CN110363026A - File operation method, device, equipment, system and computer readable storage medium - Google Patents

File operation method, device, equipment, system and computer readable storage medium Download PDF

Info

Publication number
CN110363026A
CN110363026A CN201910658649.5A CN201910658649A CN110363026A CN 110363026 A CN110363026 A CN 110363026A CN 201910658649 A CN201910658649 A CN 201910658649A CN 110363026 A CN110363026 A CN 110363026A
Authority
CN
China
Prior art keywords
file
user
requests
information
file operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910658649.5A
Other languages
Chinese (zh)
Other versions
CN110363026B (en
Inventor
王和平
尹强
刘有
黄山
杨峙岳
邸帅
卢道和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910658649.5A priority Critical patent/CN110363026B/en
Publication of CN110363026A publication Critical patent/CN110363026A/en
Priority to PCT/CN2020/102319 priority patent/WO2021013033A1/en
Application granted granted Critical
Publication of CN110363026B publication Critical patent/CN110363026B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

The present invention relates to financial technology technical field, a kind of file operation method, device, equipment, system and computer readable storage medium are disclosed.This document operating method includes: to obtain user information, file destination store path and object run according to the file operation requests when receiving file operation requests;Authentication is carried out to user based on the user information, the file destination store path and the object run and operating right is verified;When authentication and operating right verifying pass through, target remote file service is determined according to the file destination store path and preset rules;Superuser right is obtained by the target remote file service, and is called based on the superuser right with the corresponding object run method of the object run, to file destination corresponding with the file destination store path execution object run.The present invention can be improved the controllability of user authority management and the safety of file system operation access.

Description

File operation method, device, equipment, system and computer readable storage medium
Technical field
The present invention relates to financial technology (Fintech) technical field more particularly to a kind of file operation method, device, set Standby, system and computer readable storage medium.
Background technique
With the development of computer technology, more and more technology (big data, distribution, block chain Blockchain, people Work intelligence etc.) it applies in financial field, traditional financial industry gradually changes to financial technology (Fintech), but due to finance The safety of industry, requirement of real-time, also to technology, more stringent requirements are proposed.
In a computer, file system (File System) is to name file and place the logic storage of file and restore System.Currently, many services of bank and other financial mechanism require that the relevant file operation of each file system progress is accessed, Corresponding, each file system provides corresponding API, and (Application Programming Interface, application program are compiled Journey interface) it is given to user's progress file relevant operation, such as newly-increased, deletion, read-write etc..Currently, local file system and The API that the file system such as HDFS (Hadoop Distributed File System, distributed file system) provide is general only User can be made to access and operate the file of itself, and cannot inside the service of process to the file of all users into Row access and operation only can just possess the permission of All Files, however, being using the service of superuser right starting Each user opens superuser right and will lead to user right not that is, so that each user possesses the operating right of All Files The safety of controllable and file system operation access is lower.
Summary of the invention
The main purpose of the present invention is to provide a kind of file operation method, device, equipment, system and computer-readable deposit Storage media, it is intended to improve the controllability of user authority management and the safety of file system operation access.
To achieve the above object, the present invention provides a kind of file operation method, and the file operation method includes:
When receiving file operation requests, user information is obtained according to the file operation requests, file destination stores Path and object run;
Authentication is carried out to user based on the user information, the file destination store path and the object run It is verified with operating right;
It is true according to the file destination store path and preset rules when authentication and operating right verifying pass through Set the goal remote file service;
By the target remote file service obtain superuser right, and based on the superuser right call with The corresponding object run method of the object run, file destination corresponding with the file destination store path is executed described in Object run.
Optionally, the user information includes user account information, token Token information and Internet protocol IP information, It is described that authentication and behaviour are carried out to user based on the user information, the file destination store path and the object run The step of making Authority Verification include:
Verifying Token corresponding with the user account information is obtained, by the Token information and the verifying Token It is compared, and detects the IP information whether in default IP white list, to carry out authentication to user;
The operation permission information of user is obtained according to the user account information, and road is stored according to the file destination Diameter, the object run and the operation permission information carry out operating right verifying to user.
Optionally, the step that target remote file service is determined according to the file destination store path and preset rules Suddenly include:
Target file system is determined according to the file destination store path, and is obtained corresponding with the target file system Each remote file service having been turned under number of requests, be denoted as the first number of requests;
Remote file service corresponding to minimum value in first number of requests is determined as target remote file Service.
Optionally, the file operation method further include:
The current request quantity under each remote file service having been turned on periodically is obtained, the second number of requests is denoted as;
Whether each numerical value detected in second number of requests is all larger than the first preset threshold;
If each numerical value in second number of requests is all larger than the first preset threshold, start new telefile clothes Business.
Optionally, the regular current request quantity obtained under each remote file service having been turned on, is denoted as second and asks After the step of seeking quantity, further includes:
It detects in second number of requests with the presence or absence of the numerical value less than the second preset threshold;
If it exists, then stop remote file service corresponding to the existing numerical value less than second preset threshold.
Optionally, the file operation method further include:
After the completion of operating execution, corresponding operation implementing result is generated, and be back to and the file operation requests pair The user terminal answered.
In addition, to achieve the above object, the present invention also provides a kind of file operation device, the file operation device packet It includes:
First obtains module, for obtaining user according to the file operation requests when receiving file operation requests Information, file destination store path and object run;
Subscriber authentication module, for being based on the user information, the file destination store path and the object run Authentication and operating right verifying are carried out to user;
Determining module is serviced, is used to verify when passing through when authentication and operating right, be deposited according to the file destination Storage path and preset rules determine target remote file service;
Operation executing module, for obtaining superuser right by the target remote file service, and based on described Superuser right calls object run method corresponding with the object run, to corresponding with the file destination store path File destination execute the object run.
In addition, to achieve the above object, the present invention also provides a kind of file operation apparatus, the file operation apparatus packet It includes: memory, processor and being stored in the file operation program that can be run on the memory and on the processor, it is described The step of file operation program realizes file operation method as described above when being executed by the processor.
In addition, to achieve the above object, the present invention also provides a kind of file operating system, the file operating system includes File operation apparatus and user terminal;Wherein,
The file operation apparatus is file operation apparatus as described above;
The user terminal for receiving the file system object inquiry request of user's triggering, and obtains the file system The file system type and proxy user information carried in object query request;According to the file system type and the agency The file system object that user information is acted on behalf of, and shown;Receive file system object of the user based on the agency The file operation requests of triggering, and the file operation requests are sent to the file operation apparatus.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium File operation program is stored on storage medium, the file operation program realizes file as described above when being executed by processor The step of operating method.
The present invention provides a kind of file operation method, device, equipment, system and computer readable storage medium, is receiving To user terminal send file operation requests when, according to this document operation requests obtain user information, file destination store path And object run, it is then based on the above-mentioned user information got, file destination store path and object run and user is carried out Authentication and operating right verifying;When authentication and operating right verifying pass through, first stored according to the file destination Path and preset rules determine target remote file service, then obtain superuser right by target remote file service, And object run method corresponding with the object run is called based on superuser right, to corresponding with file destination store path File destination performance objective operation.By the above-mentioned means, in the present invention only authentication and operating right need to be carried out to user Verifying, when authentication and operating right verifying pass through after, can obtain superuser right to proxy user (i.e. other User) file operate, compared with the prior art, the present invention be not necessarily to for each user open superuser right, it can be achieved that To the fully controllable of user authority management, the safety of different file operational access can be improved.
Detailed description of the invention
Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of file operation method first embodiment of the present invention;
Fig. 3 is the functional block diagram of file operation device first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
File operation apparatus of the embodiment of the present invention can be smart phone, be also possible to PC (Personal Computer, Personal computer), tablet computer, the terminal devices such as portable computer.
As shown in Figure 1, this document operation equipment may include: processor 1001, such as CPU, communication bus 1002, user Interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection between these components Communication.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user Interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include having for standard Line interface, wireless interface (such as Wi-Fi interface).Memory 1005 can be high speed RAM memory, be also possible to stable storage Device (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processing The storage device of device 1001.
It will be understood by those skilled in the art that file operation apparatus structure shown in Fig. 1 is not constituted to file operation The restriction of equipment may include perhaps combining certain components or different component cloth than illustrating more or fewer components It sets.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium Believe module, Subscriber Interface Module SIM and file operation program.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server Data communication;User interface 1003 is mainly used for connecting client, carries out data communication with client;And processor 1001 can be with For calling the file operation program stored in memory 1005, and execute following operation:
When receiving file operation requests, user information is obtained according to the file operation requests, file destination stores Path and object run;
Authentication is carried out to user based on the user information, the file destination store path and the object run It is verified with operating right;
It is true according to the file destination store path and preset rules when authentication and operating right verifying pass through Set the goal remote file service;
By the target remote file service obtain superuser right, and based on the superuser right call with The corresponding object run method of the object run, file destination corresponding with the file destination store path is executed described in Object run.
Further, the user information includes user account information, token Token information and Internet protocol IP letter Breath, processor 1001 can call the file operation program stored in memory 1005, also execute following operation:
Verifying Token corresponding with the user account information is obtained, by the Token information and the verifying Token It is compared, and detects the IP information whether in default IP white list, to carry out authentication to user;
The operation permission information of user is obtained according to the user account information, and road is stored according to the file destination Diameter, the object run and the operation permission information carry out operating right verifying to user.
Further, processor 1001 can call the file operation program stored in memory 1005, also execute following Operation:
Target file system is determined according to the file destination store path, and is obtained corresponding with the target file system Each remote file service having been turned under number of requests, be denoted as the first number of requests;
Remote file service corresponding to minimum value in first number of requests is determined as target remote file Service.
Further, processor 1001 can call the file operation program stored in memory 1005, also execute following Operation:
The current request quantity under each remote file service having been turned on periodically is obtained, the second number of requests is denoted as;
Whether each numerical value detected in second number of requests is all larger than the first preset threshold;
If each numerical value in second number of requests is all larger than the first preset threshold, start new telefile clothes Business.
Further, processor 1001 can call the file operation program stored in memory 1005, also execute following Operation:
It detects in second number of requests with the presence or absence of the numerical value less than the second preset threshold;
If it exists, then stop remote file service corresponding to the existing numerical value less than second preset threshold.
Further, processor 1001 can call the file operation program stored in memory 1005, also execute following Operation:
After the completion of operating execution, corresponding operation implementing result is generated, and be back to and the file operation requests pair The user terminal answered.
Based on above-mentioned hardware configuration, each embodiment of file operation method of the present invention is proposed.
The present invention provides a kind of file operation method.
It is the flow diagram of file operation method first embodiment of the present invention referring to Fig. 2, Fig. 2.
In the present embodiment, this document operating method includes:
Step S10 obtains user information, target according to the file operation requests when receiving file operation requests File store path and object run;
The file operation method of the present embodiment is realized by file operation apparatus, which is said by taking server as an example It is bright.Wherein, the equipment is equipped with engine manager service (IO-EM, Input/Output-Engine Mamager) and long-range text Part service (IO-Engine), and compatible API (Application Programming Interface, application program are provided Programming interface) receive the file operation requests that user terminal is sent, wherein and the file operation that IO-EM is used to receive user's triggering is asked It asks, and obtains user information, file destination store path and object run according to file operation requests, and then body is carried out to user Part verifying and operating right verifying, are also used to monitor the loading condition of each remote file service IO-Engine, and then determine target Remote file service is also used to control the start and stop of corresponding IO-Engine according to the loading condition of IO-Engine, is also used to receive The operation implementing result that IO-Engine is sent, and it is back to user terminal;Remote file service IO-Engine is for obtaining file The superuser right of system, and file operation side corresponding to the object run called and got based on superuser right Method carries out file operation to the file destination in target file system, is also used to generate corresponding operation implementing result, and send To IO-EM.It should be noted that IO-Engine be it is corresponding with the type of file system, file system may include local text Part system (local), distributed file system (HDFS) and other kinds of file system, corresponding to all types of file system IO-Engine also include multiple.Equipment is operated by this document, it can be achieved that remotely grasping to the access of multiple types file system Make.
In the present embodiment, server receives the text that user terminal is remotely sent by the api interface of its compatibility by IO-EM Part operation requests are obtained when receiving the file operation requests of user terminal transmission by IO-EM according to this document operation requests User information, file destination store path and object run, wherein user information can include but is not limited to account information, Token (token) information and IP (Internet Protocol, Internet protocol) information.
Step S20 carries out user based on the user information, the file destination store path and the object run Authentication and operating right verifying;
After getting user information, file destination store path and object run, the IO-EM in server is based on using Family information, file destination store path and object run carry out authentication to user and operating right is verified, wherein Yong Huxin Breath includes user account information, Token (token) information and IP (Internet Protocol, Internet protocol) information, user Account information is the account name of user, and Token information can be a fixed Token code for being pre-assigned to user, It can be the random Token code generated in real time by the Token generating device for distributing to user, IP information is user terminal IP address, step S20 includes:
Step a1 obtains verifying Token corresponding with the user account information, the Token information is tested with described Card Token is compared, and detects the IP information whether in default IP white list, to carry out authentication to user;
For authentication, verifying Token corresponding with the user account information, corresponding, the verifying can be first obtained Token can be the fixation Token code for distributing to user pre-saved, be also possible to Token generating device and synchronize be transmitted across Then the Token information is compared with verifying Token, and whether detects IP information in default IP by the random Token code come In white list, to carry out authentication to user.When comparison result is that Token information is identical as verifying Token, and IP information exists When in default IP white list, then authentication passes through.When comparison result be Token information with verify Token it is not identical, and/or When IP information is not in default IP white list, then authentication does not pass through.It, can be with it should be noted that in a particular embodiment The one of which being based only in Token information and IP information carries out authentication to user, it is of course also possible to based on other letters Breath carries out authentication to user.
Step a2 obtains the operation permission information of user according to the user account information, and according to the file destination Store path, the object run and the operation permission information carry out operating right verifying to user.
Verifying for operating right can first obtain the operation permission information of user, wherein behaviour according to user account information It may include which file system to other which users (proxy user), which file that user is possessed as authority information Which operating right of (folder).Specifically, the mapping that can be preset between user account information and operation permission information is closed System, and then according to the mapping relations between user account information and preset user account information and operation permission information, To acquire the operation permission information of user.
Then, judge whether user possesses accordingly according to file destination store path, object run and operation permission information Operating right, to carry out operating right verifying to user, specifically, detectable file destination store path and object run are In the no extent of competence corresponding to operation permission information;If intra vires, operating right is verified, if not weighing It limits in range, then operating right authentication failed.Wherein, file destination store path and target proxy user, target file system It is corresponding with file destination (folder), corresponding target proxy user, target text can be determined according to file destination store path Part system and file destination (folder), and then according to file destination store path, object run and the operation permission information determined Judge whether user possesses corresponding operation permission.It should be noted that in actual application, can be believed according to operating right The information type that specifically limits is ceased, information type needed for whether user possesses operating right is judged to determine, for example, if grasping The proxy user, file system and file (folder) of operating right are merely defined as authority information, and object run is not carried out It limits, then can judge whether user possesses operating right based on file destination store path and operation permission information.
In addition it is also necessary to explanation, in a particular embodiment, the execution sequence of step a1 and a2 are in no particular order.It can be with Understand, when executing the either step in a1 and a2, when result is authentication failed, then without executing another step, for example, working as Authentication is first carried out, when result is that authentication fails, then is not necessarily to continue operation the verifying of permission, at this point, can be direct Corresponding prompt information is generated, and is sent to user terminal, to prompt user's checking to fail.
It is, of course, understood that administrative staff can also according to actual needs carry out corresponding safety verification rule Individual cultivation, for example, only carrying out authentication or operating right verifying, or using other safety verification modes.
Step S30, when authentication and operating right are verified when passing through, according to the file destination store path and in advance If rule determines target remote file service;
When authentication and operating right verifying pass through, the IO-EM in server stores road according to the file destination Diameter and preset rules determine target remote file service, specifically, step is " according to the file destination store path and default rule Then determine target remote file service " include:
Step b1 determines target file system according to the file destination store path, and obtains and the file destination Number of requests under the corresponding each remote file service having been turned on of system, is denoted as the first number of requests;
It is remote to be determined as target by step b2 for remote file service corresponding to minimum value in first number of requests Journey file service.
When file system type includes multiple, target file system first can be determined according to file destination store path, and The number of requests under each remote file service having been turned on corresponding with target file system is obtained, to retouch convenient for distinguishing with subsequent It states, the number of requests under each remote file service IO-Engine having been turned on corresponding with target file system can be denoted as to One number of requests, due to IO-Engine include it is multiple, corresponding first number of requests also includes multiple.Then, it is loaded to realize Remote file service IO-Engine corresponding to minimum value in first number of requests can be determined as target remote by equilibrium File service.
Step S40 is obtained superuser right by the target remote file service, and is weighed based on the power user Limit is called and the corresponding object run method of the object run, to file destination corresponding with the file destination store path Execute the object run.
After determination obtains target remote file service, the target remote file service can be passed through and obtain power user's power Limit, and based on superuser right call corresponding with object run object run method, to file destination store path Corresponding file destination performance objective operation.Specifically, from the point of view of bottom, after IO-EM determination obtains target remote file service, It can be started by power user target IO-Engine (starting target IO-Engine after logging in using the account of power user), and File operation requests are sent to the target remote file service (target IO-Engine), so that target IO-Engine is obtained Superuser right, and then target IO-Engine can call target behaviour corresponding with the object run based on superuser right Make method, the object run is executed to file destination corresponding with file destination store path.
The present invention is getting user information, file destination storage during the file operation of bank and other financial mechanism Behind path and object run, authentication first is carried out to user and operating right is verified, after being verified, determines target remote File service, and then pass through target remote file service and obtain superuser right, and call and be somebody's turn to do based on superuser right The corresponding object run method of object run operates file destination performance objective corresponding with file destination store path, nothing Superuser right need to be opened, it can be achieved that the fully controllable of enterprise customer's rights management for each user of enterprise, that is, improve The controllability of enterprise customer's permission, at the same time it can also improve the safety of file system operation access.
The embodiment of the present invention provides a kind of file operation method, when receiving the file operation requests of user terminal transmission, User information, file destination store path and object run are obtained according to this document operation requests, is then based on above-mentioned get User information, file destination store path and object run authentication and operating right carried out to user verify;Work as identity When verifying and operating right verifying pass through, target remote file is first determined according to the file destination store path and preset rules Then service is obtained superuser right by target remote file service, and is called and the target based on superuser right It operates corresponding object run method, file destination performance objective corresponding with file destination store path is operated.By upper Mode is stated, only authentication need to be carried out to user in the embodiment of the present invention and operating right is verified, when authentication and operating rights After limit verifying passes through, superuser right can be obtained, the file of proxy user (i.e. other users) is operated, phase Than in the prior art, the embodiment of the present invention is not necessarily to open superuser right, it can be achieved that user authority management for each user It is fully controllable, the safety of different file operational access can be improved.
Further, it is based on first embodiment shown in Fig. 2, proposes the second embodiment of file operation method of the present invention.
In the present embodiment, this document operating method further include:
Step A periodically obtains the current request quantity under each remote file service having been turned on, is denoted as the second number of request Amount;
In the present embodiment, server can monitor each remote file service (IO- by engine manager (IO-EM) Engine loading condition), and according to the start and stop of loading condition control IO-Engine, to achieve the purpose that load balancing.Specifically , IO-EM can periodically obtain the current request quantity under each remote file service having been turned on, for convenient for difference and rear continued It states, the current request quantity under each remote file service having been turned on that can be will acquire is denoted as the second number of requests.Wherein, far Current request quantity under journey file service as needs the quantity of the file operation requests of processing under remote file service.Periodically It can be set as primary every 3 hours, it is of course also possible to be set according to actual needs, be not specifically limited herein.Due to long-range File service include it is multiple, corresponding, the second number of requests also includes multiple.
Whether step B, each numerical value detected in second number of requests are all larger than the first preset threshold;
After getting the second number of requests, detect whether each numerical value in the second number of requests is all larger than first in advance If threshold value herein, wherein the first preset threshold can be set as 10, it is of course also possible to be set according to actual needs, do not do and have Body limits.
Step C starts new long-range if each numerical value in second number of requests is all larger than the first preset threshold File service.
If each numerical value of the second number of requests is all larger than the first preset threshold, illustrate that all IO-Engine are loaded It is excessively high, at this point, then starting new remote file service IO-Engine.
It should be noted that since each remote file service IO-Engine is, example corresponding with the type of file system If file system may include local file system (local), distributed file system (HDFS) and other kinds of file system, IO-Engine corresponding to all types of file system also include it is multiple, therefore, in a particular embodiment, can also be by file The type of system obtains the current request under the remote file service IO-Engine of all types of file system having been turned on respectively Quantity (be denoted as respectively third number of requests, the 4th number of requests ... N number of requests), so detect respectively third request Quantity, the 4th number of requests ... whether each numerical value in N number of requests is all larger than the first preset threshold, if it exists certain When each numerical value in one number of requests is all larger than the first preset threshold, it can start under file system corresponding to the number of requests New IO-Engine.For example, third number of requests corresponds to local file system, it is each in third number of requests when detecting When a numerical value is all larger than the first preset threshold, then start IO-Engine new corresponding to local file system.
Further, after step, this document operating method can also include:
Step D is detected in second number of requests with the presence or absence of the numerical value less than the second preset threshold;
If it exists, it thens follow the steps E: stopping long-range corresponding to the existing numerical value less than second preset threshold File service.
In addition, after getting the second number of requests, can also detect in the second number of requests with the presence or absence of less than the The numerical value of two preset thresholds, wherein the second preset threshold can be set as 0, it is of course also possible to set according to actual needs, this Place is not specifically limited.If detecting the numerical value existed in the second number of requests less than the second preset threshold, illustrate in the presence of idle Remote file service, at this point, then stop remote file service corresponding to the existing numerical value less than the second preset threshold, Stop idle remote file service.
Certainly, it should be noted that in a particular embodiment, can also be by external equipment, such as IR (Intelligent Routing, Intelligent routing), to monitor the loading condition (i.e. current request quantity) of each IO-Engine, that is, periodically obtained by IR The current request quantity under each remote file service having been turned on is taken, the second number of requests is denoted as;And then by described in IR detection The size relation of each numerical value and the first preset threshold in second number of requests generates corresponding notice letter according to testing result Breath, and it is sent to IO-EM, so that IO-EM controls the start and stop of corresponding IO-Engine according to notification information.Wherein, specifically Detection method is same with the above-mentioned embodiment, that is, whether each numerical value in detection second number of requests is all larger than first Preset threshold;If each numerical value in second number of requests is all larger than the first preset threshold, generates and start newly long-range The notification information of file service, and it is sent to IO-EM, so that IO-EM starts corresponding new IO- according to notification information Engine;Meanwhile it detecting with the presence or absence of the numerical value less than the second preset threshold in the second number of requests, if in the second number of requests In the presence of the numerical value less than the second preset threshold, then the notification information for stopping remote file service being generated, and be sent to IO-EM, with So that IO-EM stops the IO-Engine of corresponding free time according to notification information.
It is appreciated that in the above-described first embodiment, determining target according to file destination store path and preset rules During remote file service, the first number of requests can also be acquired in addition to it can be directly acquired by IO-EM by IR.
Further, it is based on first embodiment shown in Fig. 2, proposes the 3rd embodiment of file operation method of the present invention.
In the present embodiment, after the step s 40, this document operating method further include:
After the completion of operating execution, corresponding operation implementing result is generated, and be back to and the file operation requests pair The user terminal answered.
In the present embodiment, it is the implementing result for understanding operation convenient for user, can generates and correspond to after the completion of operating execution Operation implementing result, and by operation implementing result be back to user terminal corresponding with this document operation requests.Wherein, operation is held Row result includes that operation runs succeeded and operate execution unsuccessfully etc., wherein operation is executed when failing, also be can return to corresponding Failure cause, in order to which user carries out corrigendum processing.
The present invention also provides a kind of file operating system, this document operating system includes file operation apparatus and user terminal. Wherein, the file operation apparatus is file operation apparatus as shown in Figure 1, for executing above-mentioned file operation method embodiment In each step, specific function and realization process can refer to above-described embodiment, do not repeat herein.
The user terminal for receiving the file system object inquiry request of user's triggering, and obtains the file system The file system type and proxy user information carried in object query request;According to the file system type and the agency The file system object that user information is acted on behalf of, and shown;Receive file system object of the user based on the agency The file operation requests of triggering, and the file operation requests are sent to the file operation apparatus.
In the present embodiment, which can be the terminals such as smart phone, PC, be integrated with as made of the encapsulation of multiple modules Sdk (Software Development Kit, Software Development Kit).Specifically, should the sdk as made of the encapsulation of multiple modules It may include FsFactory (file system factory), ProxyFS (agents document system) and IO-Client (input/output) 3 Module, wherein FsFactory is for getting file system type and generation from the file system object inquiry request received Manage user information;ProxyFS is used to receive file system type (such as local file system, HDFS file of FsFactory transmission System etc.) and proxy user information, and file system type and proxy user information are packaged by predetermined manner, are obtained pair The file system object of the agency answered, wherein the file system object of the agency includes in the corresponding file system of proxy user To the operating method of file (folder), for example, obtaining file (folder) size, file (folder) is deleted in creation, the operations such as reading and writing of files Operating method;IO-Client is used to receive the file operation requests of user's triggering, and this document operation requests are passed through compatibility Api interface be sent to file operation apparatus;It can be also used for receiving the operation implementing result that file operation apparatus returns, go forward side by side Row display.
Specifically, when user needs to carry out a certain object run to the corresponding file of a certain file destination store path (folder) When, user first can obtain type and the target proxy user of target file system according to file destination store path determination, lead to Cross the corresponding software or App (Application, application program) input file system type (i.e. file destination in user terminal The type of system) and proxy user information (i.e. the information of target proxy user can be the user name of target proxy user), it is defeated It can trigger file system object inquiry request after the completion of entering, at this point, user terminal is in the file system pair for receiving user's triggering When as inquiry request, the file system type carried in this document system object inquiry request and proxy user information are obtained, In, file system type may include local file system, HDFS file system etc., and proxy user information can be required access Other users (i.e. proxy user) user name.Then, file system type and proxy user information are packaged, are obtained The file system object of agency, and shown in the screen of user terminal, wherein it include mesh in the file system object of agency Mark operates corresponding operating method, can be to the file of proxy user when user is after the file system object for inquiring agency It is operated, specifically, user can operating method based on the object run in the file system object of the agency, file destination Store path, to trigger file operation requests, at this point, user terminal operates this document when receiving this document operation requests Request is sent to file operation apparatus, so that file operation apparatus handles this document operation requests.
The present embodiment provides a kind of file operating system, this document operating system includes file operation apparatus and user terminal, By constructing above-mentioned file operating system, can be accessed operation by user terminal to Telefile convenient for user, meanwhile, It can be realized by file operation apparatus and each file system is managed collectively, without opening superuser right for each user, The safety that the fully controllable of user authority management can be improved different file operational access can be realized.
The present invention also provides a kind of file operation devices.
It is the functional block diagram of file operation device first embodiment of the present invention referring to Fig. 3, Fig. 3.
As shown in figure 3, the file operation device includes:
First obtains module 10, for being obtained and being used according to the file operation requests when receiving file operation requests Family information, file destination store path and object run;
Subscriber authentication module 20, for based on the user information, the file destination store path and target behaviour Make to carry out authentication to user and operating right is verified;
Confirmation module 30 is serviced, is used to verify when passing through when authentication and operating right, according to the file destination Store path and preset rules determine target remote file service;
Operation executing module 40 for obtaining superuser right by the target remote file service, and is based on institute State superuser right call corresponding with object run object run method, to the file destination store path pair The file destination answered executes the object run.
Further, the user information includes user account information, token Token information and Internet protocol IP letter Breath, the subscriber authentication module 20 include:
Identity authenticating unit believes the Token for obtaining verifying Token corresponding with the user account information Breath is compared with the verifying Token, and detects the IP information whether in default IP white list, to carry out body to user Part verifying;
Authority Verification unit, for obtaining the operation permission information of user according to the user account information, and according to institute It states file destination store path, the object run and the operation permission information and operating right verifying is carried out to user.
Further, the service confirmation module 30 includes:
First acquisition unit, for determining target file system, and acquisition and institute according to the file destination store path The number of requests under the corresponding each remote file service having been turned on of target file system is stated, the first number of requests is denoted as;
First determination unit, for remote file service corresponding to the minimum value in first number of requests is true It is set to target remote file service.
Further, the file operation device further include:
Second acquisition module is denoted as periodically obtaining the current request quantity under each remote file service having been turned on Second number of requests;
First detection module, for detecting whether each numerical value in second number of requests is all larger than the first default threshold Value;
Starting module is serviced, if each numerical value in second number of requests is all larger than the first preset threshold, Start new remote file service.
Further, the file operation device further include:
Second detection module, for detecting in second number of requests with the presence or absence of the number less than the second preset threshold Value;
Service stopping module is used for if it exists, then right less than the numerical value of second preset threshold institute present in stopping The remote file service answered.
Further, the file operation device further include:
Result return module, for operate execute after the completion of, generate corresponding operation implementing result, and be back to and institute State the corresponding user terminal of file operation requests.
Wherein, each in the function realization and above-mentioned file operation method embodiment of modules in above-mentioned file operation device Step is corresponding, and function and realization process no longer repeat one by one here.
The present invention also provides a kind of computer readable storage medium, file behaviour is stored on the computer readable storage medium Make program, the file operation method as described in any of the above item embodiment is realized when the file operation program is executed by processor The step of.
The specific embodiment of computer readable storage medium of the present invention and the basic phase of each embodiment of above-mentioned file operation method Together, therefore not to repeat here.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone, Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of file operation method, which is characterized in that the file operation method includes:
When receiving file operation requests, user information, file destination store path are obtained according to the file operation requests And object run;
Authentication and behaviour are carried out to user based on the user information, the file destination store path and the object run Make Authority Verification;
When authentication and operating right verifying pass through, mesh is determined according to the file destination store path and preset rules Mark remote file service;
By the target remote file service obtain superuser right, and based on the superuser right call with it is described The corresponding object run method of object run executes the target to file destination corresponding with the file destination store path Operation.
2. file operation method as described in claim 1, which is characterized in that the user information include user account information, Token Token information and Internet protocol IP information, it is described to be based on the user information, the file destination store path and institute Stating the step of object run carries out authentication and operating right verifying to user includes:
Verifying Token corresponding with the user account information is obtained, the Token information and the verifying Token are carried out It compares, and detects the IP information whether in default IP white list, to carry out authentication to user;
The operation permission information of user is obtained according to the user account information, and according to the file destination store path, institute It states object run and the operation permission information and operating right verifying is carried out to user.
3. file operation method as described in claim 1, which is characterized in that it is described according to the file destination store path and Preset rules determine that the step of target remote file service includes:
Target file system is determined according to the file destination store path, and acquisition is corresponding with the target file system Number of requests under each remote file service of starting, is denoted as the first number of requests;
Remote file service corresponding to minimum value in first number of requests is determined as target remote file service.
4. file operation method as claimed any one in claims 1 to 3, which is characterized in that the file operation method is also Include:
The current request quantity under each remote file service having been turned on periodically is obtained, the second number of requests is denoted as;
Whether each numerical value detected in second number of requests is all larger than the first preset threshold;
If each numerical value in second number of requests is all larger than the first preset threshold, start new remote file service.
5. file operation method as claimed in claim 4, which is characterized in that each telefile that the regular acquisition has been turned on Current request quantity under service, after the step of being denoted as the second number of requests, further includes:
It detects in second number of requests with the presence or absence of the numerical value less than the second preset threshold;
If it exists, then stop remote file service corresponding to the existing numerical value less than second preset threshold.
6. file operation method as claimed any one in claims 1 to 3, which is characterized in that the file operation method is also Include:
After the completion of operating execution, corresponding operation implementing result is generated, and be back to corresponding with the file operation requests User terminal.
7. a kind of file operation device, which is characterized in that the file operation device includes:
First obtains module, for when receiving file operation requests, according to the file operation requests obtain user information, File destination store path and object run;
Subscriber authentication module, for based on the user information, the file destination store path and the object run to Family carries out authentication and operating right verifying;
Determining module is serviced, is used to verify when passing through when authentication and operating right, road is stored according to the file destination Diameter and preset rules determine target remote file service;
Operation executing module, for obtaining superuser right by the target remote file service, and based on described super User right calls and the corresponding object run method of the object run, to mesh corresponding with the file destination store path It marks file and executes the object run.
8. a kind of file operation apparatus, which is characterized in that the file operation apparatus includes: memory, processor and is stored in On the memory and the file operation program that can run on the processor, the file operation program is by the processor It realizes when execution such as the step of file operation method described in any one of claims 1 to 6.
9. a kind of file operating system, which is characterized in that the file operating system includes file operation apparatus and user terminal;Its In,
The file operation apparatus is file operation apparatus as claimed in claim 8;
The user terminal for receiving the file system object inquiry request of user's triggering, and obtains the file system object The file system type and proxy user information carried in inquiry request;According to the file system type and the proxy user The file system object that information is acted on behalf of, and shown;User is received to trigger based on the file system object of the agency File operation requests, and the file operation requests are sent to the file operation apparatus.
10. a kind of computer readable storage medium, which is characterized in that be stored with file behaviour on the computer readable storage medium Make program, such as file operation described in any one of claims 1 to 6 is realized when the file operation program is executed by processor The step of method.
CN201910658649.5A 2019-07-19 2019-07-19 File operation method, device, equipment, system and computer readable storage medium Active CN110363026B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910658649.5A CN110363026B (en) 2019-07-19 2019-07-19 File operation method, device, equipment, system and computer readable storage medium
PCT/CN2020/102319 WO2021013033A1 (en) 2019-07-19 2020-07-16 File operation method, apparatus, device, and system, and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910658649.5A CN110363026B (en) 2019-07-19 2019-07-19 File operation method, device, equipment, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110363026A true CN110363026A (en) 2019-10-22
CN110363026B CN110363026B (en) 2021-06-25

Family

ID=68221369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910658649.5A Active CN110363026B (en) 2019-07-19 2019-07-19 File operation method, device, equipment, system and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN110363026B (en)
WO (1) WO2021013033A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222146A (en) * 2019-11-14 2020-06-02 京东数字科技控股有限公司 Authority verification method, authority verification device, storage medium and electronic equipment
WO2021013033A1 (en) * 2019-07-19 2021-01-28 深圳前海微众银行股份有限公司 File operation method, apparatus, device, and system, and computer readable storage medium
CN113051611A (en) * 2021-03-15 2021-06-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113382017A (en) * 2021-06-29 2021-09-10 深圳壹账通智能科技有限公司 Permission control method and device based on white list, electronic equipment and storage medium
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN114785607A (en) * 2022-05-06 2022-07-22 深圳创维-Rgb电子有限公司 Advertisement blocking method, device, equipment and computer readable storage medium
CN115114646A (en) * 2022-08-25 2022-09-27 北京前沿信安科技股份有限公司 File authority processing method and device and storage medium
CN115277680A (en) * 2022-07-29 2022-11-01 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312133B (en) * 2021-06-17 2022-06-24 浙江齐安信息科技有限公司 Operation method, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260555B2 (en) * 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543448B (en) * 2018-11-16 2022-07-15 深圳前海微众银行股份有限公司 HDFS file access authority control method, device and storage medium
CN110363026B (en) * 2019-07-19 2021-06-25 深圳前海微众银行股份有限公司 File operation method, device, equipment, system and computer readable storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260555B2 (en) * 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
范学辉: "《基于HDFS架构的云存储访问控制机制的研究与设计》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021013033A1 (en) * 2019-07-19 2021-01-28 深圳前海微众银行股份有限公司 File operation method, apparatus, device, and system, and computer readable storage medium
CN111222146A (en) * 2019-11-14 2020-06-02 京东数字科技控股有限公司 Authority verification method, authority verification device, storage medium and electronic equipment
CN111222146B (en) * 2019-11-14 2022-08-12 京东科技控股股份有限公司 Authority checking method, authority checking device, storage medium and electronic equipment
CN113051611A (en) * 2021-03-15 2021-06-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113051611B (en) * 2021-03-15 2022-04-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113382017A (en) * 2021-06-29 2021-09-10 深圳壹账通智能科技有限公司 Permission control method and device based on white list, electronic equipment and storage medium
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN114785607A (en) * 2022-05-06 2022-07-22 深圳创维-Rgb电子有限公司 Advertisement blocking method, device, equipment and computer readable storage medium
CN115277680A (en) * 2022-07-29 2022-11-01 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security
CN115277680B (en) * 2022-07-29 2024-04-19 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security
CN115114646A (en) * 2022-08-25 2022-09-27 北京前沿信安科技股份有限公司 File authority processing method and device and storage medium
CN115114646B (en) * 2022-08-25 2023-01-03 北京前沿信安科技股份有限公司 File authority processing method and device and storage medium

Also Published As

Publication number Publication date
WO2021013033A1 (en) 2021-01-28
CN110363026B (en) 2021-06-25

Similar Documents

Publication Publication Date Title
CN110363026A (en) File operation method, device, equipment, system and computer readable storage medium
CN100380271C (en) Methods and apparatus for dynamic user authentication
CN112840326A (en) Test engine for automated operations management
US10810055B1 (en) Request simulation for ensuring compliance
US10305962B1 (en) Unit testing clients of web services
CN110401655A (en) Access control right management system based on user and role
CN108492005A (en) Project data processing method, device, computer equipment and storage medium
CN106357807B (en) A kind of data processing method, device and system
US10891357B2 (en) Managing the display of hidden proprietary software code to authorized licensed users
CN111090581B (en) Intelligent contract testing method, intelligent contract testing device, computer equipment and storage medium
CN111368330B (en) Ethernet intelligent contract auditing system and method based on block chain
CN110278192A (en) Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet
CN108399331A (en) Application process trial method and system
US20140366109A1 (en) Secure messaging facility system
CN109117609A (en) A kind of request hold-up interception method and device
CN106656927A (en) Method and device for enabling Linux account to be added to AD domain
CN110175439A (en) User management method, device, equipment and computer readable storage medium
CN110221845A (en) Using dispositions method, device, equipment and medium
CN107844542A (en) A kind of distributed document storage method and device
CN107645474A (en) Log in the method for open platform and log in the device of open platform
CN107526580A (en) Terminal applies recognition methods and device
KR100456512B1 (en) System for detecting a kernel backdoor, method for detecting a kernel backdoor and method for recovering a kernel data using the same
CN110308968A (en) Maintain host and the consistent method, apparatus of container group #, equipment and medium
CN110210192A (en) Approaches to IM, device, equipment and readable storage medium storing program for executing
CN110336813A (en) A kind of access control method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant