CN112882763A - Access control method, device, equipment and readable storage medium - Google Patents
Access control method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN112882763A CN112882763A CN202011502310.5A CN202011502310A CN112882763A CN 112882763 A CN112882763 A CN 112882763A CN 202011502310 A CN202011502310 A CN 202011502310A CN 112882763 A CN112882763 A CN 112882763A
- Authority
- CN
- China
- Prior art keywords
- service
- dependency
- rdf
- dependency relationship
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000004590 computer program Methods 0.000 claims description 10
- 230000001419 dependent effect Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 6
- 230000036541 health Effects 0.000 claims description 5
- 230000000007 visual effect Effects 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 13
- 238000013461 design Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 3
- 238000004883 computer application Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003862 health status Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9532—Query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses an access control method, an access control device, access control equipment and a readable storage medium, wherein the method comprises the following steps: under the condition that a first service sends an access request to a second service, acquiring the actual dependency relationship between the first service and the second service; inquiring a local RDF configuration file to obtain target dependency description of a first service and a second service; judging whether the actual dependency relationship is matched with the target dependency description; if so, releasing the access request; if not, the access request is intercepted. According to the method, under the condition that the dependency description recorded by the RDF configuration file is not met, the related access request can be effectively intercepted, and the uncontrollable influence on the whole service architecture caused by the service which is not met with the dependency specification can be avoided. Namely, the method can enable the dependency relationship between the services to be more standard, and enable the whole service architecture to be more stable and controllable.
Description
Technical Field
The present invention relates to the field of computer application technologies, and in particular, to an access control method, apparatus, device, and readable storage medium.
Background
The internet has evolved into a basic resource where more and more services are moved online and the competition on the line is intensified.
In order to adapt to the rapid development of business, the technology iteration is required to be fast, and the service is a very important means for realizing the rapid iteration. Specifically, a large number of general functions are sunk as services, the services are continuously split, front-end applications are quickly assembled according to different business forms, a faster development speed is realized through a service assembly and aggregation mode, and the front end can be lighter. The finer the breaking of services, the smaller the granularity of the services, the better the assemblability.
As services are torn down smaller and smaller, microservices appear. With the development of business, platforms are becoming larger and larger, and thus, the number of services is growing toward an uncontrollable scale. However, the explosive growth of the number of services presents significant challenges for service management and online governance. In particular, when the development is not standardized, the wrong dependency relationship between services may cause an uncontrollable chain reaction, so that the service architecture is uncontrollable.
In summary, how to effectively solve the problems of service management and the like is a technical problem that needs to be solved urgently by those skilled in the art at present.
Disclosure of Invention
The invention aims to provide an access control method, an access control device, an access control equipment and a readable storage medium, through an RDF configuration file, only under the condition that the dependency relationship between two services conforms to the dependency description in the RDF configuration file, the access between the services is allowed, so that the dependency relationship can be restrained, and the problem that the whole service architecture is uncontrollable due to the fact that the dependency relationship of the services does not conform to the architecture specification design is avoided.
In order to solve the technical problems, the invention provides the following technical scheme:
an access control method comprising:
under the condition that a first service sends an access request to a second service, acquiring the actual dependency relationship between the first service and the second service;
querying a local RDF configuration file to obtain target dependency description of the first service and the second service;
judging whether the actual dependency relationship is matched with the target dependency description;
if so, releasing the access request; if not, intercepting the access request.
Preferably, the method further comprises the following steps:
receiving a dependent query request;
querying the RDF configuration file to obtain an appointed dependency description corresponding to the dependency query request;
and displaying the specified dependency description on a visual interface.
Preferably, after intercepting the access request, the method further comprises:
feeding back an error code to the first service.
Preferably, the process of obtaining the RDF configuration file includes:
receiving the sent RDF content;
analyzing the RDF content to obtain the RDF configuration file; the RDF configuration file comprises an ontology, a dependency service and a dependency.
Preferably, parsing the RDF content to obtain the RDF configuration file includes:
analyzing the RDF content to obtain an ontology definition and a dependency relationship definition;
analyzing the ontology and the dependency relationship service from the RDF content based on the ontology definition, and storing the ontology and the dependency relationship service into an ontology library;
and analyzing the dependency relationship from the RDF content based on the dependency relationship definition, and storing the dependency relationship into a relational database in a triple mode.
Preferably, the method further comprises the following steps:
acquiring new RDF content by utilizing long connection with a service management system;
and updating the RDF configuration file by using the new RDF content.
Preferably, the method further comprises the following steps:
and sending heartbeat data to the service management system at regular time to report the current health state.
An access control device comprising:
the system comprises a dependency relationship acquisition module, a dependency relationship acquisition module and a dependency relationship acquisition module, wherein the dependency relationship acquisition module is used for acquiring the actual dependency relationship between a first service and a second service when the first service sends an access request to the second service;
the dependency description acquisition module is used for inquiring a local RDF configuration file to obtain a target dependency description of the first service and the second service;
the judging module is used for judging whether the actual dependency relationship is matched with the target dependency description;
the access request control module is used for releasing the access request if the actual dependency relationship is matched with the target dependency description; and if the actual dependency relationship is not matched with the target dependency description, intercepting the access request.
An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the above access control method when executing the computer program.
A readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the above-mentioned access control method.
By applying the method provided by the embodiment of the invention, the actual dependency relationship between the first service and the second service is obtained under the condition that the first service sends an access request to the second service; inquiring a local RDF configuration file to obtain target dependency description of a first service and a second service; judging whether the actual dependency relationship is matched with the target dependency description; if so, releasing the access request; if not, the access request is intercepted.
In the method, in order to standardize the dependency relationship among the services and avoid the occurrence of the dependency relationship which does not conform to the architecture design specification, the RDF configuration file-based dependency description among the services is provided for storing the dependency description among the services to carry out the specification control on the access. Because the configured format is the format of RDF, the dependency relationship between the services has more semantic, and the SPARQL language can be used for semantic query, so that the dependency relationship between the services is more definite. That is to say, under the condition that the first service needs to access the second service, the actual dependency relationship between the first service and the second service is obtained, and the target dependency description of the first service and the second service can be obtained by querying the local RDF configuration file. Then, allowing the first service to access the second service through the access request under the condition that the actual dependency relationship is matched with the target dependency description; in the event that the actual dependency does not match the target dependency description, the first service is prohibited from accessing the second service. Therefore, even if the architecture specification is not met, namely the dependency description recorded by the RDF configuration file is not met, the relevant access request can be effectively intercepted, and the uncontrollable influence on the whole service architecture caused by the service which is not met with the dependency specification can be avoided. Namely, the method can enable the dependency relationship between the services to be more standard, and enable the whole service architecture to be more stable and controllable.
Accordingly, embodiments of the present invention further provide an access control apparatus, a device, and a readable storage medium corresponding to the access control method, which have the above technical effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an access control method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an access control apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of an access control method according to an embodiment of the present invention, where the method includes the following steps:
s101, under the condition that the first service sends an access request to the second service, acquiring an actual dependency relationship between the first service and the second service.
It should be noted that the access control method provided in the embodiment of the present invention may be used in a component of a local side of a first service, may also be applied in a component of a local side of a second service, and may also be used in a component capable of intercepting and passing an access request between the first service and the second service. Preferably, the access control method provided by the embodiment of the present invention can be applied to a ribbon, which is a load balancing component that plays an important role in a service hierarchy, and has multiple load policies, default polling, configurable timeout retry, and the like. The method is realized by expanding the ribbon, and the service management platform is accessed in a mode that the service code is not invaded, so that the implementation landing cost is reduced.
The first service and the second service may be embodied as micro services. In the embodiment of the present invention, for convenience of description, a service that issues an access request is referred to as a first service, and a service that the first service requests access is referred to as a second service. That is, the first and second services corresponding to the first service and the second service are only used for distinguishing the existence of the two services, and do not mean that the two services exist in sequence, primary and secondary, and the like. Any one of the services in the service architecture can be used as the first service and the second service.
Specifically, the first service may be monitored to discover that the first service sends the access request to the second service, and certainly, the first service may also send the access request to the second service by monitoring a transfer link such as forwarding the access request sent by the first service. The access request may specifically be a REST request, REST (Representational State Transfer, abbreviated as REST), and Representational State Transfer, which is a design and development manner for network applications, and may reduce complexity of development and improve scalability of a system.
In the software engineering object model, a dependency describes a semantic connection between two model elements (class, use case, etc.): one of the model elements is independent and the other model element is not independent, and depends on the independent model element, and if the independent model element changes, the model element depending on the independent model element is influenced. For example: a class uses objects of another class as parameters for operations, a class uses objects of another class as its data members, a class sends messages to another class, etc., there are dependencies between such two classes.
In a class diagram of UML (Unified Modeling Language), two classes of dependency relationships are connected by a dotted line with arrows pointing to the independent classes. Labels are marked on the dashed lines to specify the type of dependency.
The dependency relationship includes two types of data dependency and function dependency, and the function dependency can be subdivided into multiple types.
In case that the first service is found to issue an access request to the second service, the actual dependency relationship between the first service and the second service can be obtained. Specifically, the dependency setting of the first service may be obtained by analyzing the first service. Of course, the dependency relationship between the first service and the related service may be pre-stored in advance, and the actual dependency relationship may be directly obtained by directly reading from the pre-stored location.
S102, inquiring a local RDF configuration file to obtain target dependency description of the first service and the second service.
Wherein, rdf (resource Description frame): namely a resource description framework, which is essentially a Data Model (Data Model). It provides a uniform standard for describing entities/resources. Briefly, RDF is a method and means for representing things. The EDF configuration file is a configuration file identified by an EDF method. The configuration file has dependency description stored therein.
Because the configured format is the format of RDF, the dependency relationship between the services has more semantic, and the SPARQL language can be used for semantic query, so that the dependency relationship between the services is more definite. Where SPARQL refers to a Query Language used in the resource description framework, SPARQL is a recursive abbreviation representing SPARQL Protocol and RDF Query Language (SPARQL Protocol and RDF Query Language).
That is, the SPARQL language can be directly used to query the local RDF configuration file, so as to obtain the target dependency description of the first service and the second service.
It should be noted that the target dependency description is a description describing the dependency situation configured for the first service and the second service. The target dependency description may indicate that the first service does not have a dependency relationship with the second service, or may indicate that the first service has a dependency relationship with the second service and indicates a dependency type or a situation. The target can be configured according to actual requirements depending on the specific situation described.
The RDF configuration file may specifically be a configuration file placed locally in advance, or may also be a configuration file acquired from a service administration system (service administration platform) and stored locally. Wherein, service governance (SOA grace): the procedures implemented to ensure that things are done successfully include best practices, architectural principles, governance regulations, laws, and other determinative factors. Service governance refers to the process used to manage the adoption and implementation of SOAs.
Specifically, a developer can comb the existing services, comb the hierarchy and the dependency relationship among the micro services according to a micro service architecture methodology, and perform ontology modeling on the relationship among the services. And obtaining the RDF configuration file and storing the RDF configuration file in a local storage space corresponding to each service.
Of course, the corresponding modeling result can be uploaded to the service governance system through the file format of the RDF. And then the service management system carries out regular verification on the uploaded RDF file, verifies whether the RDF file meets the RDF specification or not, and transmits the RDF content analyzed by the RDF to the dependent service.
In a specific embodiment of the present invention, for convenience of management, the RDF configuration file may be sent to each service in a service administration system, so as to implement the standard control of the service based on the dependency in the service administration system. Taking receiving the RDF content sent by the service administration system as an example, the following process for obtaining the RDF configuration file includes:
step one, receiving RDF content sent by a service management system.
The service administration system may send RDF content to the service that needs to be configured dependent according to the dependent configuration. The RDF content is the dependent configuration information in the RDF format.
Step two, analyzing the RDF content to obtain an RDF configuration file; the RDF configuration file comprises an ontology, a dependency service and a dependency.
After the RDF content is received, the RDF content can be analyzed, and finally the RDF configuration file is obtained.
In particular, the RDF configuration file includes an ontology, a dependency service, and dependencies. The ontology, the dependency service and the dependency in the RDF configuration file may be stored in the same library, or may be stored in different libraries in a classified and dispersed manner for query.
Specifically, the analyzing the RDF content in the above steps to obtain the RDF configuration file may specifically include:
step 1, analyzing RDF content to obtain an ontology definition and a dependency relationship definition;
step 2, analyzing the ontology and the dependency relationship service from the RDF content based on the ontology definition, and storing the ontology and the dependency relationship service into an ontology library;
and 3, analyzing the dependency relationship of the service from the RDF content based on the dependency relationship definition, and storing the dependency relationship into a relational database in a triple mode.
For convenience of description, the above-described 3 steps will be described in combination.
And analyzing the RDF content to obtain an ontology definition and a dependency relationship definition. Then, the ontology and the dependency service can be analyzed from the RDF content based on the ontology definition, and the ontology and the dependency service are stored in the ontology library. Based on the dependency relationship definition, the dependency relationship of the service can be analyzed from the RDF content, and the dependency relationship is stored in the relational database in a triple mode for facilitating query. The specific definition and content of the triple mode may be defined and implemented with reference to the format specification of RDF, which is not described herein any more.
Preferably, in an embodiment of the present invention, the RDF configuration file may be updated, considering that in practical applications, as the requirement is updated, or the version is iterated, the dependency relationship between the services is also updated. The specific updating process comprises the following steps:
step one, acquiring new RDF content by utilizing long connection with a service management system;
and step two, updating the RDF configuration file by using the new RDF content.
That is, a long connection may be maintained with the service administration system, and new RDF content may then be retrieved based on the long connection. The RDF configuration file may then be updated with the new RDF content. Specifically, the new RDF content is analyzed to obtain a new ontology, a new dependency service and a new dependency, and then the existing ontology, dependency service and dependency are updated or supplemented based on the new ontology, the new dependency service and the new dependency.
Preferably, in order to facilitate the service management system to know the health status of each service, heartbeat data can be sent to the service management system at regular time to report the current health status. Therefore, the user can know the health state of each service through the service administration system.
S103, judging whether the actual dependency relationship is matched with the target dependency description.
After the actual dependency relationship and the target dependency description are obtained, whether the actual dependency relationship is matched with the target dependency description can be determined by comparing. Specifically, if the target dependency description correspondingly describes the actual dependency relationship, determining that the actual dependency relationship is matched with the target dependency description; otherwise, the actual dependency relationship is determined not to match the target dependency description. That is, by querying the local RDF profile with APARQL and looking at the actual dependencies between the first service and the second service, it can be determined whether the actual dependencies between the first service and the second service match the descriptions in the profile.
After the result of whether the access request is matched with the access request is obtained, the access request can be controlled and processed according to different results. Specifically, when the determination result is yes, the operation of step S104 is performed, and when the determination result is no, the operation of step S105 is performed.
S104, the access request is released.
When the actual dependency between the first service and the second service matches the target dependency description in the RDF configuration file, it is determined that the actual dependency between the first service and the second service conforms to the configuration. At this time, the first service is allowed to access the second service by using the access request, that is, the access request can be released.
And S105, intercepting the access request.
When the actual dependency between the first service and the second service does not match the target dependency description in the RDF configuration file, it is determined that the actual dependency between the first service and the second service does not conform to the configuration. At this time, the first service is prohibited from accessing the second service by using the access request, that is, the access request can be intercepted, so as to avoid uncontrollable influence on the whole service architecture caused by access which is generated due to the fact that the actual dependency relationship does not conform to the configuration.
Preferably, after intercepting the access request, an error code may also be fed back to the first service. Therefore, the first service can know that the access fails, and long-term waiting for the access result is avoided. Of course, after the first service receives the error code, the relevant personnel can also know that the actual dependency relationship and configuration of the current first service and the second service are not consistent through a direct output or reporting mode, so as to adjust in time.
By applying the method provided by the embodiment of the invention, the actual dependency relationship between the first service and the second service is obtained under the condition that the first service sends an access request to the second service; inquiring a local RDF configuration file to obtain target dependency description of a first service and a second service; judging whether the actual dependency relationship is matched with the target dependency description; if so, releasing the access request; if not, the access request is intercepted.
In the method, in order to standardize the dependency relationship among the services and avoid the occurrence of the dependency relationship which does not conform to the architecture design specification, the RDF configuration file-based dependency description among the services is provided for storing the dependency description among the services to carry out the specification control on the access. Because the configured format is the format of RDF, the dependency relationship between the services has more semantic, and the SPARQL language can be used for semantic query, so that the dependency relationship between the services is more definite. That is to say, under the condition that the first service needs to access the second service, the actual dependency relationship between the first service and the second service is obtained, and the target dependency description of the first service and the second service can be obtained by querying the local RDF configuration file. Then, allowing the first service to access the second service through the access request under the condition that the actual dependency relationship is matched with the target dependency description; in the event that the actual dependency does not match the target dependency description, the first service is prohibited from accessing the second service. Therefore, even if the architecture specification is not met, namely the dependency description recorded by the RDF configuration file is not met, the relevant access request can be effectively intercepted, and the uncontrollable influence on the whole service architecture caused by the service which is not met with the dependency specification can be avoided. Namely, the method can enable the dependency relationship between the services to be more standard, and enable the whole service architecture to be more stable and controllable.
It should be noted that, based on the above embodiments, the embodiments of the present invention also provide corresponding improvements. In the preferred/improved embodiment, the same steps as those in the above embodiment or corresponding steps may be referred to each other, and corresponding advantageous effects may also be referred to each other, which are not described in detail in the preferred/improved embodiment herein.
In a specific embodiment of the present invention, in order to facilitate developers to better plan the dependency relationship between services, on the basis of the above embodiment, it is further possible to add a view to existing configured dependencies. The specific implementation process comprises the following steps:
step one, receiving a dependent query request;
querying the RDF configuration file to obtain a specified dependency description corresponding to the dependency query request;
and step three, displaying the specified dependency description on a visual interface.
For convenience of description, the above three steps will be described in combination.
After receiving the dependent query request, the dependent query request may be first parsed to obtain the dependencies between which services need to be queried. After determining which services need to be queried, the local RDF configuration file can be queried to obtain a specified dependency description corresponding to the dependency query request. The specified dependency description may then be displayed on a visualization interface. Preferably, after the specified dependency description is obtained, it can be converted into a dependency relationship for the convenience of viewing by the user, and then the dependency relationship is displayed.
Corresponding to the above method embodiment, the embodiment of the present invention further provides an access control device, and the access control device described below and the access control method described above may be referred to in correspondence with each other.
Referring to fig. 2, the apparatus includes the following modules:
a dependency relationship obtaining module 101, configured to obtain an actual dependency relationship between a first service and a second service when the first service sends an access request to the second service;
the dependency description acquisition module 102 is configured to query a local RDF configuration file to obtain a target dependency description of the first service and the second service;
the judging module 103 is configured to judge whether the actual dependency relationship matches the target dependency description;
an access request control module 104, configured to release the access request if the actual dependency relationship matches the target dependency description; and if the actual dependency relationship is not matched with the target dependency description, intercepting the access request.
By applying the device provided by the embodiment of the invention, the actual dependency relationship between the first service and the second service is obtained under the condition that the first service sends an access request to the second service; inquiring a local RDF configuration file to obtain target dependency description of a first service and a second service; judging whether the actual dependency relationship is matched with the target dependency description; if so, releasing the access request; if not, the access request is intercepted.
In the device, in order to standardize the dependency relationship among the services and avoid the occurrence of the dependency relationship which does not conform to the architecture design specification, the RDF configuration file is used for storing the dependency description among the services to carry out the specification control on the access. Because the configured format is the format of RDF, the dependency relationship between the services has more semantic, and the SPARQL language can be used for semantic query, so that the dependency relationship between the services is more definite. That is to say, under the condition that the first service needs to access the second service, the actual dependency relationship between the first service and the second service is obtained, and the target dependency description of the first service and the second service can be obtained by querying the local RDF configuration file. Then, allowing the first service to access the second service through the access request under the condition that the actual dependency relationship is matched with the target dependency description; in the event that the actual dependency does not match the target dependency description, the first service is prohibited from accessing the second service. Therefore, even if the architecture specification is not met, namely the dependency description recorded by the RDF configuration file is not met, the relevant access request can be effectively intercepted, and the uncontrollable influence on the whole service architecture caused by the service which is not met with the dependency specification can be avoided. Namely, the device can enable the dependency relationship between the services to be more standard, and enable the whole service architecture to be more stable and controllable.
In one embodiment of the present invention, the method further comprises:
a query module for receiving a dependent query request; querying the RDF configuration file to obtain a specified dependency description corresponding to the dependency query request; and displaying the specified dependency description on a visual interface.
In one embodiment of the present invention, the method further comprises:
and the error feedback module is used for feeding back an error code to the first service after the access request is intercepted.
In a specific embodiment of the present invention, the configuration file obtaining module is configured to receive RDF content; analyzing the RDF content to obtain an RDF configuration file; the RDF configuration file comprises an ontology, a dependency service and a dependency.
In a specific embodiment of the present invention, the configuration file obtaining module is specifically configured to analyze RDF content to obtain an ontology definition and a dependency relationship definition; analyzing an ontology and a dependency relationship service from RDF content based on the ontology definition, and storing the ontology and the dependency relationship service in an ontology library; and analyzing the dependency relationship of the service from the RDF content based on the dependency relationship definition, and storing the dependency relationship into a relational database in a triple mode.
In one embodiment of the present invention, the method further comprises:
the configuration updating module is used for acquiring new RDF content by utilizing long connection with the service management system; and updating the RDF configuration file by using the new RDF content.
In one embodiment of the present invention, the method further comprises:
and the health condition feedback module is used for sending heartbeat data to the service management system at regular time to report the current health state.
Corresponding to the above method embodiment, an embodiment of the present invention further provides an electronic device, and a piece of electronic device described below and a piece of access control method described above may be referred to in correspondence.
Referring to fig. 3, the electronic device includes:
a memory 332 for storing a computer program;
a processor 322 for implementing the steps of the access control method of the above-described method embodiments when executing the computer program.
Specifically, referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device provided in this embodiment, which may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer applications 342 or data 344. Memory 332 may be, among other things, transient or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301.
The electronic device 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341.
The steps in the access control method described above may be implemented by the structure of the electronic device.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a readable storage medium, and a readable storage medium described below and an access control method described above may be referred to in correspondence with each other.
A readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the access control method of the above-mentioned method embodiments.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Claims (10)
1. An access control method, comprising:
under the condition that a first service sends an access request to a second service, acquiring the actual dependency relationship between the first service and the second service;
querying a local RDF configuration file to obtain target dependency description of the first service and the second service;
judging whether the actual dependency relationship is matched with the target dependency description;
if so, releasing the access request; if not, intercepting the access request.
2. The access control method according to claim 1, further comprising:
receiving a dependent query request;
querying the RDF configuration file to obtain an appointed dependency description corresponding to the dependency query request;
and displaying the specified dependency description on a visual interface.
3. The access control method of claim 1, further comprising, after intercepting the access request:
feeding back an error code to the first service.
4. The access control method according to any one of claims 1 to 3, wherein the process of obtaining the RDF profile comprises:
receiving RDF content;
analyzing the RDF content to obtain the RDF configuration file; the RDF configuration file comprises an ontology, a dependency service and a dependency.
5. The access control method of claim 4, wherein parsing the RDF content to obtain the RDF configuration file comprises:
analyzing the RDF content to obtain an ontology definition and a dependency relationship definition;
analyzing the ontology and the dependency relationship service from the RDF content based on the ontology definition, and storing the ontology and the dependency relationship service into an ontology library;
and analyzing the dependency relationship from the RDF content based on the dependency relationship definition, and storing the dependency relationship into a relational database in a triple mode.
6. The access control method according to claim 4, further comprising:
acquiring new RDF content by utilizing long connection with a service management system;
and updating the RDF configuration file by using the new RDF content.
7. The access control method according to claim 4, further comprising:
and sending heartbeat data to the service management system at regular time to report the current health state.
8. An access control apparatus, comprising:
the system comprises a dependency relationship acquisition module, a dependency relationship acquisition module and a dependency relationship acquisition module, wherein the dependency relationship acquisition module is used for acquiring the actual dependency relationship between a first service and a second service when the first service sends an access request to the second service;
the dependency description acquisition module is used for inquiring a local RDF configuration file to obtain a target dependency description of the first service and the second service;
the judging module is used for judging whether the actual dependency relationship is matched with the target dependency description;
the access request control module is used for releasing the access request if the actual dependency relationship is matched with the target dependency description; and if the actual dependency relationship is not matched with the target dependency description, intercepting the access request.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the access control method according to any one of claims 1 to 7 when executing the computer program.
10. A readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the access control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011502310.5A CN112882763A (en) | 2020-12-17 | 2020-12-17 | Access control method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011502310.5A CN112882763A (en) | 2020-12-17 | 2020-12-17 | Access control method, device, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112882763A true CN112882763A (en) | 2021-06-01 |
Family
ID=76043303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011502310.5A Pending CN112882763A (en) | 2020-12-17 | 2020-12-17 | Access control method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112882763A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113900663A (en) * | 2021-12-08 | 2022-01-07 | 阿里云计算有限公司 | Data processing method and device |
| CN115348209A (en) * | 2022-10-18 | 2022-11-15 | 江西锦路科技开发有限公司 | Flow control method and device of API (application program interface), electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567055A (en) * | 2010-12-23 | 2012-07-11 | 微软公司 | Satisfying application dependencies |
| US20140372630A1 (en) * | 2013-06-12 | 2014-12-18 | International Business Machines Corporation | Service oriented architecture service dependency determination |
| CN109033260A (en) * | 2018-07-06 | 2018-12-18 | 天津大学 | Knowledge mapping Interactive Visualization querying method based on RDF |
| CN110636093A (en) * | 2018-06-25 | 2019-12-31 | 中兴通讯股份有限公司 | Microservice registration and discovery method, microservice registration and discovery device, storage medium and microservice system |
-
2020
- 2020-12-17 CN CN202011502310.5A patent/CN112882763A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567055A (en) * | 2010-12-23 | 2012-07-11 | 微软公司 | Satisfying application dependencies |
| US20140372630A1 (en) * | 2013-06-12 | 2014-12-18 | International Business Machines Corporation | Service oriented architecture service dependency determination |
| CN110636093A (en) * | 2018-06-25 | 2019-12-31 | 中兴通讯股份有限公司 | Microservice registration and discovery method, microservice registration and discovery device, storage medium and microservice system |
| CN109033260A (en) * | 2018-07-06 | 2018-12-18 | 天津大学 | Knowledge mapping Interactive Visualization querying method based on RDF |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113900663A (en) * | 2021-12-08 | 2022-01-07 | 阿里云计算有限公司 | Data processing method and device |
| CN115348209A (en) * | 2022-10-18 | 2022-11-15 | 江西锦路科技开发有限公司 | Flow control method and device of API (application program interface), electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11055302B2 (en) | Method and system for implementing target model configuration metadata for a log analytics system | |
| CN108108297B (en) | Method and device for automatic testing | |
| US8171465B2 (en) | Applicable patch selection device and applicable patch selection method | |
| EP2808790B1 (en) | Migration assessment for cloud computing platforms | |
| CN108874558B (en) | Message subscription method of distributed transaction, electronic device and readable storage medium | |
| US7711625B2 (en) | Asynchronous events in meta-data driven instrumentation | |
| CN112882763A (en) | Access control method, device, equipment and readable storage medium | |
| US9021456B2 (en) | Using collaborative annotations to specify real-time process flows and system constraints | |
| CN111651196B (en) | Document issuing method, device and server | |
| FI120286B (en) | A method and device arrangement for managing a server-client environment | |
| US7502822B2 (en) | Using collaborative annotations to specify real-time process flows and system constraints | |
| CN114020368A (en) | Information processing method and device based on state machine and storage medium | |
| US20060136896A1 (en) | Real-time dynamic modification of service-oriented systems using annotations to specify real-time system constraints | |
| CN113297081A (en) | Execution method and device of continuous integration assembly line | |
| EP1710698A2 (en) | Generic software requirements analyser | |
| CN115220992A (en) | Interface change monitoring method and device, computer equipment and storage medium | |
| CN114035948A (en) | Distributed task scheduling method and system | |
| CN114461270A (en) | Project processing method and device | |
| CN113886215A (en) | Interface test method, device and storage medium | |
| US9552203B1 (en) | Configuration dependency manager for configurable applications | |
| CN114428710B (en) | Queue state checking method and device and electronic equipment | |
| CN116109112B (en) | Service data processing method, device, medium and equipment based on aggregation interface | |
| KR102668343B1 (en) | Method for managing interface, interface governance system, and a storage medium storing a computer-executable program to manage the interface | |
| EP2434441A1 (en) | Method for determining a supported connectivity between applications | |
| Fanjiang et al. | Automatic data logging and quality analysis system for mobile devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210601 |