CN112836190A - Resource data authority control method and device and intelligent terminal - Google Patents
Resource data authority control method and device and intelligent terminal Download PDFInfo
- Publication number
- CN112836190A CN112836190A CN202110237695.5A CN202110237695A CN112836190A CN 112836190 A CN112836190 A CN 112836190A CN 202110237695 A CN202110237695 A CN 202110237695A CN 112836190 A CN112836190 A CN 112836190A
- Authority
- CN
- China
- Prior art keywords
- information
- authority
- user
- encryption
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a resource data authority control method, a resource data authority control device and an intelligent terminal, wherein if a user requests to operate resource data through a data platform, user information sent by the data platform is received through a preset interface; acquiring encryption authority information corresponding to user information; judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information; if so, sending authority confirmation information to the data platform so that the data platform allows the user to operate the resource data; monitoring the operation result of the user on the resource data through the data platform; and when the operation state is successful, updating the encryption permission information based on the permission change information to obtain the updated encryption permission information. The embodiment of the invention can uniformly judge the access authority of the user and can reduce the redundant or missing phenomenon of the authority information.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a resource data authority control method, a resource data authority control device and an intelligent terminal.
Background
The cloud resource management platform is a virtualization platform for uniformly managing resource data such as physical resources, virtual resources and service resources through a network, and different data authorities need to be set for different users in the cloud resource management platform, so that the users can operate the resource data in the data center within the data authority range of the users, and the users are prevented from operating the resource data without authorization. When judging whether the user operates the resource data without authorization, the interception code is needed to judge whether the user has the access authority of the resource interface corresponding to the resource data. At present, interception codes of resource interfaces corresponding to different resource data are compiled in different places, so that the access authority of a user needs to be judged in different places, namely the access authority of the user cannot be judged uniformly. And because the cloud resource management platform and the data center belong to different platforms, when the resource data of the data center are changed, the authority information in the cloud resource management platform cannot be changed along with the change of the resource data in time, so that the phenomenon of data authority redundancy or data authority loss occurs.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and an intelligent terminal for controlling authority of resource data, which can uniformly determine access authority of a user and reduce redundant or missing of authority information.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a battery charging method, where the method is performed by a cloud resource management platform, and the method includes: if a user requests to operate the resource data through the data platform, receiving user information sent by the data platform through a preset interface; acquiring encryption authority information corresponding to user information; judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information; if so, sending authority confirmation information to the data platform so that the data platform allows the user to operate the resource data; monitoring the operation result of the user on the resource data through the data platform; wherein, the operation result comprises authority change information and an operation state; the operation state comprises operation success and operation failure; and when the operation state is successful, updating the encryption permission information based on the permission change information to obtain the updated encryption permission information.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the step of obtaining encryption right information corresponding to user information includes: acquiring a permission mapping table; the authority mapping table stores the corresponding relation between the user information and the encryption authority information; and searching the encryption authority information corresponding to the user information in the authority mapping table.
With reference to the first possible implementation manner of the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the encryption right information is generated based on a hardware encryption device; the step of obtaining the authority mapping table comprises the following steps: acquiring each authority information corresponding to the resource data; sending each authority information to a hardware encryption device so that the hardware encryption device encrypts each authority information to obtain encryption authority information corresponding to each authority information; receiving each piece of encryption authority information sent by hardware encryption equipment; and acquiring target user information corresponding to each piece of encryption authority information, and storing each piece of encryption authority information and each piece of target user information in a preset area in an associated manner to obtain an authority mapping table.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the step of determining whether the user has an operation right of the resource data based on the user information and the encryption right information includes: decrypting the encrypted authority information through hardware encryption equipment to obtain decrypted authority information; acquiring authority parameters corresponding to the user information, and extracting preset authority parameters in the decryption authority information; judging whether the authority parameters are consistent with preset authority parameters or not; if so, the user is confirmed to have the operation authority of the resource data.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where the step of monitoring, by a data platform, an operation result of a user on resource data includes: setting a thread for monitoring the peripheral message server, and monitoring the peripheral message server based on the thread; the peripheral message server is used for receiving an operation result sent by the data platform; and after monitoring the operation result forwarded by the peripheral message server, reading the permission change information and the operation state in the operation result.
With reference to the first aspect, an embodiment of the present invention provides a fifth possible implementation manner of the first aspect, where the updating the encryption permission information based on the permission modification information when the operation status is successful to obtain updated encryption permission information includes: when the operation state is successful, acquiring a message processing set; searching a target message processing mode corresponding to the authority change information in the message processing set; and updating the permission change information based on the message processing mode to obtain updated encryption permission information.
In a second aspect, an embodiment of the present invention further provides an apparatus for controlling authority of resource data, where the apparatus is applied to a cloud resource management platform, and the apparatus includes: the receiving module is used for receiving user information sent by the data platform through a preset interface if a user requests to operate the resource data through the data platform; the encryption authority information acquisition module is used for acquiring encryption authority information corresponding to the user information; the judging module is used for judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information; the sending module is used for sending authority confirmation information to the data platform when the judgment result of the judging module is yes, so that the data platform allows a user to operate the resource data; the monitoring module is used for monitoring the operation result of the user on the resource data through the data platform; wherein, the operation result comprises authority change information and an operation state; the operation state comprises operation success and operation failure; and the updating module is used for updating the encryption authority information based on the authority change information when the operation state is successful to obtain the updated encryption authority information.
With reference to the second aspect, an embodiment of the present invention provides a first possible implementation manner of the second aspect, where the permission information obtaining module is further configured to: acquiring a permission mapping table; searching encryption authority information corresponding to the user information in the authority mapping table; the authority mapping table stores the corresponding relation between the user information and the encryption authority information.
In a third aspect, an embodiment of the present invention further provides an intelligent terminal, where the intelligent terminal includes a memory and a processor, the memory is used to store a program that supports the processor to execute any one of the methods in the first to sixth possible implementation manners of the first aspect, and the processor is configured to execute the program stored in the memory.
In a third aspect, an embodiment of the present invention further provides a computer storage medium for storing computer software instructions for the method according to any one of the first to sixth possible implementation manners of the first aspect.
The embodiment of the invention has the following beneficial effects:
the method, the device and the intelligent terminal for controlling the authority of the resource data are executed by a cloud resource management platform, firstly, when a user requests to operate the resource data through a data center (namely, the data platform), user information sent by the data center is received through a preset interface, then encryption authority information corresponding to the user information is obtained, whether the user has the authority of operating the resource data or not is judged according to the user information and the encryption authority information, when the user has the authority of operating the resource data, the data platform is informed of allowing the user to operate, then, the operation result of operating the resource data by the user is monitored, and the encryption authority information is updated according to the monitoring result. The embodiment of the invention can receive the user information through the same preset interface so as to achieve the purpose of uniformly judging the user authority information; in addition, the operation result of the user is monitored, and the encrypted authority information is updated according to the operation result, so that the authority information in the cloud resource management platform is consistent with the resource data in the data center, and the phenomenon of redundant authority information or missing authority information is reduced.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart illustrating a method for controlling the authority of resource data according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating another method for controlling the authority of resource data according to an embodiment of the present invention;
FIG. 3 illustrates a flow chart of administrator data authorization provided by an embodiment of the present invention;
FIG. 4 is a flowchart illustrating another method for controlling the authority of resource data according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a method for listening to a JMS message according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram illustrating an apparatus for controlling authority of resource data according to an embodiment of the present invention;
fig. 7 shows a schematic structural diagram of an intelligent terminal provided in an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, the existing data authority mainly includes establishing a mapping relationship between a user and a resource, storing the data authority into a database of a cloud resource management system through authorization, when intercepting the authority of the user, firstly judging whether the user has an access authority of an interface corresponding to the resource, and after having the authority to access the interface corresponding to the resource, judging whether the user has the authority to use a specified parameter value according to a configured condition, namely judging whether the user has the authority to use the resource according to user information, wherein under the condition, an interception code for intercepting an interface request needs to be written in different places, so that the access authority of the user cannot be intercepted uniformly; in addition, when an interface related to data authority is newly added, the corresponding interception code needs to be rewritten, so that a great deal of redundancy is generated in the interception code, and meanwhile, the interception code is not easy to maintain. On the other hand, since the data center and the cloud resource management platform belong to two different systems, that is, the authority data and the resource data are respectively stored in the cloud resource management platform and the data center, when the resource data in the data center changes, the authority information in the cloud resource management platform cannot change in time along with the change of the resource data, so that the authority information is redundant or lost.
Based on this, the embodiment of the invention provides a method and a device for controlling the authority of resource data and an intelligent terminal, which can uniformly judge the authority information of a user and reduce the phenomenon of redundant authority information or missing authority information.
To facilitate understanding of the present embodiment, first, a method for controlling the authority of resource data disclosed in the embodiment of the present invention is described in detail, where the method is executed by a cloud resource management platform, and refer to a flowchart of a method for controlling the authority of resource data shown in fig. 1, where the method includes the following steps:
step S102, if the user requests to operate the resource data through the data platform, user information sent by the data platform is received through a preset interface.
The data center stores Resource data such as physical resources, virtual resources, service resources and the like, and when a user requests to operate the Resource data, an interface request is generated based on the operation of the user on the Resource data, wherein the interface request is associated with the user information, that is, the interface request is received while the user information is received through a preset interface, and the generated interface request carries a parameter key and a URL (Uniform Resource Locator) of the interface. The parameter key can request the same preset interface RestServlet, and the URL of the interface is analyzed through the preset interface RestServlet to obtain the parameter name and the parameter type in the interface request, so that the subsequent judgment of the authority information corresponding to the user information is realized according to the parameter name and the parameter type. Specifically, Servlet is an abbreviation of Java Servlet, called Servlet or service connector, and is a server-side program written in Java, and RestServlet can use Servlet to resolve a URL of a Rest style. Because the same preset interface RestServlet can be requested through the parameter key and the user information of all users can be received through the same preset interface RestServlet, the purpose of uniformly judging the user permission information can be realized.
Step S104, obtaining the encryption authority information corresponding to the user information.
In an embodiment, the permission mapping table may be obtained first, and since the permission mapping table stores the corresponding relationship between the user information and the encryption permission information, the encryption permission information may be searched in the permission mapping table according to the user information. Further, in the prior art, a common DES (Data encryption Standard) encryption algorithm is usually used to encrypt the authority Data (that is, the authority information), but the DES algorithm is an open source algorithm, that is, the DES algorithm is easy to be cracked, so that the authority Data is easy to be stolen, and further the security of the resource Data is low, so that the authority information can be encrypted by a hardware encryption device with higher security in order to improve the security of the resource Data.
And step S106, judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information.
Analyzing the interface request through the RestServlet to obtain a parameter value and a parameter type, analyzing the encryption permission information through the RestServlet to obtain a preset parameter value and a preset parameter type, comparing the parameter value with the preset parameter value and comparing the parameter type with the preset parameter type, and judging the operation permission of the user.
And step S108, if so, sending authority confirmation information to the data platform so that the data center allows the user to operate the resource data.
When the user has the operation right of the resource data, the corresponding URL interface can be searched according to the URL of the interface, and then the interface request is forwarded to the corresponding URL interface, so that the user can operate the resource data. Furthermore, when the user does not have the operation right of the resource data, the user can intercept the interface request by the interception code and simultaneously prompt to generate a prompt message of' unauthorized access! Sending prompt information to the data platform to prompt the user that the user does not have the operation authority for the resource data.
Step S110, monitoring the operation result of the user on the resource data through the data platform.
In general, a user may perform operations such as browsing, deleting, and copying on resource data, where the operations such as deleting and copying may change the quantity of the resource data, and as the quantity of the resource data changes, the authority information of the resource data should also change, for example, if the user deletes the resource data, the authority information corresponding to the resource data should also be deleted. Therefore, the operation result of the user on the resource data is monitored through the data platform, so that when the resource data is changed, the authority data in the cloud resource management platform is correspondingly changed. Further, the operation result comprises authority change information and an operation state, wherein the operation state comprises operation success and operation failure. The cloud resource management platform can change the authority information in the information change platform through the authority change.
And step S112, when the operation state is successful, updating the encryption permission information based on the permission change information to obtain updated encryption permission information.
It can be understood that, when the operation state is operation failure, that is, the resource data of the data center is not changed, the encryption permission information does not need to be updated based on the permission change information; and when the operation state is successful, acquiring a message processing set, searching a target message processing mode corresponding to the permission change information in the message processing set, updating the permission change information based on the message processing mode to obtain updated encryption permission information, and storing the updated encryption permission information. The method comprises the steps of monitoring the operation result of a user, obtaining the change of the user to resource data, and updating encryption authority information according to the change of the resource data, so that the authority information in the cloud resource management platform is consistent with the resource data in the data center, and the redundancy of the authority information or the loss of the authority information is avoided as much as possible.
The method for controlling the authority of the resource data is executed by a cloud resource management platform, firstly, when a user requests to operate the resource data through a data center, user information sent by the data center is received through a preset interface, then encryption authority information corresponding to the user information is obtained, whether the user has the authority of operating the resource data or not is judged according to the user information and the encryption authority information, when the user has the authority of operating the resource data, the data platform is informed of allowing the user to operate, then, the operation result of operating the resource data by the user is monitored, and the encryption authority information is updated according to the monitoring result. The embodiment of the invention can receive the user information through the same preset interface so as to achieve the purpose of uniformly judging the user authority information; in addition, the operation result of the user is monitored, and the encrypted authority information is updated according to the operation result, so that the authority information in the cloud resource management platform is consistent with the resource data in the data center, and the phenomenon of redundant authority information or missing authority information is reduced.
To facilitate understanding of the foregoing embodiments, an embodiment of the present invention further provides another method for controlling the authority of resource data, referring to a flowchart of another method for controlling the authority of resource data shown in fig. 2, where the method includes the following steps:
step S202, if the user requests to operate the resource data through the data platform, the user information sent by the data platform is received through the preset interface.
The cloud resource management platform adopts a Browser/Server (B/S) mode, and receives user information through a preset interface of a front end (namely, a Browser end). Because the user information is associated with the interface request, and the interface request also comprises the parameter key, the permission of the user information can be judged through the same preset interface according to the same preset interface RestServlet requested by the parameter key, so that the unified judgment of the user permission information is realized.
Step S204, acquiring an authority mapping table.
The authority mapping table stores the corresponding relation between the user information and the encrypted authority information, and before the authority information is encrypted, the authority information is obtained by data authorization of a specific user through an administrator on an authorization page. Specifically, referring to a manager data authorization flowchart shown in fig. 3, firstly, a manager selects resource data to be granted for a specific user on a front-end authorization page of a B/S structure, clicks and stores the resource data to generate an authorization request, then a server of the B/S structure receives the authorization request, and sends authority information corresponding to the authorization request to a hardware encryption server (that is, a hardware encryption device), and after the hardware encryption device completes encryption, the server receives encrypted authority data, and stores the encrypted authority data to a database and a local memory of a cloud resource management platform, respectively.
The embodiment of the invention further provides a method for obtaining the authority mapping table, which specifically refers to the following steps:
(1) and acquiring each authority information corresponding to the resource data.
In order to prevent omission of the acquired authority information corresponding to the resource data, each authority information corresponding to the resource data can be acquired in an enumeration manner, wherein the authority information comprises a parameter key, a URL (uniform resource locator) of an interface, a parameter type, a parameter position and a parameter name.
(2) And sending each authority information to the hardware encryption equipment so that the hardware encryption equipment encrypts each authority information to obtain the encryption authority information corresponding to each authority information.
And packaging each authority information through a hardware encryption device with higher encryption so as to prevent the URL of the interface in the authority information from being directly exposed to the outside, improve the security of the authority information and further improve the security of the resource data. Specifically, during encapsulation, it is agreed that all http requests at the front end uniformly use one of GET (query) method, POST (add) method, PUT (modify) method And DELETE method of encapsulation, wherein the http request is one of Ajax (Asynchronous Javascript And XML) requests.
(3) And receiving each piece of encryption authority information sent by the hardware encryption device.
(4) And acquiring target user information corresponding to each piece of encryption authority information, and storing each piece of encryption authority information and each piece of target user information in a preset area in an associated manner to obtain an authority mapping table.
In order to facilitate searching for the encryption authority information corresponding to the user information, the encryption authority information and the target user information are stored in an associated manner, so that the corresponding encryption authority information can be quickly searched based on the user information when the encryption authority information is searched in the authority mapping table.
Step S206, the encryption authority information corresponding to the user information is searched in the authority mapping table.
Since the corresponding relationship between the user information and the encryption right is stored in the right mapping table, the corresponding encryption right information can be obtained based on the user information.
And S208, decrypting the encrypted authority information through the hardware encryption equipment to obtain decrypted authority information.
Step S210, obtaining the authority parameter corresponding to the user information, and extracting the preset authority parameter in the decryption authority information.
The permission parameters are stored in the requestParam form parameters, because the preset interface RestServlet can analyze the interface request associated with the user information, the parameter name and the parameter type corresponding to the user information can be obtained, and then the permission parameters corresponding to the parameter name are searched in the requestParam form parameters, so that the permission parameters corresponding to the user information can be obtained. In addition, the decrypted authority information already stores preset authority parameters, so that the decrypted authority information is extracted to obtain the preset authority information.
Step S212, judging whether the authority parameter is consistent with the preset authority parameter. If yes, go to step S214; if not, the process is ended.
Step S214, confirming that the user has the operation authority of the resource data.
Step S216, sending permission confirmation information to the data platform, so that the data center allows the user to operate the resource data.
Because the user information is associated with the interface request and the interface request carries the URL of the interface, after confirming that the user has the operation authority of the resource data, the user information and the interface parameter are associated and sent to the URL interface corresponding to the URL of the interface, so that the user can operate the resource data.
Step S218, a thread for monitoring the peripheral message server is set, and the peripheral message server is monitored based on the thread.
The peripheral Message server is an MQ (Message Queue) server and is configured to receive an operation result sent by the data center. Specifically, when a user operates resource data, the data center receives a resource operation request, generates a scheduling task according to the resource operation request, and circularly transmits a JMS (Java Message Service) Message including information such as a resource ID, a resource type, an execution state, and the like to the MQ server. In order to monitor the messages received by the MQ server, a new thread is started at the front end of the cloud resource management platform to continuously read the messages of the MQ message server, and the execution state of the corresponding resource data in the data center is monitored.
Step S220, after monitoring the operation result forwarded by the peripheral message server, reading the permission change information and the operation state in the operation result.
In step S222, when the operation status is successful, a message processing set is acquired.
If the execution state of the resource data in the database is successful, the operation state is the operation success, and corresponding permission change is executed in the corresponding message processing class; if the execution state is successful, the operation state is operation failure, and at this time, no processing is performed.
Step S224, searching the target message processing mode corresponding to the authority change information in the message processing set.
Step S226, updating the permission modification information based on the message processing mode, and obtaining updated encryption permission information.
The authority control method of resource data provided by the embodiment of the invention comprises the steps of firstly receiving user information sent by a data center through a preset interface when a user requests to operate the resource data through the data center, searching encrypted authority information corresponding to the user information in an authority mapping table after acquiring the authority mapping table, and judges whether the user has the authority to operate the resource data according to the user information and the encryption authority information, when the user has the right to operate the resource data, the data platform is informed to allow the user to operate, the peripheral message server is then listened to based on the thread used to listen to the peripheral message server, and when the operation result forwarded by the peripheral message server is monitored and the operation state is successful, updating the permission change information based on the message processing mode to obtain updated encryption permission information. The embodiment of the invention can receive the user information through the same preset interface so as to achieve the purpose of uniformly judging the user authority information; in addition, the operation result of the user is monitored, and the encrypted authority information is updated according to the operation result, so that the authority information in the cloud resource management platform is consistent with the resource data in the data center, and the phenomenon of redundant authority information or missing authority information is reduced.
In order to understand the method provided by the foregoing embodiment, an embodiment of the present invention further provides another method for controlling an authority of resource data, referring to a flowchart of another method for controlling an authority of resource data shown in fig. 4, when a cloud resource management platform receives an interface request related to a resource, the cloud resource management platform sends the interface request to a preset interface RestServlet, and the preset interface RestServlet parses a parameter APIKey in a request (that is, an interface request), where the parsing process specifically refers to the following steps:
(1) and acquiring the parameter name and the parameter type corresponding to the parameter APIKey in the ApiEnummapping relation.
(2) And acquiring a corresponding parameter value (namely, an authority parameter) in the requestParam form parameter according to the parameter name.
(3) The user ID (i.e., user information) of the current request is acquired from the request.
(4) And searching authority information corresponding to the user ID from the cloud resource management platform, and decrypting the authority information through hardware encryption equipment to obtain a parameter value and a parameter type in the authority information.
(5) And checking whether the user has the authority of the resource or not according to the parameter value and the parameter type.
(6) And if so, forwarding the request to a corresponding URL interface.
(7) And if not, intercepting the request and sending an unauthorized abnormal prompt to the cloud resource management platform.
The cloud resource management platform in the embodiment of the invention adopts a mode that all interfaces request RestServlet, reduces codes of a data permission interception module, does not need to additionally add new permission interception logic when a new interface is added into the system, can be applicable to the new interface by the original interception logic, and can achieve the effect of being on by one day and many hours.
Because some rights in the cloud resource management platform also change with the change of the resource data in the data center, for example, if a certain resource data is removed from the data center or a certain resource data is added to the data center, the rights information of the user needs to be dynamically added or deleted. Because these operations are often task-scheduling methods, i.e., they are based on asynchronous completion, task scheduling may succeed or fail. In the system, the task progress of resource operation is continuously refreshed by adopting a mode of sending MQ messages and receiving MQ messages, so that the system also adopts a mode of monitoring JMS message contents to control the change of the authority.
For ease of understanding, referring to the flowchart of fig. 5, which shows a method for listening for a JMS message, a component of a data center receives a resource operation request (i.e., an interface request), then generates a scheduling task based on the resource operation request, and sends the JMS message to an MQ message server, where the JMS message includes a resource ID, a resource type, and an execution state. When a component in the cloud resource management platform monitors that an MQ message server receives a JMS message sent by a data center through a WceTaskMessageListener class, the JMS message is read, all MessageHandleFactory (message processing mode) classes are obtained, a specific MessageHandler (message processing mode) class is created according to the JMS message, then permission change is realized in the MessageHandler class, and a permission change result PUSH (PUSH) is pushed to the front end of the cloud resource management platform.
As to the method for controlling the authority of the resource data provided in the foregoing embodiment, an embodiment of the present invention further provides an authority control device for resource data, where the authority control device is applied to a cloud resource management platform, and referring to a schematic structural diagram of the authority control device for resource data shown in fig. 6, the authority control device for resource data includes the following components:
the receiving module 602 is configured to receive, through a preset interface, user information sent by a data platform if a user requests to operate resource data through the data platform.
An encryption authority information obtaining module 604, configured to obtain encryption authority information corresponding to the user information.
The determining module 606 is configured to determine whether the user has the operation right of the resource data based on the user information and the encryption right information.
A sending module 608, configured to send permission confirmation information to the data platform when the determination result of the determining module is yes, so that the data center allows the user to operate the resource data.
And the monitoring module 610 is configured to monitor an operation result of the user on the resource data through the data platform. Wherein, the operation result comprises authority change information and an operation state; the operation status includes operation success and operation failure.
And an updating module 612, configured to update the encryption permission information based on the permission change information when the operation state is that the operation is successful, so as to obtain updated encryption permission information.
The invention provides an authority control device of resource data and a cloud resource management platform, which are characterized in that firstly, when a user requests to operate the resource data through a data center, user information sent by the data center is received through a preset interface of a receiving module, then an encryption authority information acquisition module acquires encryption authority information corresponding to the user information, a judgment module judges whether the user has the authority of operating the resource data according to the user information and the encryption authority information, when the user has the authority of operating the resource data, a sending module informs the data platform of allowing the user to operate, then a monitoring module monitors the operation result of operating the resource data by the user, and updates the encryption authority information through an updating module according to the monitoring result. The embodiment of the invention can receive the user information through the same preset interface so as to achieve the purpose of uniformly judging the user authority information; in addition, the operation result of the user is monitored, and the encrypted authority information is updated according to the operation result, so that the authority information in the cloud resource management platform is consistent with the resource data in the data center, and the phenomenon of redundant authority information or missing authority information is reduced.
Further, the permission information obtaining module is further configured to obtain a permission mapping table, and search for encrypted permission information corresponding to the user information in the permission mapping table; the authority mapping table stores the corresponding relation between the user information and the encryption authority information.
The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the method embodiments without reference to the device embodiments.
The equipment is an intelligent terminal, and particularly, the intelligent terminal comprises a processor and a storage device; the storage means has stored thereon a computer program which, when executed by the processor, performs the method of any of the above described embodiments.
Fig. 7 is a schematic structural diagram of an intelligent terminal according to an embodiment of the present invention, where the intelligent terminal 100 includes: a processor 70, a memory 71, a bus 72 and a communication interface 73, wherein the processor 70, the communication interface 73 and the memory 71 are connected through the bus 72; the processor 70 is arranged to execute executable modules, such as computer programs, stored in the memory 71.
The Memory 71 may include a high-speed Random Access Memory (RAM) and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 73 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used.
The bus 72 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 7, but this does not indicate only one bus or one type of bus.
The memory 71 is configured to store a program, and the processor 70 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present invention may be applied to the processor 70, or implemented by the processor 70.
The processor 70 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 70. The Processor 70 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory 71, and the processor 70 reads the information in the memory 71 and completes the steps of the method in combination with the hardware thereof.
The process error prevention method, the process error prevention device and the computer program product of the intelligent terminal provided by the embodiments of the present invention include a computer readable storage medium storing a nonvolatile program code executable by a processor, wherein the computer readable storage medium stores a computer program, and the computer program is executed by the processor to perform the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the system described above may refer to the corresponding process in the foregoing embodiments, and is not described herein again.
The computer program product of the readable storage medium provided in the embodiment of the present invention includes a computer readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for controlling authority of resource data, wherein the method is executed by a cloud resource management platform, and the method comprises the following steps:
if a user requests to operate resource data through a data platform, receiving user information sent by the data platform through a preset interface;
acquiring encryption authority information corresponding to the user information;
judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information;
if so, sending permission confirmation information to the data platform so that the data platform allows the user to operate the resource data;
monitoring the operation result of the user on the resource data through the data platform; wherein the operation result comprises authority change information and an operation state; the operation state comprises operation success and operation failure;
and when the operation state is successful, updating the encryption permission information based on the permission change information to obtain updated encryption permission information.
2. The method according to claim 1, wherein the step of obtaining encryption right information corresponding to the user information comprises:
acquiring a permission mapping table; the authority mapping table stores the corresponding relation between user information and encryption authority information;
and searching the encryption authority information corresponding to the user information in the authority mapping table.
3. The method of claim 2, wherein the encryption right information is generated based on a hardware encryption device;
the step of obtaining the permission mapping table includes:
acquiring each authority information corresponding to the resource data;
sending each piece of authority information to the hardware encryption equipment so that the hardware encryption equipment encrypts each piece of authority information to obtain encrypted authority information corresponding to each piece of authority information;
receiving each piece of encryption authority information sent by the hardware encryption equipment;
and acquiring target user information corresponding to each piece of encryption authority information, and storing each piece of encryption authority information and each piece of target user information in a preset area in an associated manner to obtain an authority mapping table.
4. The method according to claim 3, wherein the step of determining whether the user has the operation right of the resource data based on the user information and the encryption right information comprises:
decrypting the encryption permission information through the hardware encryption equipment to obtain decryption permission information;
acquiring authority parameters corresponding to user information, and extracting preset authority parameters in the decryption authority information;
judging whether the permission parameters are consistent with the preset permission parameters or not;
and if so, confirming that the user has the operation authority of the resource data.
5. The method according to claim 1, wherein the step of listening, by the data platform, the operation result of the user on the resource data comprises:
setting a thread for monitoring a peripheral message server, and monitoring the peripheral message server based on the thread; the peripheral message server is used for receiving an operation result sent by the data platform;
and after monitoring the operation result forwarded by the peripheral message server, reading the permission change information and the operation state in the operation result.
6. The method according to claim 1, wherein the step of updating the encryption right information based on the right change information to obtain updated encryption right information when the operation status is operation success comprises:
when the operation state is successful, acquiring a message processing set;
searching a target message processing mode corresponding to the permission change information in the message processing set;
and updating the permission change information based on the message processing mode to obtain updated encryption permission information.
7. An apparatus for controlling authority of resource data, the apparatus being applied to a cloud resource management platform, the apparatus comprising:
the receiving module is used for receiving user information sent by the data platform through a preset interface if a user requests to operate the resource data through the data platform;
the encryption authority information acquisition module is used for acquiring encryption authority information corresponding to the user information;
the judging module is used for judging whether the user has the operation authority of the resource data or not based on the user information and the encryption authority information;
the sending module is used for sending permission confirmation information to the data platform when the judgment result of the judging module is yes, so that the data platform allows the user to operate the resource data;
the monitoring module is used for monitoring the operation result of the user on the resource data through the data platform; wherein the operation result comprises authority change information and an operation state; the operation state comprises operation success and operation failure;
and the updating module is used for updating the encryption permission information based on the permission change information when the operation state is successful to obtain the updated encryption permission information.
8. The apparatus of claim 7, wherein the permission information obtaining module is further configured to:
acquiring a permission mapping table;
searching encryption authority information corresponding to the user information in an authority mapping table; the authority mapping table stores the corresponding relation between the user information and the encryption authority information.
9. An intelligent terminal, characterized in that the intelligent terminal comprises a memory for storing a program enabling a processor to perform the method of any of claims 1 to 6, and a processor configured to execute the program stored in the memory.
10. A computer storage medium storing computer software instructions for use in the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110237695.5A CN112836190A (en) | 2021-03-03 | 2021-03-03 | Resource data authority control method and device and intelligent terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110237695.5A CN112836190A (en) | 2021-03-03 | 2021-03-03 | Resource data authority control method and device and intelligent terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112836190A true CN112836190A (en) | 2021-05-25 |
Family
ID=75934536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110237695.5A Pending CN112836190A (en) | 2021-03-03 | 2021-03-03 | Resource data authority control method and device and intelligent terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112836190A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114722412A (en) * | 2022-04-15 | 2022-07-08 | 北京科杰科技有限公司 | Data security storage method and device, electronic equipment and storage medium |
-
2021
- 2021-03-03 CN CN202110237695.5A patent/CN112836190A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114722412A (en) * | 2022-04-15 | 2022-07-08 | 北京科杰科技有限公司 | Data security storage method and device, electronic equipment and storage medium |
| CN114722412B (en) * | 2022-04-15 | 2023-04-07 | 北京科杰科技有限公司 | Data secure storage method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110798472B (en) | Data leakage detection method and device | |
| US9473568B2 (en) | Detecting code injections through cryptographic methods | |
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| US20140150096A1 (en) | Method for assuring integrity of mobile applications and apparatus using the method | |
| US8341753B2 (en) | Managing pre-release of a game application over a network | |
| CN109194671B (en) | Abnormal access behavior identification method and server | |
| CN110888838B (en) | Request processing method, device, equipment and storage medium based on object storage | |
| WO2014106489A1 (en) | Method and system for processing browser crash information | |
| CN111092745A (en) | Log processing method and device based on block chain, computer equipment and storage medium | |
| WO2019201040A1 (en) | File update management method and system and terminal apparatus | |
| CN111444500A (en) | Authentication method, device, equipment and readable storage medium | |
| CN111539775B (en) | Application management method and device | |
| CN113221166A (en) | Method and device for acquiring block chain data, electronic equipment and storage medium | |
| CN110708335A (en) | Access authentication method and device and terminal equipment | |
| CN113360913A (en) | Malicious program detection method and device, electronic equipment and storage medium | |
| CN114208114A (en) | Multi-view security context per participant | |
| US9548969B2 (en) | Encryption/decryption method, system and device | |
| CN112836190A (en) | Resource data authority control method and device and intelligent terminal | |
| CN110941672A (en) | Household registration management method, device, equipment and storage medium | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| KR20210132545A (en) | Apparatus and method for detecting abnormal behavior and system having the same | |
| CN116827551A (en) | Method and device for preventing global override | |
| CN116522308A (en) | Database account hosting method, device, computer equipment and storage medium | |
| CN114915500B (en) | Self-media account management method and device based on PC desktop client | |
| KR20170111275A (en) | Method and apparatus for providing secure internet connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |