbon with
Spring Cloud Hystrix, other than providing the power of the two, it additionally provides a kind of Web clothes of statement formula
Business client definition mode.Under the realization of Spring Cloud Feign, only need to create an interface and with note mode
It is configured, the interface binding to service provider can be completed, simplify when using Spring Cloud Ribbon voluntarily
The exploitation amount of packing service calling client.Spring Cloud Feign has pluggable note and supports, including Feign note
Solution and JAX-RS are explained.
Due to calling no permission to control between micro services, it can call directly, not can be carried out permission control, exist illegal
The security risk of service call.
Summary of the invention
The object of the present invention is to provide one kind based on service call authority control method under micro services framework, between micro services
Service can license to other micro services, can just be called after authorization, while client jar packet being provided, micro services were developed
Jar packet is introduced in journey, has the function of permission control.
The purpose of the present invention is achieved through the following technical solutions:
One kind is based on service call authority control method under micro services framework, it is characterised in that: this method is used for based in registration
The authorization of service of the micro services of heart registration and the control of service call permission;Micro services support platform to provide micro services Authorized operation function
Energy, permission are saved in Oracle and Redis, the subscription issue mechanism provided by Redis, and permission is pushed to authorization in incognito
It is engaged in end, carrying out authorization check control.It include: micro services Authorized operation, permission saves and publication, permission control, permission control visitor
Family end jar packet is for the use of four.
Micro services Authorized operation: due to the calling between micro services in view of permission controls, it is necessary first to function can be provided
Authorized operation is carried out, micro services support platform provides function and carries out Authorized operation.The micro services for needing to authorize need to introduce dlxx-
Cloud-funcauth.jar issues all rest service list interfaces of current micro services in the jar packet automatically.Micro services are being transported
In the normal situation of row, the available all service lists to the micro services of support platform.
Permission saves and publication: permissions data respectively deposits portion in relevant database Oracle and memory database Redis.
The data of memory database storage mainly push permission and service call verifying authorization uses.The data of relevant database storage
The main list convenient for retrieval micro services with access REST service permission.
Memory database storage: Redis, data structure are used are as follows: the URL(that key stores REST service includes context).
Corresponding value storage is Set, stores the system coding of micro services.
Relevant database storage: using Oracle, and the corresponding micro services system of URL for storing the REST service of authorization is compiled
Code.
Permission control: micro services need to call the service of other micro services, it is necessary to introduce dlxx-cloud-
Funcauth.jar configures the address of permission Redis database.Filter (this mistake of interface authority control is increased in jar packet
Filter automatically configures, and does any processing without micro services system), the clothes that main verifying is called based on Ribbon mode and Feign
Business.The logic of verifying is the authority models data saved based on Redis database, if directly returning to 403 without permission and having no right
Limit calls the corresponding interface if having permission, returns to interface result.
Permission controls client jar packet: when using authorization function in developing micro services Project Process, needing to introduce permission
Control client jar packet.Configuration is added in pom.xml, Maven will can be downloaded automatically after having added.
The present invention carries out permission control by authorization to the micro services registered based on registration center, prevents from illegally servicing and adjust
With, prevent interface and calls security risk, authorization of service and the service call power for the micro services that can be used for registering based on registration center
Limit control.
Detailed description of the invention
Fig. 1 permissions data storage model relational graph.
The realization algorithm pattern of Fig. 2 Authority Verification.
When Fig. 3 micro services are called, permission control sequential figure.
Specific embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
One kind is based on service call authority control method under micro services framework, the micro services for being registered based on registration center
Authorization of service and service call permission control.Micro services support that platform provides micro services Authorized operation function, permission is saved in
In Oracle and Redis, permission is pushed to authorization micro services end, carries out permission by the subscription issue mechanism provided by Redis
Verification control.It is specific as follows:
1. introducing client jar packet
Based on the micro services project of Maven exploitation, need that client jar packet is added in pom.xml configuration file.
2. configuration center configures relevant parameter
Interface.auth.enable parameter defaults false, refers to and does not need to authorize, should if necessary to carry out permission control
Parameter value is set as true.Due to obtaining the corresponding authority information of URL from Redis, Redis relevant information is needed to configure.
3. client jar configuration uses
There are three aspects for the main function of client jar packet, obtain permissions data from Redis, are automatically Robbin and Feign
The request header that mode is called increases x-system-code and permission control verifying.Permission control is verified filter realization, should
The realization algorithm of filter is following (algorithm pattern that Fig. 2 is the filter):
Judge whether to enable permission control
A) no, filter is verified
B) be then judge whether be non-required verifying URL
B1) no, filter is verified
It B2) is then to judge whether request header includes user_agent
B21) no, return to 403 error codes, no user_agent error message
It B22) is then to judge whether request header includes x-system-code
B221) no, return to 403 error codes, no x-system-code error message
B222) be then judge caching in whether include URL authority information
B2221) no, the authority information of URL please be obtain from REDIS service
It B2222) is that then judgement verifies whether that tool has permission to access URL
B22221) no, 403 error codes are returned, do not have access authority error message
It B22222) is that filter is verified
For micro services using client jar packet, the service call between micro services does not have any difference, in practical called
Journey has been added to permission control filtering, please refers to the explanatory note in timing diagram (Fig. 3).
Claims (3)
1. one kind is based on service call authority control method under micro services framework, it is characterised in that: this method is used for based on registration
The authorization of service of the micro services of center registration and the control of service call permission;Micro services support platform to provide micro services Authorized operation
Function, permission are saved in Oracle and Redis;It is micro- to be pushed to authorization by the subscription issue mechanism provided by Redis for permission
Server-side carries out authorization check control;It include: micro services Authorized operation, permission saves and publication, permission control, permission control
Client jar packet uses.
2. according to claim 1 based on service call authority control method under micro services framework, it is characterised in that:
Micro services Authorized operation: due to the calling between micro services in view of permission controls, offer function first carries out authorization behaviour
Make, micro services support platform provides function and carries out Authorized operation;The micro services for needing to authorize introduce dlxx-cloud-
Funcauth.jar issues all rest service list interfaces of current micro services in the jar packet automatically;Micro services are in normal operation
In the case where, support platform gets all service lists of the micro services;
Permission saves and publication: permissions data respectively deposits portion in relevant database Oracle and memory database Redis;Memory
The data-pushing permission and service call verifying authorization of database purchase use;The data of relevant database storage are convenient for retrieval
Micro services have the list of access REST service permission;
Permission control: micro services need to call the service of other micro services, introduce dlxx-cloud-funcauth.jar, configuration
The address of permission Redis database;The filter that interface authority controls is increased in jar packet, and (this filter automatically configures, and is not necessarily to
Micro services system does any processing), verify the service called based on Ribbon mode and Feign;The logic of verifying is to be based on
The authority models data that Redis database saves are adjusted if having permission if directly returning to 403 lacks of competence without permission
With the corresponding interface, interface result is returned;
Permission controls client jar packet: when using authorization function in developing micro services Project Process, introducing permission and controls client
Hold jar packet;Configuration is added in pom.xml, Maven is downloaded automatically after having added.
3. according to claim 2 based on service call authority control method under micro services framework, it is characterised in that: weighing
Limit is saved with publication, memory database storage: uses Redis, data structure are as follows: the URL of key storage REST service;Value storage
Corresponding is Set, stores the system coding of micro services;Relevant database storage: using Oracle, stores the REST clothes of authorization
The corresponding micro services system coding of the URL of business.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910228644.9A CN109948356A (en) | 2019-03-25 | 2019-03-25 | One kind is based on service call authority control method under micro services framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910228644.9A CN109948356A (en) | 2019-03-25 | 2019-03-25 | One kind is based on service call authority control method under micro services framework |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109948356A true CN109948356A (en) | 2019-06-28 |
Family
ID=67011366
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910228644.9A Pending CN109948356A (en) | 2019-03-25 | 2019-03-25 | One kind is based on service call authority control method under micro services framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109948356A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377324A (en) * | 2019-07-04 | 2019-10-25 | 中铁四局集团有限公司 | A kind of informatization platform monitoring system and construction method |
| CN110457399A (en) * | 2019-08-19 | 2019-11-15 | 浪潮通用软件有限公司 | A kind of data permission distribution control method and system based on micro services framework |
| CN110737567A (en) * | 2019-10-17 | 2020-01-31 | 吉旗(成都)科技有限公司 | Server-side interface fusing method and device based on cache |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
| CN111079160A (en) * | 2019-12-11 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | Method and system for establishing authority management framework |
| CN111131193A (en) * | 2019-12-10 | 2020-05-08 | 四川新网银行股份有限公司 | Distributed service governance method supporting multi-protocol heterogeneous non-code intrusion |
| CN111131308A (en) * | 2019-12-31 | 2020-05-08 | 微梦创科网络科技(中国)有限公司 | Calling system and method based on service |
| CN111327619A (en) * | 2020-02-26 | 2020-06-23 | 南方电网科学研究院有限责任公司 | Micro-service data exchange method and device |
| CN111611259A (en) * | 2020-05-28 | 2020-09-01 | 贝壳技术有限公司 | Interface request processing method, device, system and computer readable storage medium |
| CN111859419A (en) * | 2020-06-29 | 2020-10-30 | 远光软件股份有限公司 | Method for configuring resource authority to main body based on micro service |
| CN112073387A (en) * | 2020-08-19 | 2020-12-11 | 成都精灵云科技有限公司 | Distributed permission authentication system for micro-service |
| CN112445580A (en) * | 2019-08-28 | 2021-03-05 | 烽火通信科技股份有限公司 | Micro-service grouping management control method and system |
| CN113326540A (en) * | 2021-06-29 | 2021-08-31 | 平安普惠企业管理有限公司 | Calling authority control method, device, server, system and medium of microservice |
| CN116049860A (en) * | 2023-03-06 | 2023-05-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506605A (en) * | 2016-10-14 | 2017-03-15 | 华南理工大学 | A kind of SaaS application construction methods based on micro services framework |
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN108206852A (en) * | 2016-12-20 | 2018-06-26 | 杭州华为数字技术有限公司 | A kind of dialogue-based Service Instance management method and equipment under micro services frame |
| CN108965442A (en) * | 2018-07-23 | 2018-12-07 | 珠海宏桥高科技有限公司 | A kind of micro services infrastructure services dissemination system and model-based optimization method |
| CN108989406A (en) * | 2018-07-03 | 2018-12-11 | 北京智芯微电子科技有限公司 | Software shelf realization method and system based on micro services |
-
2019
- 2019-03-25 CN CN201910228644.9A patent/CN109948356A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506605A (en) * | 2016-10-14 | 2017-03-15 | 华南理工大学 | A kind of SaaS application construction methods based on micro services framework |
| CN108206852A (en) * | 2016-12-20 | 2018-06-26 | 杭州华为数字技术有限公司 | A kind of dialogue-based Service Instance management method and equipment under micro services frame |
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN108989406A (en) * | 2018-07-03 | 2018-12-11 | 北京智芯微电子科技有限公司 | Software shelf realization method and system based on micro services |
| CN108965442A (en) * | 2018-07-23 | 2018-12-07 | 珠海宏桥高科技有限公司 | A kind of micro services infrastructure services dissemination system and model-based optimization method |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377324B (en) * | 2019-07-04 | 2023-01-24 | 安徽数智建造研究院有限公司 | Information platform monitoring system and construction method |
| CN110377324A (en) * | 2019-07-04 | 2019-10-25 | 中铁四局集团有限公司 | A kind of informatization platform monitoring system and construction method |
| CN110457399A (en) * | 2019-08-19 | 2019-11-15 | 浪潮通用软件有限公司 | A kind of data permission distribution control method and system based on micro services framework |
| CN112445580A (en) * | 2019-08-28 | 2021-03-05 | 烽火通信科技股份有限公司 | Micro-service grouping management control method and system |
| CN110737567A (en) * | 2019-10-17 | 2020-01-31 | 吉旗(成都)科技有限公司 | Server-side interface fusing method and device based on cache |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
| CN111031008B (en) * | 2019-11-25 | 2022-05-24 | 北京小向创新人工智能科技有限公司 | Method for gateway to uniformly intercept and judge whether user request is released |
| CN111131193A (en) * | 2019-12-10 | 2020-05-08 | 四川新网银行股份有限公司 | Distributed service governance method supporting multi-protocol heterogeneous non-code intrusion |
| CN111131193B (en) * | 2019-12-10 | 2022-05-20 | 四川新网银行股份有限公司 | Distributed service management method supporting multi-protocol heterogeneous non-code intrusion |
| CN111079160A (en) * | 2019-12-11 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | Method and system for establishing authority management framework |
| CN111131308B (en) * | 2019-12-31 | 2022-04-12 | 微梦创科网络科技(中国)有限公司 | Calling system and method based on service |
| CN111131308A (en) * | 2019-12-31 | 2020-05-08 | 微梦创科网络科技(中国)有限公司 | Calling system and method based on service |
| CN111327619A (en) * | 2020-02-26 | 2020-06-23 | 南方电网科学研究院有限责任公司 | Micro-service data exchange method and device |
| CN111611259A (en) * | 2020-05-28 | 2020-09-01 | 贝壳技术有限公司 | Interface request processing method, device, system and computer readable storage medium |
| CN111859419A (en) * | 2020-06-29 | 2020-10-30 | 远光软件股份有限公司 | Method for configuring resource authority to main body based on micro service |
| CN111859419B (en) * | 2020-06-29 | 2023-10-10 | 远光软件股份有限公司 | Method for configuring resource permission to main body based on micro-service |
| CN112073387A (en) * | 2020-08-19 | 2020-12-11 | 成都精灵云科技有限公司 | Distributed permission authentication system for micro-service |
| CN113326540A (en) * | 2021-06-29 | 2021-08-31 | 平安普惠企业管理有限公司 | Calling authority control method, device, server, system and medium of microservice |
| CN113326540B (en) * | 2021-06-29 | 2023-12-22 | 深圳世纪前沿量化科技有限公司 | Micro-service calling authority control method, device, server, system and medium |
| CN116049860A (en) * | 2023-03-06 | 2023-05-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
| CN116049860B (en) * | 2023-03-06 | 2023-06-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109948356A (en) | One kind is based on service call authority control method under micro services framework | |
| CN110557384B (en) | Internet of things management control method based on block chain | |
| CN109559258B (en) | Educational resource public service system | |
| Serpanos et al. | Internet-of-things (IoT) systems: architectures, algorithms, methodologies | |
| CN104247333B (en) | System and method for the management of network service | |
| FI117735B (en) | Centralized management for a set of network nodes | |
| KR101605967B1 (en) | Sevice method and system for managing transaction using application property | |
| CN112367321B (en) | Method for quickly constructing service call and middle station API gateway | |
| CN109831327A (en) | IMS full service network based on big data analysis monitors intelligent operation support system | |
| CN104937895A (en) | Method and apparatus for controlling access in wireless communication system | |
| US20090040947A1 (en) | Push and Clone Configuration Management for Mobile Devices | |
| CN105359482A (en) | System and method for transparently injecting policy in a platform as a service infrastructure | |
| CN104135378B (en) | The method and things-internet gateway management and control entity of control are managed to things-internet gateway | |
| CN110554927A (en) | Micro-service calling method based on block chain | |
| CN105981331A (en) | An entity handle registry to support traffic policy enforcement | |
| CN110083338B (en) | Service system based on intelligent gateway | |
| CN103577180B (en) | Data processing method and device | |
| CN112699136B (en) | Cross-link certificate storage method and related device | |
| US11622252B2 (en) | Methods and systems for management and control of communication network | |
| CN116055556A (en) | Method, system, device and equipment for data exchange | |
| CN101283540A (en) | Method and device for sharing rights object in digital rights management and system thereof | |
| Sicari et al. | Secure OM2M service platform | |
| CN103546324B (en) | Method and system for intelligent component library management | |
| CN114301682A (en) | Data processing method and device and terminal equipment | |
| Reed et al. | BULWARK: A Framework to Store IoT Data in User Accounts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190628 |