CN112804216A - Multi-granularity self-adaptive service flow access control method and device - Google Patents
Multi-granularity self-adaptive service flow access control method and device Download PDFInfo
- Publication number
- CN112804216A CN112804216A CN202011637202.9A CN202011637202A CN112804216A CN 112804216 A CN112804216 A CN 112804216A CN 202011637202 A CN202011637202 A CN 202011637202A CN 112804216 A CN112804216 A CN 112804216A
- Authority
- CN
- China
- Prior art keywords
- flow
- access
- granularity
- channel
- region
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a multi-granularity self-adaptive service flow access control method and a device, which can be applied to the field of finance, and the method comprises the following steps: inquiring whether the service has a flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code; if the access right is provided, controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access; the types of granularity include: customer, region, and company wide. The method and the system solve the problems of complicated calling scene, large calling amount, various services and the like in the process of transferring the client information from the host to the client information system of the enterprise, ensure the safety of the client information system by carrying out authority control on the flow access party, and ensure that the client information system can gradually adapt to the service access pressure by multi-granularity flow control.
Description
Technical Field
The present application belongs to the field of information security technologies, and in particular, to a method and an apparatus for controlling access to a multi-granularity adaptive service traffic.
Background
Customer information services in enterprises are used as basic services, and integration and sharing services of customer information are required to be provided for the whole enterprise. With the rapid development of network financial business, higher requirements are put forward on the service capability and expansibility of customer information services. At present, customer information data managed in a customer information management system of an enterprise is increasingly huge, so that great pressure is brought to host performance and storage space expansion, and the current host performance and storage space are difficult to deal with sudden business growth. In order to solve the problem, currently, an enterprise-level architecture design method is applied, an open enterprise-level client information system is constructed based on a distributed technology system, and the expansibility and the service support capability of an application are improved.
Disclosure of Invention
The application provides a multi-granularity self-adaptive service flow access control method and device, which are used for at least solving the problems of complex calling and large flow in the process of migrating current customer information to an enterprise-level customer information system.
According to an aspect of the present application, a method for controlling access to a multi-granularity adaptive service traffic is provided, including:
inquiring whether the service has a flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code;
if the access right is provided, controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access; the types of granularity include: customer, region, and company wide.
In an embodiment, the method for controlling access to multi-granularity adaptive service traffic further includes:
and judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
In one embodiment, the channel type is: the external calling party channel controls the accessed flow according to the channel type of the flow access and the granularity type of the flow access, and comprises the following steps:
verifying the security of an external calling party channel;
inquiring whether the client exists in a preset examination client table, and if so, accessing the flow of the client;
checking whether a preset region switching parameter table has a parameter of the region, and if so, performing channel current-limiting check on the region;
and inquiring whether a channel service parameter table is provided with a whole company flow access parameter or not, and if so, accessing the whole company flow.
In one embodiment, the channel type is: the internal main and auxiliary data source channels control the accessed flow according to the channel type of flow access and the granularity type of flow access, and comprise:
inquiring whether the client exists in a preset examination client table, and if so, accessing the flow of the client;
checking whether a preset region switching parameter table has a parameter of the region, and if so, performing channel current-limiting check on the region;
and inquiring whether a channel service parameter table is provided with a whole company flow access parameter or not, and if so, accessing the whole company flow.
In one embodiment, the channel current limit check is performed on the region, and the channel current limit check comprises the following steps:
acquiring the flow proportion of the area;
and when the flow proportion is not lower than the preset value, accessing the flow of the area.
In one embodiment, the channel current limit check is performed on the area, and the method further includes:
when the flow proportion is larger than 0 and smaller than a preset value, acquiring a preset flow control variable, and determining a limit value according to the flow control variable;
and when the flow proportion is larger than the limit value, accessing the flow of the area.
According to another aspect of the present application, there is also provided a multi-granularity adaptive service traffic access control apparatus, including:
the access authority control unit is used for inquiring whether the service has flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code;
the flow access control unit is used for controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access if the flow access control unit has the authority; the types of granularity include: customer, region, and company wide.
In an embodiment, the multi-granularity adaptive service traffic access control apparatus further includes:
and the master control switch unit is used for judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
In one embodiment, the channel type is: the external calling party channel, the flow access control unit includes:
the security verification module is used for verifying the security of an external calling party channel;
the first client granularity access control module is used for inquiring whether the client exists in a preset test point client table, and if so, accessing the flow of the client;
the first region granularity access control module is used for checking whether a preset region switch parameter table has a parameter of the region or not, and if so, performing channel current-limiting check on the region;
and the first full-company granularity access control module is used for inquiring whether a channel service parameter table is provided with a full-company flow access parameter or not, and if so, accessing the flow of the whole company.
In one embodiment, the channel type is: the main and auxiliary data source channel inside, the flow access control unit includes:
the second client granularity access control module is used for inquiring whether the client exists in a preset test point client table, and if so, accessing the flow of the client;
the second region granularity access control module is used for checking whether the parameters of the region exist in a preset region switch parameter table or not, and if so, performing channel current-limiting check on the region;
and the second full-department granularity access control module is used for inquiring whether a channel service parameter table is provided with a full-company flow access parameter or not, and if so, accessing the flow of the full company.
In one embodiment, the granular access control module comprises:
the flow proportion acquisition module is used for acquiring the flow proportion of the area;
and the first comparison module is used for accessing the flow of the area when the flow proportion is not lower than a preset value.
In one embodiment, the granular access control module further comprises:
the flow control device comprises a limit determining module, a flow control module and a flow control module, wherein the limit determining module is used for acquiring a preset flow control variable when the flow proportion is larger than 0 and smaller than a preset value, and determining a limit value according to the flow control variable;
and the second comparison module is used for accessing the traffic of the region when the traffic proportion is larger than the limit value.
The method and the system solve the problems of complicated calling scene, large calling amount, various services and the like in the process of transferring the client information from the host to the client information system of the enterprise, ensure the safety of the client information system by carrying out authority control on the flow access party, and ensure that the client information system can gradually adapt to the service access pressure by multi-granularity flow control.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for controlling access to a multi-granularity adaptive service traffic according to the present disclosure.
Fig. 2 is a flowchart of a method for controlling access traffic according to a channel type of the traffic access and a granularity type of the traffic access in the embodiment of the present application.
Fig. 3 is a flowchart of a flow control method under an internal primary and secondary data source channel in an embodiment of the present application.
Fig. 4 is a flowchart illustrating a channel current limiting inspection performed on a region according to an embodiment of the present disclosure.
Fig. 5 is a block diagram of a multi-granularity adaptive service traffic access control apparatus according to the present application.
Fig. 6 is a block diagram of a traffic access control unit in an embodiment of the present application.
Fig. 7 is a block diagram of another structure of a traffic access control unit in the embodiment of the present application.
Fig. 8 is a block diagram of a region granularity access control module in the embodiment of the present application.
Fig. 9 is a block diagram of a granularity access control module in an embodiment of the present application.
Fig. 10 is a specific implementation of an electronic device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The embodiments provided in the present application can be applied to the financial field, and can also be applied to other fields besides the financial field, and the present application is not limited thereto.
In the process of migrating the client information from the original host to the enterprise-level client information system, there are many difficulties such as complicated calling scenes and various services, and in order to ensure the security and stability of the enterprise-level client information system, the flow access migrated into the enterprise-level client information system needs to be controlled. The following aspects are mainly considered:
1. the method can be used for controlling the authority of the traffic access party, preventing hacker attack or access of the access party which is not according to the negotiation requirement and the like.
2. There is a need to ensure the stability of enterprise-level customer information systems.
3. The service after data migration needs to be consistent with the processing logic of the source host interface.
4. And manual intervention is reduced when service traffic is accessed.
Based on this, the present application provides a method for controlling access to a multi-granularity adaptive service traffic, as shown in fig. 1, including:
s101: and inquiring whether the service has the flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code.
S102: if the access right is provided, controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access; the types of granularity include: customer, region, and company wide.
And acquiring service configuration information of the service from a channel service parameter table according to the acquired service name, application name and scene code, checking whether the authority of the uploaded service name, application name and scene code is opened or not from the service configuration information, and if the authority is not opened, ending and returning to report errors.
In an embodiment, the method for controlling access to multi-granularity adaptive service traffic further includes:
and judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
And acquiring a flow access state log in a corresponding date range, if no data exists or the switch is in a closed state, indicating that the flow access master control switch is closed, indicating that all services are temporarily unavailable, and switching back to the original flow when all calls are required.
In one embodiment, the channel type is: the external caller channel controls the accessed traffic according to the channel type of the traffic access and the granularity type of the traffic access, as shown in fig. 2, including:
s201: and verifying the security of the external caller channel.
S202: and inquiring whether the client exists from a preset test point client table, and if so, accessing the traffic of the client.
S203: checking whether the preset area switch parameter table has the parameters of the area, and if so, carrying out channel current limiting check on the area.
S204: and inquiring whether a channel service parameter table is provided with a whole company flow access parameter or not, and if so, accessing the whole company flow.
In a specific embodiment, in order to accurately control the size of traffic access, traffic is subdivided into three granularities of a client, a region and a whole company, and in order to realize gradual drainage, a traffic access stage is divided into an external channel caller switching stage and an internal main and auxiliary data source switching stage. And in the external channel caller switching stage, the caller is gradually guided to a new customer information management system to complete the reformation of the channel caller, and the data source is still the original host system at the moment. Under an external calling channel, service flow access control is divided into the following three access control modes: the method comprises a channel caller customer granularity flow access mode, a channel caller area granularity flow access mode and a channel caller full-line granularity flow access mode.
In a specific embodiment, whether the client exists is inquired from a preset test point client table, if a test point client in a normal state exists, the client flow is accessed through checking. Then checking whether the parameter of the region exists from the existing region switch parameter table, if so, performing channel current limit check on the region, and the specific channel current limit check step is shown in S401-S404. And finally, inquiring whether the parameter setting of the company is the whole company flow access or not from the channel service parameter table, and if so, accessing the flow of the company, wherein the channel service parameter table is the existing one.
In one embodiment, the channel type is: the internal main and auxiliary data source channels control the accessed traffic according to the channel type of the traffic access and the granularity type of the traffic access, as shown in fig. 3, including:
s301: and inquiring whether the client exists from a preset test point client table, and if so, accessing the traffic of the client.
S302: checking whether the preset area switch parameter table has the parameters of the area, and if so, carrying out channel current limiting check on the area.
S303: and inquiring whether a channel service parameter table is provided with a whole company flow access parameter or not, and if so, accessing the whole company flow.
And the internal main and auxiliary data source switching stage is to gradually guide the data in the new customer information management system to a new data source, perform internal transformation on a service provider and shield the influence on a channel caller. Under the internal main and auxiliary data source channels, the service flow access control is divided into the following three access control modes: the method comprises a main and auxiliary data source client granularity flow access mode, a main and auxiliary data source region granularity flow access mode and a main and auxiliary data source full-line granularity flow access mode.
In a specific embodiment, whether the client exists is inquired from a preset test point client table, if a test point client in a normal state exists, the client flow is accessed through checking. Then checking whether the parameter of the region exists from the existing region switch parameter table, if so, performing channel current limit check on the region, and the specific channel current limit check step is shown in S401-S404. And finally, inquiring whether the parameter setting of the company is the whole company flow access or not from the channel service parameter table, and if so, accessing the flow of the company, wherein the channel service parameter table is the existing one.
In one embodiment, the channel current limit check is performed on the area, as shown in fig. 4, and includes:
s401: and acquiring the flow proportion of the area.
S402: and when the flow proportion is not lower than the preset value, accessing the flow of the area.
In one embodiment, the channel current limit check is performed on the area, and the method further includes:
s403: when the flow proportion is larger than 0 and smaller than a preset value, acquiring a preset flow control variable, and determining a limit value according to the flow control variable;
s404: and when the flow proportion is larger than the limit value, accessing the flow of the area.
In a specific embodiment, the flow rate is in a ten-thousandth ratio form, when the flow rate ratio is less than or equal to 0, the flow limit check is not passed, and the flow cannot be accessed; when the flow rate ratio is more than or equal to 10000, the flow limit check is passed, and the flow can be accessed to the system; if 0< flow ratio <10000, inquiring whether a flow control variable is configured, if so, acquiring a modulo 10000 value of a hash value corresponding to a flow control variable value as a limit value, for example, if the hash value corresponding to the flow control variable value is 5000, the limit value is 5000, and when 1000< flow ratio, checking to pass, otherwise, checking not to pass; if no flow control variable is configured, a random number in the range of 0-10000 is acquired as a limit value, and when the limit value is less than the flow ratio, the check is passed, otherwise, the check is not passed.
Based on the same inventive concept, the present application further provides a multi-granularity adaptive service traffic access control apparatus, which can be used to implement the method described in the foregoing embodiments, as described in the following embodiments. Because the principle of solving the problem of the multi-granularity self-adaptive service flow access control device is similar to that of the multi-granularity self-adaptive service flow access control method, the implementation of the multi-granularity self-adaptive service flow access control device can refer to the implementation of the multi-granularity self-adaptive service flow access control method, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
As shown in fig. 5, the present application provides a multi-granularity adaptive service traffic access control apparatus, including:
an access authority control unit 501, configured to query whether the service has a traffic access authority from a preset channel service parameter table according to the obtained service name and the obtained scene code;
a traffic access control unit 502, configured to control an accessed traffic according to a channel type of the traffic access and a granularity type of the traffic access if the access permission is provided; the types of granularity include: customer, region, and company wide.
In an embodiment, the multi-granularity adaptive service traffic access control apparatus further includes:
and the master control switch unit is used for judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
In one embodiment, as shown in fig. 6, when the channel type is: when the external caller channel is called, the traffic access control unit 502 includes:
the security verification module 601 is used for verifying the security of an external calling party channel;
a first client granularity access control module 602, configured to query, from a preset test point client table, whether the client exists, and if so, access the traffic of the client;
the first region granularity access control module 603 is configured to check whether a preset region switching parameter table has a parameter of the region, and if so, perform channel current limit check on the region;
the first full-company granularity access control module 604 is configured to query whether a channel service parameter table is provided with a full-company traffic access parameter, and if so, access the full-company traffic.
In one embodiment, as shown in fig. 7, when the channel type is: when the channel of the internal primary and secondary data sources is used, the traffic access control unit 502 includes:
a second client granularity access control module 701, configured to query, from a preset test point client table, whether the client exists, and if so, access the traffic of the client;
the second region granularity access control module 702 is configured to check whether a parameter of the region exists in a preset region switch parameter table, and if so, perform channel current limit check on the region;
and the second full-department granularity access control module 703 is configured to query whether a channel service parameter table is provided with a full-company traffic access parameter, and if so, access the full-company traffic.
In one embodiment, as shown in fig. 8, the region granularity access control module includes:
a flow rate ratio obtaining module 801, configured to obtain a flow rate ratio of the area;
and a first comparison module 802, configured to access the traffic of the area when the traffic ratio is not lower than a preset value.
In an embodiment, as shown in fig. 9, the granular access control module further includes:
a limit determining module 803, configured to obtain a preset flow control variable when the flow rate ratio is greater than 0 and smaller than a preset value, and determine a limit value according to the flow control variable;
and the second comparison module 804 is used for accessing the traffic of the region when the traffic proportion is larger than the limit value.
By the multi-granularity self-adaptive service flow access control method and the multi-granularity self-adaptive service flow access control device, the following problems are solved:
firstly, authority control: the access authority of the access party is controlled, so that the occurrence of the events such as hacker attack, access by the calling party according to the requirement negotiated in advance and the like is prevented.
Secondly, flow control: the method and the system realize multi-granularity flow control of services, applications and application scenes and clients, regions, full lines and the like, can accurately and flexibly customize a production range, and ensure that an application system gradually adapts to service flow access pressure through progressive drainage so as to ensure that service flow access reaches a fine controllable degree.
Thirdly, one-key control: the whole system is provided with the master control switch, and when large-scale problems occur in the system, the system is quickly switched back to the original host system by one key, so that the emergency efficiency is improved.
Fourthly, gray control: when a certain application scene has a problem, the influence range is controlled, the production risk is reduced, the application system is ensured to be continuously available, and the service continuity level is improved.
Fifthly, self-adaptive processing: the flow access proportion is planned in advance for the service capacity (indexes such as service transaction amount, response time, success rate and concurrency number, server CPU, memory, SWAP and the like, database I \ O, sql time consumption) and the service future access condition of the current system, so that automatic drainage is realized, manual intervention is reduced, and the labor cost is reduced.
An embodiment of the present application further provides a specific implementation manner of an electronic device capable of implementing all steps in the method in the foregoing embodiment, and referring to fig. 10, the electronic device specifically includes the following contents:
a processor (processor)1001, a memory 1002, a communication Interface (Communications Interface)1003, a bus 1004, and a nonvolatile memory 1005;
the processor 1001, the memory 1002, and the communication interface 1003 complete mutual communication through the bus 1004;
the processor 1001 is configured to call the computer programs in the memory 1002 and the nonvolatile memory 1005, and the processor implements all the steps of the method in the above embodiments when executing the computer programs, for example, the processor implements all the steps of the method when executing the computer programs.
Embodiments of the present application also provide a computer-readable storage medium capable of implementing all the steps of the method in the above embodiments, and the computer-readable storage medium stores thereon a computer program, which when executed by a processor implements all the steps of the method in the above embodiments, for example, the processor implements all the steps of the method when executing the computer program. The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment. Although embodiments of the present description provide method steps as described in embodiments or flowcharts, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the embodiments of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein. The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction. The above description is only an example of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present specification should be included in the scope of the claims of the embodiments of the present specification.
Claims (14)
1. A multi-granularity adaptive service flow access control method is characterized by comprising the following steps:
inquiring whether the service has a flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code;
if the access right is provided, controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access; the granularity types include: customer, region, and company wide.
2. The multi-granularity adaptive service traffic access control method according to claim 1, further comprising:
and judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
3. The multi-granularity adaptive service traffic access control method according to claim 1, wherein the channel type is: the external calling party channel, the controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access, comprises:
verifying the security of the external caller channel;
if the verification is passed, determining whether to perform flow access according to the granularity type, including:
inquiring whether the client exists in a preset examination client table or not, and if so, accessing the flow of the client;
inquiring whether a preset region switching parameter table has a parameter of the region, and if so, carrying out channel current-limiting inspection on the region;
and inquiring whether the channel service parameter table is provided with a whole company flow access parameter, and if so, accessing the whole company flow.
4. The multi-granularity adaptive service traffic access control method according to claim 1, wherein the channel type is: the internal main and auxiliary data source channels, which control the accessed flow according to the channel type of flow access and the granularity type of flow access, comprise:
inquiring whether the client exists in a preset examination client table, and if so, accessing the flow of the client;
inquiring whether a preset region switching parameter table has a parameter of the region, and if so, carrying out channel current-limiting inspection on the region;
and inquiring whether the channel service parameter table is provided with a whole company flow access parameter, and if so, accessing the whole company flow.
5. The method of claim 3 or 4, wherein the performing channel flow restriction check on the area comprises:
acquiring the flow proportion of the area;
and when the flow proportion is not lower than a preset value, accessing the flow of the area.
6. The method of claim 3 or 4, wherein the performing channel flow restriction check on the area further comprises:
when the flow proportion is larger than 0 and smaller than a preset value, acquiring a preset flow control variable, and determining a limit value according to the flow control variable;
and when the flow proportion is larger than the limit value, accessing the flow of the area.
7. A multi-granularity adaptive service traffic access control apparatus, comprising:
the access authority control unit is used for inquiring whether the service has flow access authority or not from a preset channel service parameter table according to the acquired service name and the scene code;
the flow access control unit is used for controlling the accessed flow according to the channel type of the flow access and the granularity type of the flow access if the flow access control unit has the authority; the granularity types include: customer, region, and company wide.
8. The apparatus of claim 7, further comprising:
and the master control switch unit is used for judging the on-off state of the flow access master control switch according to the flow access state log in the preset date range.
9. The multi-granularity adaptive service traffic access control device of claim 7, wherein the channel type is: the external caller channel, the flow inserts the control unit and includes:
the security verification module is used for verifying the security of the external calling party channel;
the first client granularity access control module is used for inquiring whether the client exists in a preset test point client table, and if so, accessing the flow of the client;
the first region granularity access control module is used for checking whether a preset region switch parameter table has a parameter of the region or not, and if so, performing channel current-limiting check on the region;
and the first full-company granularity access control module is used for inquiring whether a whole-company flow access parameter is set in the channel service parameter table or not, and if so, accessing the whole-company flow.
10. The multi-granularity adaptive service traffic access control device of claim 7, wherein the channel type is: the internal main and auxiliary data source channels, the flow access control unit includes:
the second client granularity access control module is used for inquiring whether the client exists in a preset test point client table, and if so, accessing the flow of the client;
the second region granularity access control module is used for checking whether the parameters of the region exist in a preset region switch parameter table or not, and if so, performing channel current-limiting check on the region;
and the second full-department granularity access control module is used for inquiring whether the channel service parameter table is provided with a full-company flow access parameter or not, and if so, accessing the flow of the full company.
11. The multi-granularity adaptive service traffic access control apparatus according to claim 9 or 10, wherein the region-granularity access control module comprises:
the flow proportion acquisition module is used for acquiring the flow proportion of the area;
and the first comparison module is used for accessing the flow of the area when the flow proportion is not lower than a preset value.
12. The multi-granularity adaptive service traffic access control device according to claim 9 or 10, wherein the granularity access control module further comprises:
the flow control device comprises a limit determining module, a flow control module and a flow control module, wherein the limit determining module is used for acquiring a preset flow control variable when the flow proportion is larger than 0 and smaller than a preset value, and determining a limit value according to the flow control variable;
and the second comparison module is used for accessing the traffic of the region when the traffic proportion is greater than the limit value.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the multi-granularity adaptive service traffic access control method of any one of claims 1 to 6.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the multi-granularity adaptive service traffic access control method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011637202.9A CN112804216B (en) | 2020-12-31 | 2020-12-31 | Multi-granularity self-adaptive service flow access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011637202.9A CN112804216B (en) | 2020-12-31 | 2020-12-31 | Multi-granularity self-adaptive service flow access control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112804216A true CN112804216A (en) | 2021-05-14 |
| CN112804216B CN112804216B (en) | 2023-02-24 |
Family
ID=75808749
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011637202.9A Active CN112804216B (en) | 2020-12-31 | 2020-12-31 | Multi-granularity self-adaptive service flow access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112804216B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257653A (en) * | 2021-12-24 | 2022-03-29 | 中国工商银行股份有限公司 | Flow data processing method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7826364B1 (en) * | 2006-02-09 | 2010-11-02 | Verizon Services Corp. | Dynamic service-aware flow control in packet networks |
| CN108121918A (en) * | 2017-12-29 | 2018-06-05 | 福建省农村信用社联合社 | A kind of bank inside and outside services two-way cooperative system and method |
| CN109922013A (en) * | 2019-01-28 | 2019-06-21 | 世纪龙信息网络有限责任公司 | Service access flow control methods, device, server and storage medium |
| CN110163745A (en) * | 2019-05-07 | 2019-08-23 | 中国工商银行股份有限公司 | Hierarchical control data check and control processing system and method |
| CN110290070A (en) * | 2019-05-15 | 2019-09-27 | 北京三快在线科技有限公司 | A kind of flow control methods, device, equipment and readable storage medium storing program for executing |
| CN110996352A (en) * | 2019-12-20 | 2020-04-10 | 众安在线财产保险股份有限公司 | Flow control method and device, computer equipment and storage medium |
| CN111274046A (en) * | 2020-01-16 | 2020-06-12 | 平安医疗健康管理股份有限公司 | Service call validity detection method and device, computer equipment and computer storage medium |
-
2020
- 2020-12-31 CN CN202011637202.9A patent/CN112804216B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7826364B1 (en) * | 2006-02-09 | 2010-11-02 | Verizon Services Corp. | Dynamic service-aware flow control in packet networks |
| CN108121918A (en) * | 2017-12-29 | 2018-06-05 | 福建省农村信用社联合社 | A kind of bank inside and outside services two-way cooperative system and method |
| CN109922013A (en) * | 2019-01-28 | 2019-06-21 | 世纪龙信息网络有限责任公司 | Service access flow control methods, device, server and storage medium |
| CN110163745A (en) * | 2019-05-07 | 2019-08-23 | 中国工商银行股份有限公司 | Hierarchical control data check and control processing system and method |
| CN110290070A (en) * | 2019-05-15 | 2019-09-27 | 北京三快在线科技有限公司 | A kind of flow control methods, device, equipment and readable storage medium storing program for executing |
| CN110996352A (en) * | 2019-12-20 | 2020-04-10 | 众安在线财产保险股份有限公司 | Flow control method and device, computer equipment and storage medium |
| CN111274046A (en) * | 2020-01-16 | 2020-06-12 | 平安医疗健康管理股份有限公司 | Service call validity detection method and device, computer equipment and computer storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257653A (en) * | 2021-12-24 | 2022-03-29 | 中国工商银行股份有限公司 | Flow data processing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112804216B (en) | 2023-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111580977B (en) | Resource adjustment method and related equipment | |
| CN109493076B (en) | Kafka message unique consumption method, system, server and storage medium | |
| CN111049695A (en) | Cloud gateway configuration method and system | |
| CN109766330B (en) | Data slicing method and device, electronic equipment and storage medium | |
| CN108268211B (en) | Data processing method and device | |
| CN111797173B (en) | Alliance chain sharing system, method and device, electronic equipment and storage medium | |
| CN112804216B (en) | Multi-granularity self-adaptive service flow access control method and device | |
| CN113505996A (en) | Authority management method and device | |
| CN113791735A (en) | Video data storage method and device, computer equipment and storage medium | |
| CN113010238A (en) | Permission determination method, device and system for micro application call interface | |
| CN111045802B (en) | Redis cluster component scheduling system and method and platform equipment | |
| CN115510427B (en) | Cross-platform process running credible monitoring method and system | |
| CN109657485B (en) | Authority processing method and device, terminal equipment and storage medium | |
| US11900152B1 (en) | Controlled automatic updates to disk image layers with compatibility verification | |
| CN115174177B (en) | Rights management method, device, electronic apparatus, storage medium, and program product | |
| CN103197950A (en) | Plug-in virtual machine implementing method | |
| CN116522355A (en) | Electric power data boundary protection method, equipment, medium and device | |
| CN114338124B (en) | Management method and system of cloud password computing service, electronic equipment and storage medium | |
| CN109284177B (en) | Data updating method and device | |
| CN113673844B (en) | Information feedback method, device and equipment | |
| US11075803B1 (en) | Staging configuration changes with deployment freeze options | |
| CN115033551A (en) | Database migration method and device, electronic equipment and storage medium | |
| CN113449042A (en) | Automatic data warehouse-dividing method and device | |
| CN110716764A (en) | Sharing method and device of public configuration, computer equipment and storage medium | |
| CN106201842A (en) | A kind of general report method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |