CN112615849B - Micro-service access method, device, equipment and storage medium - Google Patents

Micro-service access method, device, equipment and storage medium Download PDF

Info

Publication number
CN112615849B
CN112615849B CN202011476001.5A CN202011476001A CN112615849B CN 112615849 B CN112615849 B CN 112615849B CN 202011476001 A CN202011476001 A CN 202011476001A CN 112615849 B CN112615849 B CN 112615849B
Authority
CN
China
Prior art keywords
service
micro
target
access request
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011476001.5A
Other languages
Chinese (zh)
Other versions
CN112615849A (en
Inventor
陈忠平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202011476001.5A priority Critical patent/CN112615849B/en
Publication of CN112615849A publication Critical patent/CN112615849A/en
Priority to PCT/CN2021/090256 priority patent/WO2022126968A1/en
Application granted granted Critical
Publication of CN112615849B publication Critical patent/CN112615849B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Abstract

The invention relates to the technical field of information security, and discloses a micro-service access method, a device, equipment and a storage medium, which are used for improving the micro-service access accuracy. The micro-service access method comprises the following steps: intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token; if the expiration time is less than or equal to the current time, sending a permission acquisition request to the target permission management service according to the new user token to obtain a target user permission list; if the expiration time is greater than the current time, acquiring a tenant identification value and cached permission list data according to the target user token; if the access request address does not exist in the cached permission list data, generating warning information; and if the access request address exists in the cached permission list data, accessing the micro-service of the target system based on the tenant identification value and the access request address. In addition, the invention also relates to a block chain technology, and the access request address can be stored in the block chain node.

Description

Micro-service access method, device, equipment and storage medium
Technical Field
The invention relates to the field of gateway control of information security technology, in particular to a micro-service access method, a device, equipment and a storage medium.
Background
In the existing single application, a public jar packet is generally adopted for authentication and application interface API and menu authority control, and a micro service needing authority control introduces the authority packet and is adapted on the basis of the public jar packet; or a corresponding rights management module is developed for each application separately.
The existing permission control scheme has serious invasion to the micro-service, generally needs to create a corresponding permission related table in the micro-service, store permission related data in a local database, and then adapt the local database to an interface in a jar packet. Meanwhile, due to lack of unified management of the authority, when one system has a plurality of sub-microservices, the authority data needs to be synchronized among the sub-microservices, and inconsistency of the authority data is easily caused. And each sub-service needs to execute an authority verification rule, and each sub-micro-service needs to invest a large amount of development and testing when accessing the authority, so that the problems of low authority verification efficiency and low micro-service access accuracy of the micro-service cluster are caused.
Disclosure of Invention
The invention provides a micro-service access method, a device, equipment and a storage medium, which are used for improving the authority verification efficiency and the micro-service access accuracy of a micro-service cluster.
In order to achieve the above object, a first aspect of the present invention provides a micro service access method, including: intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object; acquiring the current time and the expiration time of a target user token, and judging whether the expiration time is greater than the current time; if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, and writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating to perform microservice authorization operation on a plurality of tenants; if the expiration time is greater than the current time, inquiring session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data, and judging whether the access request address exists in the cached permission list data or not; if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, wherein the warning information is used for indicating that the micro-service access request is limited; if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
Optionally, in a first implementation manner of the first aspect of the present invention, the intercepting, by a preset micro service gateway, a micro service access request to obtain an access request address and a target user token, where the preset micro service gateway is a request interceptor implemented based on a preset route filtering object, includes: receiving a micro-service access request, intercepting and analyzing the micro-service access request through a preset micro-service gateway to obtain request header information, wherein the preset micro-service gateway is a request interceptor realized based on a preset routing filtering object zuilfilter; and reading an access request address and a target user token from the request header information according to a preset parameter name, wherein the target user token is a character string set when the user successfully logs in the micro-service.
Optionally, in a second implementation manner of the first aspect of the present invention, if the expiration time is less than or equal to the current time, obtaining a new user token, sending an authorization obtaining request to a target authorization management service according to the new user token to obtain a target user authorization list, and writing the target user authorization list into session information in a memory database according to the new user token, where the target authorization management service is configured to instruct a plurality of tenants to perform a microservice authorization operation, and includes: if the expiration time is less than or equal to the current time, calling a preset login page to guide the user to log in again to obtain a login result; when the login result is a preset value, determining that the user successfully logs in, acquiring a new user token and session information of the user, and performing associated mapping on the new user token and the session information of the user and storing the new user token and the session information of the user in a memory database; acquiring a user unique identifier and a tenant identifier value from the session information of the user according to the new user token, and sending an authority acquisition request to a target authority management service based on the user unique identifier and the tenant identifier value, so that the target authority management service searches and returns a target user authority list according to the user unique identifier and the tenant identifier value, and the target authority management service is used for indicating that micro-service authorization operation is performed on a plurality of tenants; and receiving the target user permission list, updating the target user permission list to the session information in the memory database based on the new user token to obtain an updating result, and determining whether to send the micro-service access request according to the updating result.
Optionally, in a third implementation manner of the first aspect of the present invention, if the expiration time is greater than the current time, querying session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data, and determining whether the access request address exists in the cached permission list data, where the method includes: if the expiration time is greater than the current time, setting the target user token as a target key, and inquiring session information in a memory database according to the target key to obtain a target value, wherein the session information is user permission list data obtained by calling a preset permission service when a user logs in for the first time; when the target value is not a null value, acquiring a tenant identification value and cached permission list data from the target value; calling a preset search function to search the cached permission list data according to the access request address to obtain a search result; if the retrieval result is not a preset target value, determining that the access request address does not exist in the cached permission list data, and generating prompt information, wherein the prompt information is used for indicating that the micro-service access request is abnormal; and if the retrieval result is a preset target value, determining that the access request address exists in the cached permission list data.
Optionally, in a fourth implementation manner of the first aspect of the present invention, if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, where the warning information is used to indicate that a micro-service access request is limited, where the method includes: if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and updating the operation log information to the memory database; and generating warning information according to a preset template, and displaying the warning information through a preset prompt box, wherein the warning information is used for indicating that the micro-service access request is limited.
Optionally, in a fifth implementation manner of the first aspect of the present invention, if the access request address exists in the cached permission list data, determining a target micro service cluster based on the tenant identification value, and accessing a target system micro service in the target micro service cluster according to the access request address to obtain an access result, where the method includes: if the access request address exists in the cached permission list data, inquiring a preset data table based on the tenant identification value to obtain a target micro service cluster, wherein the target micro service cluster is used for indicating the list data of a container to which the system micro service belongs; acquiring a random number, and performing remainder taking on the number of containers to which the system micro-service belongs according to the random number to obtain a target remainder; and setting the target remainder as the index of the container to which the system micro-service belongs, and carrying out service call on the target system micro-service in the target micro-service cluster according to the access request address and the index of the container to which the system micro-service belongs to obtain an access result, wherein the access result comprises access success and access failure.
Optionally, in a sixth implementation manner of the first aspect of the present invention, before the intercepting, by a preset micro service gateway, a micro service access request to obtain an access request address and a target user token, where the preset micro service gateway is a request interceptor implemented based on a preset route filtering object, the micro service access method further includes: adding a tenant through the target authority management service, and configuring corresponding tenant information for the tenant; acquiring a configuration file containing a plurality of user information, and importing the configuration file into the target authority management service so as to enable the plurality of user information to be respectively associated and bound with the tenant; adding at least one system micro service to the tenant, and establishing resource item information for each system micro service, wherein the resource item information comprises menu resources and interface buttons; creating a role tree for the tenant, setting the resource item information for each role in the role tree, and distributing the role data in the role tree to a plurality of users bound with the tenant in an associated manner.
The second aspect of the present invention provides a micro-service access device, including: the intercepting module is used for intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object; the judging module is used for acquiring the current time and the expiration time of the target user token and judging whether the expiration time is greater than the current time; the write-in module is used for acquiring a new user token if the expiration time is less than or equal to the current time, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, and writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating that micro-service authorization operation is carried out on a plurality of tenants; the query module is used for querying session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data and judging whether the access request address exists in the cached permission list data or not if the expiration time is larger than the current time; the processing module is used for generating operation log information according to the target user token and the tenant identification value and acquiring and displaying warning information if the access request address does not exist in the cached permission list data, wherein the warning information is used for indicating that the micro-service access request is limited; and the access module is used for determining a target micro-service cluster based on the tenant identification value if the access request address exists in the cached permission list data, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
Optionally, in a first implementation manner of the second aspect of the present invention, the intercepting module is specifically configured to: receiving a micro-service access request, intercepting and analyzing the micro-service access request through a preset micro-service gateway to obtain request header information, wherein the preset micro-service gateway is a request interceptor realized based on a preset routing filtering object zuilfilter; and reading an access request address and a target user token from the request header information according to a preset parameter name, wherein the target user token is a character string set when the user successfully logs in the micro-service.
Optionally, in a second implementation manner of the second aspect of the present invention, the writing module is specifically configured to: if the expiration time is less than or equal to the current time, calling a preset login page to guide the user to log in again to obtain a login result; when the login result is a preset value, determining that the user successfully logs in, acquiring a new user token and session information of the user, and performing associated mapping on the new user token and the session information of the user and storing the new user token and the session information of the user in a memory database; acquiring a user unique identifier and a tenant identifier value from the session information of the user according to the new user token, and sending an authority acquisition request to a target authority management service based on the user unique identifier and the tenant identifier value, so that the target authority management service searches and returns a target user authority list according to the user unique identifier and the tenant identifier value, and the target authority management service is used for indicating that micro-service authorization operation is performed on a plurality of tenants; and receiving the target user permission list, updating the target user permission list to the session information in the memory database based on the new user token to obtain an updating result, and determining whether to send the micro-service access request according to the updating result.
Optionally, in a third implementation manner of the second aspect of the present invention, the query module is specifically configured to: if the expiration time is greater than the current time, setting the target user token as a target key, and inquiring session information in a memory database according to the target key to obtain a target value, wherein the session information is user permission list data obtained by calling a preset permission service when a user logs in for the first time; when the target value is not a null value, acquiring a tenant identification value and cached permission list data from the target value; calling a preset search function to search the cached permission list data according to the access request address to obtain a search result; if the retrieval result is not a preset target value, determining that the access request address does not exist in the cached permission list data, and generating prompt information, wherein the prompt information is used for indicating that the micro-service access request is abnormal; and if the retrieval result is a preset target value, determining that the access request address exists in the cached permission list data.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the processing module is specifically configured to: if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and updating the operation log information to the memory database; and generating warning information according to a preset template, and displaying the warning information through a preset prompt box, wherein the warning information is used for indicating that the micro-service access request is limited.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the access module is specifically configured to: if the access request address exists in the cached permission list data, inquiring a preset data table based on the tenant identification value to obtain a target micro service cluster, wherein the target micro service cluster is used for indicating the list data of a container to which the system micro service belongs; acquiring a random number, and performing remainder taking on the number of containers to which the system micro-service belongs according to the random number to obtain a target remainder; and setting the target remainder as the index of the container to which the system micro-service belongs, and carrying out service call on the target system micro-service in the target micro-service cluster according to the access request address and the index of the container to which the system micro-service belongs to obtain an access result, wherein the access result comprises access success and access failure.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the micro service access apparatus further includes: the configuration module is used for adding a tenant through the target authority management service and configuring corresponding tenant information for the tenant; the importing module is used for acquiring a configuration file containing a plurality of user information and importing the configuration file into the target authority management service so as to enable the plurality of user information to be respectively associated and bound with the tenant; the system comprises an adding module, a processing module and a processing module, wherein the adding module is used for adding at least one system micro service to the tenant and newly building resource item information for each system micro service, and the resource item information comprises menu resources and interface buttons; and the allocation module is used for creating a role tree for the tenant, setting the resource item information for each role in the role tree, and allocating the role data in the role tree to a plurality of users bound with the tenant in an associated manner.
A third aspect of the present invention provides a microservice access device, comprising: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the microservice access device to perform the microservice access method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the above-mentioned microservice access method.
In the technical scheme provided by the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object; acquiring the current time and the expiration time of a target user token, and judging whether the expiration time is greater than the current time; if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, and writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating to perform microservice authorization operation on a plurality of tenants; if the expiration time is greater than the current time, inquiring session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data, and judging whether the access request address exists in the cached permission list data or not; if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, wherein the warning information is used for indicating that the micro-service access request is limited; if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result. In the embodiment of the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token; after the user token is expired, acquiring and caching a target user permission list from the target permission management service according to the new user token; and determining a target micro-service cluster based on the tenant identification value at the expiration time, and accessing the system micro-service in the target micro-service cluster according to the access request address, so that the permission verification efficiency and the micro-service access accuracy of the micro-service cluster are improved.
Drawings
FIG. 1 is a diagram of an embodiment of a microservice access method in an embodiment of the invention;
FIG. 2 is a schematic diagram of another embodiment of a microservice access method in an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of a microservice access device in an embodiment of the invention;
FIG. 4 is a schematic diagram of another embodiment of a microservice access device in an embodiment of the invention;
fig. 5 is a schematic diagram of an embodiment of a microservice access device in an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a micro-service access method, a device, equipment and a storage medium, which are used for determining a target micro-service cluster based on a tenant identification value at an expiration time, accessing system micro-services in the target micro-service cluster according to an access request address, and improving the permission verification efficiency and the micro-service access accuracy of the micro-service cluster.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific flow of an embodiment of the present invention is described below, and referring to fig. 1, an embodiment of a micro service access method in an embodiment of the present invention includes:
101. intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object.
The preset micro service gateway is used as a total inlet of the whole micro service front-end flow, all accesses to the micro service must pass through the preset micro service gateway, the preset micro service gateway intercepts all micro service access requests, and calls the authority service to perform authentication and verification. Specifically, the terminal intercepts a micro-service access request sent by the terminal through a preset micro-service gateway; and the terminal extracts a corresponding access request address url and a target user token from the micro-service access request.
Further, the access request address is stored in the blockchain database, which is not limited herein.
It is to be understood that the executing subject of the present invention may be a microservice access device, and may also be a terminal or a server, which is not limited herein. The embodiment of the present invention is described by taking a terminal as an execution subject.
102. And acquiring the current time and the expiration time of the target user token, and judging whether the expiration time is greater than the current time.
Each target user token has an expiration time that is consistent with the expiration time of the user's session information in the in-memory database. Specifically, the terminal generates the current time according to a preset time generating function (for example, the preset time generating function is time ()); the terminal reads the expiration time of the target user token from a preset data configuration table according to the target user token; the terminal carries out difference operation on the expiration time and the current time to obtain a difference value; the terminal judges whether the difference is greater than 0; if the difference is greater than 0, the terminal determines that the expiration time is greater than the current time, and executes step 104; if the difference is less than or equal to 0, the terminal determines that the expiration time is less than or equal to the current time, and performs step 103.
103. And if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating to carry out micro-service authorization operation on a plurality of tenants.
Specifically, the terminal updates the expiration time, sends an authority acquisition request to the target authority management service according to the user token, so that the target authority management service searches and returns a user authority list according to the user token, and the terminal rewrites the returned user authority list into the session information of the memory database according to the user token. That is, the terminal searches whether the url with the token authority includes the url of the current request in the memory database, and if so, the terminal routes to the corresponding microservice. Because the memory database has the expiration time, when the terminal detects that the expiration time is less than or equal to the current time, the terminal loads and caches the authority list of the user from the target authority management service. And the target authority management service identifies the corresponding user and the tenant corresponding to the user according to the token, and further inquires an authority list of the user and returns the authority list to the gateway service. The target authority management service is a micro service constructed based on a preset frame springboot.
104. If the expiration time is larger than the current time, inquiring session information in the memory database according to the target user token to obtain a tenant identification value and cached permission list data, and judging whether an access request address exists in the cached permission list data.
It can be understood that the terminal sends a login request to the server, the server creates session information and a target user token, and after mapping and associating the session information and the target user token, sends the associated session information and the target user token to the terminal, and the terminal stores the session information and the target user token in the memory database, wherein the session information includes authority list data. The terminal sends the micro-service access request each time, the micro-service access request contains a target user token, and the target user token is used for indicating the unique identification information of the user. The interceptor authenticates each microservice access request by authenticating the target user token and the access request address and establishes a security context. The security context describes a user main body and the role of the user main body, the terminal uses the security context to acquire the session information of the user in the memory database, and reads the tenant identification value corresponding to the target user token and the cached permission resource list from the session information.
105. If the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, wherein the warning information is used for indicating that the micro-service access request is limited.
Specifically, if the access request address does not exist in the cached permission list data, the terminal generates operation log information based on the target user token and the tenant identification value, and stores the operation log information into the memory database, and further, the terminal performs data persistence processing or data backup processing on the memory database to prevent data loss and ensure data security. And then the terminal acquires a preset template from the memory database, and generates warning information according to the preset template, wherein the warning information is used for indicating that the access request of the microservice is limited (namely, the user does not have access right).
106. And if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing the target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
The system microservice may be an asset management system, an order management system, a financial system or a sales management system, and is not limited herein. One tenant may include multiple users, with different tenants having respective corresponding system service groups. It can be understood that each table in the preset system service has a field tenantId (tenant identification value) for marking the tenant to which the data belongs, the field needs to be carried by the micro service access request after authentication as a micro service access condition, and all data in the preset system service mark the tenant to which the data belongs.
In the embodiment of the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token; after the user token is expired, acquiring and caching a target user permission list from the target permission management service according to the new user token; and determining a target micro-service cluster based on the tenant identification value at the expiration time, and accessing the system micro-service in the target micro-service cluster according to the access request address, so that the permission verification efficiency and the micro-service access accuracy of the micro-service cluster are improved.
Referring to fig. 2, another embodiment of the method for accessing a microservice according to the embodiment of the present invention includes:
201. and receiving a micro-service access request, intercepting and analyzing the micro-service access request through a preset micro-service gateway to obtain request header information, wherein the preset micro-service gateway is a request interceptor realized based on a preset routing filtering object zuilfilter.
For example, a request indicates the request header information obtained by the terminal.
Further, before step 201, the terminal adds a tenant through the target authority management service, and configures corresponding tenant information for the tenant; the terminal acquires a configuration file containing a plurality of user information, and imports the configuration file into a target authority management service so as to enable the plurality of user information to be respectively associated and bound with tenants; the method comprises the steps that a terminal adds at least one system micro-service to a tenant, resource item information is newly built for each system micro-service, and the resource item information comprises menu resources and interface buttons; the terminal establishes a role tree for the tenant, sets resource item information for each role in the role tree, and distributes role data in the role tree to a plurality of users bound with the tenant in an associated manner. That is, the terminal performs the authority control of the tenant and the user to the micro service access through the target authority service, and the tenant and the user are in one-to-many relationship, and the target authority service can manage a plurality of tenants.
202. And reading an access request address and a target user token from the request header information according to the preset parameter name, wherein the target user token is a character string set when the user successfully logs in the micro-service.
For example, the terminal obtains the access request address url and the target user token from the request header information request. And presetting a route filtering object as zuulfilter.
It should be noted that the terminal also needs to set up a memory database in advance for caching the session information of the micro service gateway, for example, the memory database may serve as a remote service dictionary redis, may serve as another database, and is not limited herein specifically; then the terminal deploys and presets the program package of the micro service gateway in advance; secondly, the terminal deploys a database cluster based on an object relational database management system pgsql in advance so as to be used as a database of the authority management service; and finally, the terminal deploys a pre-configured authority service program package.
203. And acquiring the current time and the expiration time of the target user token, and judging whether the expiration time is greater than the current time.
The step 203 is similar to the step 102, and detailed description thereof is omitted here.
204. And if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating to carry out micro-service authorization operation on a plurality of tenants.
It should be noted that the target rights management service is used to provide the functions of management of rights resources, role management, authorization management, and authentication service. The target authority management service adds a concept of a tenant on a Role-Based Access Control (RBAC) model, one business system is that one tenant can contain a plurality of micro services and a set of authority data, the authority Control data of different tenants are completely isolated, and the relationship between token and the tenant is established during login. The authority types are divided into operation authority, management authority and authorization authority, wherein the operation authority is used for controlling access and call of the url, the interface button and the element, and the authority list returned to the gateway only has the operation authority. The management authority is used for managing the url itself, such as adding, deleting, modifying and the like. The authorization authority is used for controlling the authorization control of the operation and management authority. When actually acquiring the authority list, the target authority management service queries the corresponding user and the tenant from the session through the token, then acquires the role list of the user in the tenant, and queries the authority list according to the role list.
Optionally, if the expiration time is less than or equal to the current time, the terminal calls a preset login page to guide the user to log in again to obtain a login result; when the login result is a preset value, the terminal determines that the user successfully logs in, acquires a new user token and the session information of the user, and associates, maps and stores the new user token and the session information of the user into a memory database; the terminal acquires a user unique identifier and a tenant identifier value from session information of a user according to a new user token, and sends an authority acquisition request to a target authority management service based on the user unique identifier and the tenant identifier value, so that the target authority management service searches and returns a target user authority list according to the user unique identifier and the tenant identifier value, and the target authority management service is used for indicating that micro-service authorization operation is carried out on a plurality of tenants; and the terminal receives the target user permission list, updates the target user permission list to the session information in the memory database based on the new user token to obtain an update result, and determines whether to send the micro-service access request according to the update result.
205. If the expiration time is larger than the current time, inquiring session information in the memory database according to the target user token to obtain a tenant identification value and cached permission list data, and judging whether an access request address exists in the cached permission list data.
It should be noted that, a tenant corresponds to a user group (for example, an employee of a company or a company department), and a single person in the user group is a user of the system, and a business system is generally used to solve business problems of a user group. The cached permission list data comprises tenants corresponding to users, role identifications with all permissions and resource identifications with all permissions. Optionally, when the user logs in the microservice for the first time, the target permission management service queries user information according to the user name, the user information includes an identifier value of a tenant to which the user belongs, then queries all role identifiers, resource identifiers and urls with permission from the user role relationship table and the role resource relationship table respectively, and then the terminal stores the information in session information of the user to obtain cached permission list data.
Optionally, if the expiration time is greater than the current time, the terminal sets the target user token as a target key, queries session information in the memory database according to the target key to obtain a target value, where the session information is user permission list data obtained by invoking a preset permission service when the user logs in for the first time, that is, the terminal stores the permission list data in the current session, and the expiration of the cached data is consistent with the session. When the target value is not a null value, the terminal acquires the tenant identification value and the cached authority list data from the target value; the terminal calls a preset search function to search the cached permission list data according to the access request address to obtain a search result; if the retrieval result is not the preset target value, the terminal determines that no access request address exists in the cached permission list data, and the terminal generates prompt information which is used for indicating that the micro-service access request is abnormal; and if the retrieval result is the preset target value, the terminal determines that the access request address exists in the cached permission list data.
206. If the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, wherein the warning information is used for indicating that the micro-service access request is limited.
That is, if the access request address does not exist in the cached permission list data, the terminal determines that the micro-service access request is abnormal. Optionally, if the access request address does not exist in the cached permission list data, the terminal generates operation log information according to the target user token and the tenant identification value, and updates the operation log information to the memory database; the terminal generates warning information according to a preset template, the warning information is displayed through a preset prompt box, and the warning information is used for indicating that the micro-service access request is limited.
Further, the terminal displays the operation log information according to a time reverse order, so that the target personnel can obtain the process information of the micro-service access according to actual requirements.
207. And if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing the target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
It can be understood that the preset micro service gateway directly passes through the control list of the target authority management service to the elements in the terminal, and then the authority is judged by the hypertext markup language H5 page in the terminal. The elements in the terminal are preset with unique numbers. And establishing a permission resource in a system micro service corresponding to a tenant corresponding to the target permission management service to be associated with the unique number, and performing role empowerment on the permission resource. And the terminal returns the inquired resource list with the authority of the current user to the terminal, and the terminal performs authority control according to the resource list.
Optionally, if the access request address exists in the cached permission list data, the terminal queries a preset data table based on the tenant identification value to obtain a target micro service cluster, and the target micro service cluster is used for indicating the list data of the container to which the system micro service belongs; the terminal acquires a random number (for example, random ()), and the number of containers to which the system micro-service belongs is acquired according to the random number to obtain a target remainder; and the terminal sets the target remainder as the index of the container to which the system micro-service belongs, and performs service call on the target system micro-service in the target micro-service cluster according to the access request address and the index of the container to which the system micro-service belongs to obtain an access result, wherein the access result comprises access success and access failure. For example, if the random number is 69 and the number of containers to which the system micro service belongs is 10, the index (target remainder) of the container to which the system micro service belongs is 9, and the server accesses the target system micro service with the index of 9 to obtain an access result.
In the embodiment of the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token; after the user token is expired, acquiring and caching a target user permission list from the target permission management service according to the new user token; and determining a target micro-service cluster based on the tenant identification value at the expiration time, and accessing the system micro-service in the target micro-service cluster according to the access request address, so that the permission verification efficiency and the micro-service access accuracy of the micro-service cluster are improved.
With reference to fig. 3, the method for accessing a micro service in the embodiment of the present invention is described above, and a micro service access device in the embodiment of the present invention is described below, where an embodiment of the micro service access device in the embodiment of the present invention includes:
the intercepting module 301 is configured to intercept a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, where the preset micro-service gateway is a request interceptor implemented based on a preset route filtering object;
the judging module 302 is configured to obtain a current time and an expiration time of the target user token, and judge whether the expiration time is greater than the current time;
the write-in module 303 is configured to, if the expiration time is less than or equal to the current time, obtain a new user token, send an authorization obtaining request to the target authorization management service according to the new user token to obtain a target user authorization list, and write the target user authorization list into session information in the memory database according to the new user token, where the target authorization management service is configured to instruct to perform a microservice authorization operation on multiple tenants;
the query module 304 is configured to query, according to the target user token, session information in the in-memory database if the expiration time is greater than the current time, obtain a tenant identification value and cached permission list data, and determine whether an access request address exists in the cached permission list data;
the processing module 305 is configured to generate operation log information according to the target user token and the tenant identification value if the access request address does not exist in the cached permission list data, and acquire and display warning information, where the warning information is used to indicate that the micro-service access request is limited;
and the access module 306 is configured to determine a target micro-service cluster based on the tenant identification value if the access request address exists in the cached permission list data, and access a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
Further, the access request address is stored in the blockchain database, which is not limited herein.
In the embodiment of the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token; after the user token is expired, acquiring and caching a target user permission list from the target permission management service according to the new user token; and determining a target micro-service cluster based on the tenant identification value at the expiration time, and accessing the system micro-service in the target micro-service cluster according to the access request address, so that the permission verification efficiency and the micro-service access accuracy of the micro-service cluster are improved.
Referring to fig. 4, another embodiment of the microservice access device in the embodiment of the present invention includes:
the intercepting module 301 is configured to intercept a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, where the preset micro-service gateway is a request interceptor implemented based on a preset route filtering object;
the judging module 302 is configured to obtain a current time and an expiration time of the target user token, and judge whether the expiration time is greater than the current time;
the write-in module 303 is configured to, if the expiration time is less than or equal to the current time, obtain a new user token, send an authorization obtaining request to the target authorization management service according to the new user token to obtain a target user authorization list, and write the target user authorization list into session information in the memory database according to the new user token, where the target authorization management service is configured to instruct to perform a microservice authorization operation on multiple tenants;
the query module 304 is configured to query, according to the target user token, session information in the in-memory database if the expiration time is greater than the current time, obtain a tenant identification value and cached permission list data, and determine whether an access request address exists in the cached permission list data;
the processing module 305 is configured to generate operation log information according to the target user token and the tenant identification value if the access request address does not exist in the cached permission list data, and acquire and display warning information, where the warning information is used to indicate that the micro-service access request is limited;
and the access module 306 is configured to determine a target micro-service cluster based on the tenant identification value if the access request address exists in the cached permission list data, and access a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
Optionally, the intercepting module 301 may be further specifically configured to:
receiving a micro-service access request, intercepting and analyzing the micro-service access request through a preset micro-service gateway to obtain request header information, wherein the preset micro-service gateway is a request interceptor realized based on a preset routing filtering object zuilfilter;
and reading an access request address and a target user token from the request header information according to the preset parameter name, wherein the target user token is a character string set when the user successfully logs in the micro-service.
Optionally, the writing module 303 may be further specifically configured to:
if the expiration time is less than or equal to the current time, calling a preset login page to guide the user to log in again to obtain a login result;
when the login result is a preset value, determining that the user successfully logs in, acquiring a new user token and the session information of the user, and performing associated mapping on the new user token and the session information of the user and storing the new user token and the session information of the user into a memory database;
acquiring a user unique identifier and a tenant identifier value from session information of a user according to a new user token, and sending an authority acquisition request to a target authority management service based on the user unique identifier and the tenant identifier value, so that the target authority management service searches and returns a target user authority list according to the user unique identifier and the tenant identifier value, and the target authority management service is used for indicating that micro-service authorization operation is performed on a plurality of tenants;
and receiving the target user permission list, updating the target user permission list to the session information in the memory database based on the new user token to obtain an updating result, and determining whether to send the micro-service access request according to the updating result.
Optionally, the query module 304 may be further specifically configured to:
if the expiration time is greater than the current time, setting the target user token as a target key, inquiring session information in the memory database according to the target key to obtain a target value, wherein the session information is user permission list data obtained by calling a preset permission service when a user logs in for the first time;
when the target value is not a null value, acquiring a tenant identification value and cached authority list data from the target value;
calling a preset search function to search the cached permission list data according to the access request address to obtain a search result;
if the retrieval result is not the preset target value, determining that no access request address exists in the cached permission list data, and generating prompt information, wherein the prompt information is used for indicating that the micro-service access request is abnormal;
and if the retrieval result is the preset target value, determining that the access request address exists in the cached permission list data.
Optionally, the processing module 305 may be further specifically configured to:
if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and updating the operation log information into a memory database;
and generating warning information according to a preset template, and displaying the warning information through a preset prompt box, wherein the warning information is used for indicating that the micro-service access request is limited.
Optionally, the access module 306 may be further specifically configured to:
if the access request address exists in the cached permission list data, inquiring a preset data table based on the tenant identification value to obtain a target micro service cluster, wherein the target micro service cluster is used for indicating the list data of a container to which the system micro service belongs;
acquiring a random number, and performing remainder taking on the number of containers to which the system micro-service belongs according to the random number to obtain a target remainder;
and setting the target remainder as the index of the container to which the system micro-service belongs, and carrying out service call on the target system micro-service in the target micro-service cluster according to the access request address and the index of the container to which the system micro-service belongs to obtain an access result, wherein the access result comprises access success and access failure.
Optionally, the micro service access device further includes:
a configuration module 307, configured to add a new tenant through the target authority management service, and configure corresponding tenant information for the tenant;
an import module 308, configured to obtain a configuration file including a plurality of user information, and import the configuration file into the target rights management service, so that the plurality of user information are respectively associated and bound with the tenant;
an adding module 309, configured to add at least one system microservice to a tenant, and newly build resource item information for each system microservice, where the resource item information includes a menu resource and an interface button;
the allocating module 310 is configured to create a role tree for a tenant, set resource item information for each role in the role tree, and allocate role data in the role tree to a plurality of users associated and bound with the tenant.
In the embodiment of the invention, a micro-service access request is intercepted through a preset micro-service gateway to obtain an access request address and a target user token; after the user token is expired, acquiring and caching a target user permission list from the target permission management service according to the new user token; and determining a target micro-service cluster based on the tenant identification value at the expiration time, and accessing the system micro-service in the target micro-service cluster according to the access request address, so that the permission verification efficiency and the micro-service access accuracy of the micro-service cluster are improved.
Fig. 3 and fig. 4 describe the micro service access device in the embodiment of the present invention in detail from the perspective of modularization, and the micro service access device in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of a micro service access device 500 according to an embodiment of the present invention, where the micro service access device 500 may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) for storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on storage medium 530 may include one or more modules (not shown), each of which may include a sequence of instructions operating on microservice access device 500. Still further, processor 510 may be configured to communicate with storage medium 530 to execute a series of instruction operations in storage medium 530 on microservice access device 500.
Microservice access device 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows service, Mac OS X, Unix, Linux, FreeBSD, and the like. Those skilled in the art will appreciate that the configuration of the microservice access device shown in figure 5 does not constitute a limitation of microservice access devices and may include more or less components than those shown, or some components may be combined, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the microservice access method.
The present invention also provides a micro service access device, which includes a memory and a processor, where the memory stores instructions, and the instructions, when executed by the processor, cause the processor to execute the steps of the micro service access method in the above embodiments.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A micro-service access method, characterized in that the micro-service access method comprises:
intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object;
acquiring the current time and the expiration time of a target user token, and judging whether the expiration time is greater than the current time;
if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, and writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating to perform microservice authorization operation on a plurality of tenants;
if the expiration time is greater than the current time, inquiring session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data, and judging whether the access request address exists in the cached permission list data or not;
if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, wherein the warning information is used for indicating that the micro-service access request is limited;
if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
2. The method according to claim 1, wherein the intercepting of the microservice access request by a preset microservice gateway to obtain an access request address and a target user token, the preset microservice gateway being a request interceptor implemented based on a preset routing filter object, comprises:
receiving a micro-service access request, intercepting and analyzing the micro-service access request through a preset micro-service gateway to obtain request header information, wherein the preset micro-service gateway is a request interceptor realized based on a preset routing filtering object zuilfilter;
and reading an access request address and a target user token from the request header information according to a preset parameter name, wherein the target user token is a character string set when the user successfully logs in the micro-service.
3. The micro-service access method according to claim 1, wherein if the expiration time is less than or equal to the current time, acquiring a new user token, sending an authorization acquisition request to a target authorization management service according to the new user token to obtain a target user authorization list, and writing the target user authorization list into session information in a memory database according to the new user token, where the target authorization management service is configured to instruct a plurality of tenants to perform micro-service authorization operations, and includes:
if the expiration time is less than or equal to the current time, calling a preset login page to guide the user to log in again to obtain a login result;
when the login result is a preset value, determining that the user successfully logs in, acquiring a new user token and session information of the user, and performing associated mapping on the new user token and the session information of the user and storing the new user token and the session information of the user in a memory database;
acquiring a user unique identifier and a tenant identifier value from the session information of the user according to the new user token, and sending an authority acquisition request to a target authority management service based on the user unique identifier and the tenant identifier value, so that the target authority management service searches and returns a target user authority list according to the user unique identifier and the tenant identifier value, and the target authority management service is used for indicating that micro-service authorization operation is performed on a plurality of tenants;
and receiving the target user permission list, updating the target user permission list to the session information in the memory database based on the new user token to obtain an updating result, and determining whether to send the micro-service access request according to the updating result.
4. The micro-service access method according to claim 1, wherein if the expiration time is greater than the current time, querying session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data, and determining whether the access request address exists in the cached permission list data, comprises:
if the expiration time is greater than the current time, setting the target user token as a target key, and inquiring session information in a memory database according to the target key to obtain a target value, wherein the session information is user permission list data obtained by calling a preset permission service when a user logs in for the first time;
when the target value is not a null value, acquiring a tenant identification value and cached permission list data from the target value;
calling a preset search function to search the cached permission list data according to the access request address to obtain a search result;
if the retrieval result is not a preset target value, determining that the access request address does not exist in the cached permission list data, and generating prompt information, wherein the prompt information is used for indicating that the micro-service access request is abnormal;
and if the retrieval result is a preset target value, determining that the access request address exists in the cached permission list data.
5. The micro-service access method according to claim 1, wherein if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and acquiring and displaying warning information, where the warning information is used to indicate that a micro-service access request is limited, the method includes:
if the access request address does not exist in the cached permission list data, generating operation log information according to the target user token and the tenant identification value, and updating the operation log information to the memory database;
and generating warning information according to a preset template, and displaying the warning information through a preset prompt box, wherein the warning information is used for indicating that the micro-service access request is limited.
6. The micro-service access method according to claim 1, wherein if the access request address exists in the cached permission list data, determining a target micro-service cluster based on the tenant identification value, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result, including:
if the access request address exists in the cached permission list data, inquiring a preset data table based on the tenant identification value to obtain a target micro service cluster, wherein the target micro service cluster is used for indicating the list data of a container to which the system micro service belongs;
acquiring a random number, and performing remainder taking on the number of containers to which the system micro-service belongs according to the random number to obtain a target remainder;
and setting the target remainder as the index of the container to which the system micro-service belongs, and carrying out service call on the target system micro-service in the target micro-service cluster according to the access request address and the index of the container to which the system micro-service belongs to obtain an access result, wherein the access result comprises access success and access failure.
7. The micro-service access method according to any one of claims 1 to 6, wherein before the intercepting a micro-service access request by a preset micro-service gateway to obtain an access request address and a target user token, the preset micro-service gateway being a request interceptor implemented based on a preset routing filter object, the micro-service access method further comprises:
adding a tenant through the target authority management service, and configuring corresponding tenant information for the tenant;
acquiring a configuration file containing a plurality of user information, and importing the configuration file into the target authority management service so as to enable the plurality of user information to be respectively associated and bound with the tenant;
adding at least one system micro service to the tenant, and establishing resource item information for each system micro service, wherein the resource item information comprises menu resources and interface buttons;
creating a role tree for the tenant, setting the resource item information for each role in the role tree, and distributing the role data in the role tree to a plurality of users bound with the tenant in an associated manner.
8. A microservice access device, the microservice access device comprising:
the intercepting module is used for intercepting a micro-service access request through a preset micro-service gateway to obtain an access request address and a target user token, wherein the preset micro-service gateway is a request interceptor realized based on a preset route filtering object;
the judging module is used for acquiring the current time and the expiration time of the target user token and judging whether the expiration time is greater than the current time;
the write-in module is used for acquiring a new user token if the expiration time is less than or equal to the current time, sending an authority acquisition request to a target authority management service according to the new user token to obtain a target user authority list, and writing the target user authority list into session information in a memory database according to the new user token, wherein the target authority management service is used for indicating that micro-service authorization operation is carried out on a plurality of tenants;
the query module is used for querying session information in a memory database according to the target user token to obtain a tenant identification value and cached permission list data and judging whether the access request address exists in the cached permission list data or not if the expiration time is larger than the current time;
the processing module is used for generating operation log information according to the target user token and the tenant identification value and acquiring and displaying warning information if the access request address does not exist in the cached permission list data, wherein the warning information is used for indicating that the micro-service access request is limited;
and the access module is used for determining a target micro-service cluster based on the tenant identification value if the access request address exists in the cached permission list data, and accessing a target system micro-service in the target micro-service cluster according to the access request address to obtain an access result.
9. A microservice access device, the microservice access device comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invoking the instructions in the memory to cause the micro-service access device to perform the micro-service access method of any of claims 1-7.
10. A computer-readable storage medium having instructions stored thereon, wherein the instructions, when executed by a processor, implement the microservice access method of any of claims 1-7.
CN202011476001.5A 2020-12-15 2020-12-15 Micro-service access method, device, equipment and storage medium Active CN112615849B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011476001.5A CN112615849B (en) 2020-12-15 2020-12-15 Micro-service access method, device, equipment and storage medium
PCT/CN2021/090256 WO2022126968A1 (en) 2020-12-15 2021-04-27 Micro-service access method, apparatus and device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011476001.5A CN112615849B (en) 2020-12-15 2020-12-15 Micro-service access method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112615849A CN112615849A (en) 2021-04-06
CN112615849B true CN112615849B (en) 2022-04-26

Family

ID=75234141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011476001.5A Active CN112615849B (en) 2020-12-15 2020-12-15 Micro-service access method, device, equipment and storage medium

Country Status (2)

Country Link
CN (1) CN112615849B (en)
WO (1) WO2022126968A1 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113139169A (en) * 2021-04-23 2021-07-20 上海中通吉网络技术有限公司 Non-invasive authority control system
CN113239060B (en) * 2021-05-31 2023-09-29 康键信息技术(深圳)有限公司 Data resource allocation processing method, device, equipment and storage medium
CN113343150A (en) * 2021-06-24 2021-09-03 平安普惠企业管理有限公司 Data processing method and device, electronic equipment and storage medium
CN113568762A (en) * 2021-07-19 2021-10-29 远光软件股份有限公司 Cross-system access method, equipment and computer readable storage medium
CN113765676A (en) * 2021-09-18 2021-12-07 平安国际智慧城市科技股份有限公司 Interface access control method based on multiple user identities and related equipment
CN114430423A (en) * 2022-01-26 2022-05-03 百果园技术(新加坡)有限公司 Communication management method, device, equipment and storage medium between terminals
CN114513349A (en) * 2022-01-29 2022-05-17 中国人民财产保险股份有限公司 Method and device for determining source of micro-service requester
CN114666094B (en) * 2022-02-17 2023-10-20 岚图汽车科技有限公司 User authority management method and related equipment of vehicle service platform
CN114756877A (en) * 2022-04-06 2022-07-15 北京有竹居网络技术有限公司 Data management method, device, server and storage medium
CN114826724B (en) * 2022-04-20 2024-04-09 网易(杭州)网络有限公司 Data processing method, device, electronic equipment and storage medium
CN115277128B (en) * 2022-07-13 2024-02-23 上海砾阳软件有限公司 Illegal request processing method and device and electronic equipment
CN115022088A (en) * 2022-07-21 2022-09-06 中国建设银行股份有限公司 Government affair gateway system
CN115118703B (en) * 2022-07-28 2024-03-08 中国工商银行股份有限公司 Service calling method and device and electronic equipment
CN115002211B (en) * 2022-07-28 2022-12-06 成都乐超人科技有限公司 Method, device, equipment and medium for realizing after-sale micro-service based on cloud protogenesis
CN115277234B (en) * 2022-08-01 2024-01-09 重庆标能瑞源储能技术研究院有限公司 Security authentication method and system based on Internet of things platform micro-service
CN115242613B (en) * 2022-08-03 2024-03-15 浙江网商银行股份有限公司 Target node determining method and device
CN115567254A (en) * 2022-09-06 2023-01-03 浪潮软件股份有限公司 Method and system for realizing public data open to outside based on calculation model
CN115481386B (en) * 2022-09-15 2023-05-30 中航信移动科技有限公司 Batch configuration system for target application use permission
CN115495718B (en) * 2022-09-19 2023-10-13 广东云徙智能科技有限公司 Front-end statement-based back-end capability authorization method, device and equipment
CN115344620B (en) * 2022-10-19 2023-01-06 成都中科合迅科技有限公司 Method for realizing data on-demand synchronization after front-end and back-end separation by user-defined data pool
CN116319809B (en) * 2022-12-27 2023-12-29 昆仑数智科技有限责任公司 Method and system for data operation
CN115828309B (en) * 2023-02-09 2023-11-07 中国证券登记结算有限责任公司 Service calling method and system
CN115801476B (en) * 2023-02-09 2023-05-05 中国证券登记结算有限责任公司 Verification method and device for application request
CN116049860B (en) * 2023-03-06 2023-06-02 深圳前海环融联易信息科技服务有限公司 Access control method, device, computer equipment and storage medium
CN116069264B (en) * 2023-03-13 2023-06-13 南京飓风引擎信息技术有限公司 Application program data information storage control system
CN116319090B (en) * 2023-05-18 2023-08-11 中国电子信息产业集团有限公司第六研究所 Power and environment monitoring system and method based on micro-service
CN116980182B (en) * 2023-06-21 2024-02-27 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment
CN116743702B (en) * 2023-08-16 2024-02-27 湖南映客互娱网络信息有限公司 Uniform domain name access method, device and equipment of SaaS system
CN117375901A (en) * 2023-09-30 2024-01-09 上海复通软件技术有限公司 Cross-tenant multi-terminal authentication method and system
CN117668920A (en) * 2024-02-02 2024-03-08 杭州高特电子设备股份有限公司 Secure access method, system, equipment and medium based on internal energy storage system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483538A (en) * 2017-07-06 2017-12-15 聚好看科技股份有限公司 A kind of method and apparatus that access request bag is handled on the node of micro services cluster
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services
CN111431970A (en) * 2020-02-29 2020-07-17 深圳壹账通智能科技有限公司 Resource allocation method, device, equipment and storage medium based on micro-service architecture

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10484382B2 (en) * 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10846390B2 (en) * 2016-09-14 2020-11-24 Oracle International Corporation Single sign-on functionality for a multi-tenant identity and data security management cloud service
US10931656B2 (en) * 2018-03-27 2021-02-23 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
CN110601832A (en) * 2019-09-27 2019-12-20 中煤航测遥感集团有限公司 Data access method and device
CN110781476A (en) * 2019-10-15 2020-02-11 南京南瑞信息通信科技有限公司 Flexible micro-service security access control method and system
CN111355743B (en) * 2020-03-11 2021-07-06 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN112039909B (en) * 2020-09-03 2022-07-12 平安科技(深圳)有限公司 Authentication method, device, equipment and storage medium based on unified gateway

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483538A (en) * 2017-07-06 2017-12-15 聚好看科技股份有限公司 A kind of method and apparatus that access request bag is handled on the node of micro services cluster
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services
CN111431970A (en) * 2020-02-29 2020-07-17 深圳壹账通智能科技有限公司 Resource allocation method, device, equipment and storage medium based on micro-service architecture

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Design and Development of Backend Application for Public Complaint Systems Using Microservice Spring Boot;HatmaSuryotrisongko etal.;《Procedia Computer Science》;20171130;第124卷;全文 *
微服务环境下访问控制技术的研究与应用;何修宇;《中国优秀硕士学位论文全文数据库 (信息科技辑)》;20181115(第11期);第3章 *
柔性微服务安全访问控制框架;刘一田等;《计算机系统应用》;20181015(第10期);全文 *

Also Published As

Publication number Publication date
WO2022126968A1 (en) 2022-06-23
CN112615849A (en) 2021-04-06

Similar Documents

Publication Publication Date Title
CN112615849B (en) Micro-service access method, device, equipment and storage medium
CN106874461B (en) A kind of workflow engine supports multi-data source configuration security access system and method
JP7222036B2 (en) Model training system and method and storage medium
EP2548138B1 (en) Computer relational database method and system having role based access control
US8291096B2 (en) Central adminstration of one or more resources
CN104937895B (en) The method and apparatus for controlling access in a wireless communication system
CN111709046A (en) User permission data configuration method, device, equipment and storage medium
US20020078004A1 (en) Extendible access control for lightweight directory access protocol
CN101729541B (en) Method and system for accessing resources of multi-service platform
CN113127199B (en) Load balancing configuration method, device, equipment and storage medium
CN112231168A (en) Micro server control method, device, equipment and storage medium
CN111506589B (en) Block chain data service system, access method and storage medium based on alliance chain
CN113392415A (en) Access control method and system for data warehouse and electronic equipment
CN112307444A (en) Role creation method, role creation device, computer equipment and storage medium
EP1280060A2 (en) A system for managing a computer network
CN101325493B (en) Method and system for authenticating a user
US7080403B2 (en) Method and system for person data authentication and management
JP3951638B2 (en) Authentication application service system
CN111241504A (en) Identity authentication method and device, electronic equipment and storage medium
Song et al. Smart contract-based trusted content retrieval mechanism for NDN
CN113849789A (en) Authority verification method, device and equipment based on AOP and storage medium
CN107491360B (en) The method for being classified other redundant storage is carried out to record in tables of data
CN107491361B (en) The method for being classified other redundant storage is carried out to column in tables of data
US20190319959A1 (en) Novel Technology for Securing Access to an Enterprise Information System Through a Natural Language Interface
CN115391820A (en) Method and device for processing request data based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant