CN112733102A - Ambari-based quick link secure access method and system - Google Patents
Ambari-based quick link secure access method and system Download PDFInfo
- Publication number
- CN112733102A CN112733102A CN202110025003.0A CN202110025003A CN112733102A CN 112733102 A CN112733102 A CN 112733102A CN 202110025003 A CN202110025003 A CN 202110025003A CN 112733102 A CN112733102 A CN 112733102A
- Authority
- CN
- China
- Prior art keywords
- quick link
- link
- quick
- request
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 240000000797 Hibiscus cannabinus Species 0.000 title claims abstract description 57
- 235000002905 Rumex vesicarius Nutrition 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012795 verification Methods 0.000 claims abstract description 66
- 230000004044 response Effects 0.000 claims abstract description 34
- 238000010200 validation analysis Methods 0.000 claims description 7
- 238000009877 rendering Methods 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a rapid link secure access method and a system based on Ambari, wherein the method comprises the following steps: logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address; performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing; and executing second security verification on the quick link request by each service node host, and feeding back a quick link response result to the Ambari server through the link preposed proxy in response to the second security verification passing. The invention ensures the legality of user access and improves the system safety.
Description
Technical Field
The invention relates to the field of data security, in particular to a quick link secure access method and a quick link secure access system based on Ambari.
Background
Ambari is a large data platform management software and aims to support the creation, management and monitoring of clusters of service nodes. Ambari adds a quick link column in the summary page of each service, each quick link of the service is displayed in the column, and the corresponding link page can be directly jumped to by clicking the link. For example, the HDFS service includes HDFS quick link columns UI and Logs, and jumps to a management background overview page and a management background log page, respectively.
This approach allows users to quickly access service quick link pages, but there are significant security holes: lack of validation of request legitimacy prior to accessing the quick link page; the user can directly input a request address in the browser to access the quick link page without logging in an Ambari system; and the access address of the quick link page is directly exposed to the user, so that potential safety hazards exist.
Aiming at the problem that safety holes exist in service quick link of Ambari in the prior art, no effective solution is available at present.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and a system for quick link security access based on Ambari, which can ensure the validity of user access and improve system security.
Based on the above object, a first aspect of the embodiments of the present invention provides an Ambari-based fast link security access method, including the following steps:
logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address;
performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing;
and executing second security verification on the quick link request by each service node host, and feeding back a quick link response result to the Ambari server through the link preposed proxy in response to the second security verification passing.
In some embodiments, the method further comprises: the login information is also sent while the quick link request is sent to the link pre-agent based on the quick link agent address.
In some embodiments, performing the first security validation on the quick link request by the link front-end agent includes:
receiving a quick link request and reading a configured routing rule and a safety check rule, wherein the safety check rule comprises at least one of the following: whether the quick link request carries login information or not, whether the login information is effective or not, and whether the login information has the right to access the quick link or not;
a first security verification is performed on the quick link request and the login information based on a security check rule.
In some embodiments, the routing rules include a one-to-one correspondence between quick link proxy addresses and quick link real addresses;
the method further comprises the following steps: a quick link real address is determined based on a quick link proxy address and routing rules before a quick link request is sent to each service node host based on the quick link real address.
In some embodiments, the method further comprises: and generating signature information of the link pre-proxy and sending the signature information and the quick link request to each service node host simultaneously when sending the quick link request to each service node host based on the real address of the quick link.
In some embodiments, performing, by each service node host, the second security verification on the quick link request comprises:
receiving a quick link request and reading an IP white list, wherein the IP white list comprises an IP of a link front proxy;
the IP whitelist is compared with the source IP of the quick link request and the signature information is verified to perform a second security verification.
In some embodiments, each service node host comprises an HDFS host and an Hbase host; the quick link proxy address comprises a management background UI address and a management background log address of the HDFS host and the Hbase host; the quick link response result comprises browser visual rendering pictures of management background UI addresses and management background log addresses of the HDFS host and the Hbase host.
A second aspect of an embodiment of the present invention provides an Ambari-based quick-link secure access system, including:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address;
performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing;
and executing second security verification on the quick link request by each service node host, and feeding back a quick link response result to the Ambari server through the link preposed proxy in response to the second security verification passing.
In some embodiments, the steps further comprise: sending login information while sending a quick link request to a link pre-agent based on the quick link agent address;
performing, by the link preagent, a first security verification on the quick link request includes: receiving a quick link request and reading a configured routing rule and a safety check rule, wherein the safety check rule comprises at least one of the following: whether the quick link request carries login information or not, whether the login information is effective or not, and whether the login information has the right to access the quick link or not; a first security verification is performed on the quick link request and the login information based on a security check rule.
In some embodiments, the steps further comprise: when the quick link request is sent to each service node host based on the quick link real address, signature information of a link pre-proxy is generated, and the quick link request is sent to each service node host together;
performing, by each service node host, a second security verification on the quick link request includes: receiving a quick link request and reading an IP white list, wherein the IP white list comprises an IP of a link front proxy; the IP whitelist is compared with the source IP of the quick link request and the signature information is verified to perform a second security verification.
The invention has the following beneficial technical effects: the Ambari-based quick link secure access method and the Ambari-based quick link secure access system provided by the embodiment of the invention send a quick link request to a link pre-proxy by logging in an Ambari server and based on a quick link proxy address; performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing; and each service node host executes second security verification on the quick link request, responds to the second security verification and feeds back a quick link response result to the Ambari server through the link preposed proxy, so that the access validity of the user can be guaranteed, and the system security is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for quick link security access based on Ambari according to the present invention;
FIG. 2 is a block flow diagram of a method for rapid chaining secure access based on Ambari according to the present invention;
FIG. 3 is an overall flow chart of a method for rapid chaining secure access based on Ambari according to the present invention;
FIG. 4 is a flow chart of a link pre-proxy of the rapid link secure access method based on Ambari according to the present invention;
fig. 5 is a flowchart of each service node host of the Ambari-based quick link secure access method provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
Based on the above purpose, a first aspect of the embodiments of the present invention provides an embodiment of an Ambari-based fast link security access method that guarantees the validity of user access and improves system security. Fig. 1 is a flow chart of the Ambari-based quick link secure access method provided by the present invention.
The Ambari-based quick link secure access method, as shown in fig. 1, includes the following steps:
step S101, logging in an Ambari server, and sending a quick link request to a link pre-proxy based on a quick link proxy address;
step S103, the link front agent executes first security verification on the quick link request and responds to the first security verification passing and sends the quick link request to each service node host based on the quick link real address;
and step S105, each service node host executes second security verification on the quick link request, and feeds back a quick link response result to the Ambari server through the link preposed proxy in response to the second security verification passing.
The invention adds a preposed proxy device between the original Ambari server and each host, the device uniformly receives the quick link access requests of all services and carries out safety verification on the requests, and only the access requests meeting the safety requirements are processed and returned to a result page. And meanwhile, a firewall is added on each host for secondary security verification, and only the request sent from the front proxy device is processed and a quick link result response page is returned. After the quick link request, the vehicle lane safety verification is added to achieve the safety purpose; the original quick link request address is replaced by the proxy address, and the real request address is hidden from the outside.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like. Embodiments of the computer program may achieve the same or similar effects as any of the preceding method embodiments to which it corresponds.
In some embodiments, the method further comprises: the login information is also sent while the quick link request is sent to the link pre-agent based on the quick link agent address.
In some embodiments, performing the first security validation on the quick link request by the link front-end agent includes:
receiving a quick link request and reading a configured routing rule and a safety check rule, wherein the safety check rule comprises at least one of the following: whether the quick link request carries login information or not, whether the login information is effective or not, and whether the login information has the right to access the quick link or not;
a first security verification is performed on the quick link request and the login information based on a security check rule.
In some embodiments, the routing rules include a one-to-one correspondence between the quick link proxy addresses and the quick link real addresses. The method further comprises the following steps: a quick link real address is determined based on a quick link proxy address and routing rules before a quick link request is sent to each service node host based on the quick link real address.
In some embodiments, the method further comprises: and generating signature information of the link pre-proxy and sending the signature information and the quick link request to each service node host simultaneously when sending the quick link request to each service node host based on the real address of the quick link.
In some embodiments, performing, by each service node host, the second security verification on the quick link request comprises:
receiving a quick link request and reading an IP white list, wherein the IP white list comprises an IP of a link front proxy;
the IP whitelist is compared with the source IP of the quick link request and the signature information is verified to perform a second security verification.
In some embodiments, each service node host comprises an HDFS host and an Hbase host; the quick link proxy address comprises a management background UI address and a management background log address of the HDFS host and the Hbase host; the quick link response result comprises browser visual rendering pictures of management background UI addresses and management background log addresses of the HDFS host and the Hbase host.
The following further illustrates embodiments of the invention in accordance with the specific example shown in fig. 2. The design idea of the embodiment of the invention comprises the following steps:
1) a preposed agent device is newly introduced into the platform and is positioned between the Ambari server and each host, and the quick links which directly access each host originally are sent to the preposed agent device for processing;
2) the front proxy device intercepts the request after receiving the quick link access request, verifies the legality of the request according to the configured security rule, and permits the processing to return a result only if the access request conforms to the security rule;
3) the user can configure security rules in the front proxy device, the rules can verify the legality of the request from multiple dimensions such as user information, login session, user authority, black and white lists and the like, and different security rules can be configured for different quick link requests. The user can flexibly configure the safety rules according to the safety requirements of the user;
4) a firewall is introduced to each host for secondary security verification, only the request sent from the front proxy device is processed and a quick link result response page is returned, and quick link requests sent by other IPs are rejected, so that a user is prevented from directly accessing the quick link page through a browser;
5) the real request address of the quick link is hidden, and the packaged proxy address is exposed to the outside, so that the safety is improved.
FIG. 3 shows 3 typical quick link access scenarios:
1) a user logs in Ambari, clicks an HDFS (Hadoop distributed File System) quick link request proxy address in a session validity period, firstly, the request reaches a front proxy for safety verification, is converted into a real quick link address after passing the safety verification and is sent to a corresponding host, and after the request IP passes the firewall verification on the host, a quick link response result page is returned;
2) the user logs in Ambari, clicks the Hbase quick link request proxy address after the session is over (or the user does not have access to the quick link), and returns to the login page if the request does not pass the safety verification after reaching the front proxy;
3) and (4) directly inputting a quick link address in a browser or accessing through an interface test tool without logging in Ambari by the user, and directly returning to a login page.
The link front-end proxy is a core device, functions to perform the first security authentication according to the flow shown in fig. 4, and includes the following 5 parts:
1) the request distributor: and receiving a quick link request sent by the Ambari server, and distributing the quick link request to the security checker.
2) The agent configuration center: configuring a routing rule and a safety check rule of the proxy address, wherein the routing rule refers to a mapping relation between the proxy address and a real address, and the safety rule is divided into 3 parts: whether the request carries the login session information, whether the session information is valid, and whether the user has the authority access link.
3) A safety checker: and performing security verification according to the security verification rule configured in the agent configuration center.
4) Signature tool: after the security verification is passed, signature information containing the prepositive agent is generated.
5) A request forwarder: and forwarding the request to a subsequent processing flow after the security verification.
Referring to fig. 4, the security verification process of linking the pre-proxy includes that a request distributor receives a proxy address request sent by an Ambari Server, and distributes the request to a security checker, the checker loads a routing rule and a security check rule of the proxy address from a proxy configuration center to perform 3-step security verification (whether the request carries login session information, whether the session information is valid, and whether a user has an access permission link), if the 3 steps are passed, the request is handed to a signature tool, and if the 1 step is not passed, a login page is jumped back. The signing tool generates a signing information adding request containing the prepositive agent, and the signing information adding request is delivered to the request forwarder to be forwarded to the real request link.
The firewall is installed on each host, functions as a second security verification according to the flow shown in fig. 5, and includes the following 4 parts:
1) white list: legal request IP list, i.e. the IP address of the pre-proxy.
2) And (3) IP filter: the IP in the request to the host is filtered and only IP access configured in the white list is allowed.
3) Signature tool: and verifying the signature information in the request reaching the host computer and verifying whether the request comes from the front proxy.
4) A view renderer: requests the real link and returns a response result page.
Referring to fig. 5, in the security verification process of the host-side firewall, the IP filter loads the IP address of the pre-proxy from the white list and verifies whether the source IP in the request is consistent with the configuration in the white list, if not, the IP filter jumps to the login page, if not, the IP filter continuously verifies whether the request contains the signature information of the pre-proxy, and if so, the IP filter returns a quick link response page to the view renderer.
It can be seen from the above embodiments that the Ambari-based quick link secure access method provided by the embodiments of the present invention sends a quick link request to a link pre-proxy by logging in an Ambari server and based on a quick link proxy address; performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing; and each service node host executes second security verification on the quick link request, responds to the second security verification and feeds back a quick link response result to the Ambari server through the link preposed proxy, so that the access validity of the user can be guaranteed, and the system security is improved.
It should be noted that, the steps in the embodiments of Ambari-based quick link secure access method can be mutually intersected, replaced, added, and deleted, so that these reasonable permutation and combination transformations based on Ambari-based quick link secure access method also belong to the scope of the present invention, and should not limit the scope of the present invention to the described embodiments.
Based on the above object, a second aspect of the embodiments of the present invention provides an embodiment of an Ambari-based quick link security access system, which guarantees the validity of user access and improves system security. The system comprises:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address;
performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing;
and executing second security verification on the quick link request by each service node host, and feeding back a quick link response result to the Ambari server through the link preposed proxy in response to the second security verification passing.
In some embodiments, the steps further comprise: sending login information while sending a quick link request to a link pre-agent based on the quick link agent address;
performing, by the link preagent, a first security verification on the quick link request includes: receiving a quick link request and reading a configured routing rule and a safety check rule, wherein the safety check rule comprises at least one of the following: whether the quick link request carries login information or not, whether the login information is effective or not, and whether the login information has the right to access the quick link or not; a first security verification is performed on the quick link request and the login information based on a security check rule.
In some embodiments, the steps further comprise: when the quick link request is sent to each service node host based on the quick link real address, signature information of a link pre-proxy is generated, and the quick link request is sent to each service node host together;
performing, by each service node host, a second security verification on the quick link request includes: receiving a quick link request and reading an IP white list, wherein the IP white list comprises an IP of a link front proxy; the IP whitelist is compared with the source IP of the quick link request and the signature information is verified to perform a second security verification.
It can be seen from the above embodiments that, in the system provided by the embodiment of the present invention, the Ambari server is logged in, and the quick link request is sent to the link pre-proxy based on the quick link proxy address; performing, by the link preagent, a first security verification on the quick link request and sending the quick link request to each service node host based on the quick link real address in response to the first security verification passing; and each service node host executes second security verification on the quick link request, responds to the second security verification and feeds back a quick link response result to the Ambari server through the link preposed proxy, so that the access validity of the user can be guaranteed, and the system security is improved.
It should be noted that, the above-mentioned embodiment of the system adopts the embodiment of the Ambari-based quick link secure access method to specifically describe the working process of each module, and those skilled in the art can easily think that these modules are applied to other embodiments of the Ambari-based quick link secure access method. Of course, since the steps in the Ambari-based embodiment of the fast link security access method can be mutually intersected, replaced, added, and deleted, these reasonable permutations and combinations should also fall within the scope of the present invention, and should not limit the scope of the present invention to the embodiment.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of an embodiment of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. A quick link secure access method based on Ambari is characterized by comprising the following steps:
logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address;
performing, by the link front-end agent, a first security authentication on the quick link request and sending the quick link request to each service node host based on a real quick link address in response to the first security authentication passing;
performing, by each service node host, a second security authentication on the quick link request, and feeding back a quick link response result to the Ambari server via the link pre-agent in response to the second security authentication passing.
2. The method of claim 1, further comprising: the login information is also sent while the quick link request is sent to the link pre-agent based on the quick link agent address.
3. The method of claim 2, wherein performing a first security validation on the quick link request by the link front-end agent comprises:
receiving the quick link request and reading a configured routing rule and a security check rule, wherein the security check rule comprises at least one of the following: whether the fast link request carries the login information, whether the login information is valid, and whether the login information has the right to access the fast link;
performing a first security verification on the quick link request and the login information based on the security check rule.
4. The method of claim 3, wherein the routing rules include a one-to-one correspondence between the quick link proxy address and the quick link real address;
the method further comprises the following steps: determining a quick link real address based on the quick link proxy address and the routing rule before sending the quick link request to each service node host based on the quick link real address.
5. The method of claim 1, further comprising: and generating signature information of the link pre-proxy and sending the signature information and the quick link request to each service node host simultaneously when sending the quick link request to each service node host based on a quick link real address.
6. The method of claim 5, wherein performing a second security validation on the quick link request by each service node host comprises:
receiving the quick link request and reading an IP white list, wherein the IP white list comprises the IP of the link pre-proxy;
and comparing the IP white list with the source IP of the quick link request, and verifying the signature information to execute the second security verification.
7. The method according to any one of claims 1 to 6, wherein each service node host comprises an HDFS host and an Hbase host; the quick link proxy address comprises a management background UI address and a management background log address of the HDFS host and the Hbase host; and the quick link response result comprises browser visual rendering pictures of management background UI addresses and management background log addresses of the HDFS host and the Hbase host.
8. An Ambari-based quick-link secure access system, comprising:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
logging in an Ambari server, and sending a quick link request to a link prepositive agent based on the quick link agent address;
performing, by the link front-end agent, a first security authentication on the quick link request and sending the quick link request to each service node host based on a real quick link address in response to the first security authentication passing;
performing, by each service node host, a second security authentication on the quick link request, and feeding back a quick link response result to the Ambari server via the link pre-agent in response to the second security authentication passing.
9. The system of claim 8, wherein the steps further comprise: sending login information while sending a quick link request to a link pre-agent based on the quick link agent address;
performing, by the link front-end agent, a first security validation on the quick link request includes: receiving the quick link request and reading a configured routing rule and a security check rule, wherein the security check rule comprises at least one of the following: whether the fast link request carries the login information, whether the login information is valid, and whether the login information has the right to access the fast link; performing a first security verification on the quick link request and the login information based on the security check rule.
10. The system of claim 8, wherein the steps further comprise: when the quick link request is sent to each service node host based on a quick link real address, signature information of the link pre-proxy is generated, and the quick link request is sent to each service node host together;
performing, by the service node hosts, a second security validation on the quick link request comprises: receiving the quick link request and reading an IP white list, wherein the IP white list comprises the IP of the link pre-proxy; and comparing the IP white list with the source IP of the quick link request, and verifying the signature information to execute the second security verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025003.0A CN112733102A (en) | 2021-01-08 | 2021-01-08 | Ambari-based quick link secure access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025003.0A CN112733102A (en) | 2021-01-08 | 2021-01-08 | Ambari-based quick link secure access method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112733102A true CN112733102A (en) | 2021-04-30 |
Family
ID=75589883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110025003.0A Withdrawn CN112733102A (en) | 2021-01-08 | 2021-01-08 | Ambari-based quick link secure access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112733102A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114356432A (en) * | 2021-10-29 | 2022-04-15 | 郑州云海信息技术有限公司 | Big data platform configuration system, method, device and storage medium |
-
2021
- 2021-01-08 CN CN202110025003.0A patent/CN112733102A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114356432A (en) * | 2021-10-29 | 2022-04-15 | 郑州云海信息技术有限公司 | Big data platform configuration system, method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111935094B (en) | Database access method, device, system and computer readable storage medium | |
| US10212173B2 (en) | Deterministic reproduction of client/server computer state or output sent to one or more client computers | |
| CN107172054B (en) | Authority authentication method, device and system based on CAS | |
| US8959628B2 (en) | Method and apparatus for preventing unwanted code execution | |
| KR20180081113A (en) | Message management method, device and storage medium | |
| CN106034104A (en) | Verification method, verification device and verification system for network application accessing | |
| MX2011003223A (en) | Service provider access. | |
| CN111737687B (en) | Access control method, system, electronic equipment and medium of webpage application system | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| US20200210584A1 (en) | Deterministic Reproduction of Client/Server Computer State or Output Sent to One or More Client Computers | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| KR20160018554A (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
| CN114301714B (en) | Multi-tenant authority control method and system | |
| CN112100590A (en) | Tourism big data cloud platform and user authority management method thereof | |
| CN113761509B (en) | iframe verification login method and device | |
| CN112733102A (en) | Ambari-based quick link secure access method and system | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| CN107454050A (en) | A kind of method and device for accessing Internet resources | |
| CN113992446B (en) | Cross-domain browser user authentication method, system and computer storage medium | |
| CN115001840A (en) | Agent-based authentication method, system and computer storage medium | |
| CN114389890A (en) | User request proxy method, server and storage medium | |
| CN112311716A (en) | Data access control method and device based on openstack and server | |
| CN112260991B (en) | Authentication management method and device | |
| CN115150170B (en) | Security policy configuration method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210430 |