CN113721893A - Micro-service bus design method and device - Google Patents

Micro-service bus design method and device Download PDF

Info

Publication number
CN113721893A
CN113721893A CN202111004188.3A CN202111004188A CN113721893A CN 113721893 A CN113721893 A CN 113721893A CN 202111004188 A CN202111004188 A CN 202111004188A CN 113721893 A CN113721893 A CN 113721893A
Authority
CN
China
Prior art keywords
service
micro
client
bus
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111004188.3A
Other languages
Chinese (zh)
Inventor
钱俊平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
United Life Insurance Co ltd
Original Assignee
United Life Insurance Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by United Life Insurance Co ltd filed Critical United Life Insurance Co ltd
Priority to CN202111004188.3A priority Critical patent/CN113721893A/en
Publication of CN113721893A publication Critical patent/CN113721893A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a micro service bus design method and a device, which are applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service; forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule; the microservice bus carries out client security verification according to the client request information; and under the condition that the security check and the user identity check pass, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing. According to the method, the standard of the micro-service of the container cloud platform for providing the service to the outside is standardized, the micro-service bus is used for processing basic functions of safety, calling distribution, user verification and the like of the external service, and then the network service request is routed to the corresponding service micro-service to execute service processing.

Description

Micro-service bus design method and device
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a method and an apparatus for designing a micro service bus.
Background
Microservice is a software development technique that is a variant of the SOA (Service-Oriented Architecture) architectural style that constructs applications as a set of loosely coupled services. In the microservice architecture, services are fine-grained and protocols are lightweight. In a traditional micro-service architecture, basic functions of security, call distribution, user verification and the like of external services are supported by distributed services, so that repeated development, multipoint error reporting of similar problems, multiple maintenance of similar codes and non-uniformity of security can be caused.
Therefore, a standard for standardizing the micro-service of the container cloud platform to provide the service to the outside is urgently needed to be provided, basic functions of safety, calling and distribution, user verification and the like of the external service are delivered to a micro-service bus for processing, and the micro-service of the service is not directly opened to the outside.
Disclosure of Invention
In view of the problems in the foregoing, the present application provides a method and an apparatus for designing a micro service bus, which aim to standardize a standard for providing a service to the outside by a container cloud platform micro service, and give basic functions such as security, call distribution, user verification, and the like of the outside service to the micro service bus for processing, so that a service micro service is not directly opened to the outside.
In order to achieve the above object, the present application provides the following technical solutions:
a micro service bus design method is applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, and the method comprises the following steps:
receiving a network service request sent by a client, wherein the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp and service request object;
forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule;
the microservice bus carries out client security verification according to the client request information;
under the condition that the security verification is passed, the micro service bus verifies the user identity of the client;
and under the condition that the user identity is verified to be passed, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing.
Further, the routing, by the cluster LB, the network service request to the micro service bus according to a preconfigured access rule includes:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
Further, the micro service bus performs client security check according to the client request information, including:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
Further, the checking the user identity of the client by the micro service bus includes:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
A micro service bus design device is applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, and the device comprises:
a first processing unit, configured to receive a network service request sent by a client, where the network service request includes client request information, and the client request information includes: user ID, user TOKEN, timestamp and service request object;
the second processing unit is used for forwarding the network service request to the container cluster, and the cluster LB routes the network service request to the micro service bus according to a pre-configured access rule;
the third processing unit is used for carrying out client security verification on the micro service bus according to the client request information;
the fourth processing unit is used for verifying the user identity of the client by the micro service bus under the condition that the security verification is passed;
and the fifth processing unit is used for routing the network service request to the corresponding service micro service by the micro service bus to execute service processing under the condition that the user identity passes verification.
Further, the second processing unit is specifically configured to:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
Further, the third processing unit is specifically configured to:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
Further, the fourth processing unit is specifically configured to:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
A storage medium comprising a stored program, wherein a device on which the storage medium is located is controlled to perform the microservice bus design method as described above when the program is run.
An electronic device comprising at least one processor, and at least one memory, bus connected with the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the micro service bus design method.
The micro service bus design method and device provided by the application are applied to a container cluster, the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, a network service request sent by a client is received, the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp and service request object; forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule; the microservice bus carries out client security verification according to the client request information; and under the condition that the security check and the user identity check pass, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing. According to the method, the standard of the micro-service of the container cloud platform for providing the service to the outside is standardized, the micro-service bus is used for processing basic functions of safety, calling distribution, user verification and the like of the external service, and then the network service request is routed to the corresponding service micro-service to execute service processing.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of an API Gateway structure disclosed in the prior art;
FIG. 2 is a schematic diagram of a micro service bus architecture according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart illustrating a method for designing a micro service bus according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of a micro service bus design apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device disclosed in an embodiment of the present application.
Detailed Description
The applicant found in research that the following problems may exist if the client calls the microservice directly:
1) the number of micro-services invoked by a mobile client or a web client may be very large. For example, amazon's product end page may request hundreds of microservices. Although a client can initiate many requests through a LAN, this is not efficient on the public network, which is especially problematic on the mobile internet and at the same time results in very complex client codes.
2) The protocol of the microservice may not be web friendly. One service may be the RPC protocol with thread and another service may be the AMQP message protocol, neither of which are browsing or firewall friendly and preferably used internally, whose application should be outside the firewall, using a protocol like HTTP or webscoket.
3) Over time, it may be necessary to change the current slicing scheme of the system microservice. For example, if it is desired to merge two services or split one service into multiple ones. However, if the client interacts directly with the microservice, such reconstruction is difficult to implement.
In order to avoid the above problem, an API Gateway structure as shown in fig. 1, Spring Cloud: the API Gateway can distribute a service request, but does not include a user system and a security system function of the business system. In addition, because the difference between the user systems and the security systems of various companies is large, and the Spring Cloud as the collection of the technical architecture cannot provide the customized function according with the actual situation of falling to the ground of the enterprise.
Therefore, as shown in fig. 2, a schematic diagram of a micro service bus architecture provided in the present application is shown. The application provides a scheme of little service bus, can compensate Spring Cloud: the API Gateway is used for standardizing a standard for providing services to the outside by the micro-service of the container cloud platform, and handing basic functions of security, call distribution, user verification and the like of the external services to a bus for processing, so that the micro-service of the service is not directly opened to the outside.
As shown in fig. 2, after the application initiates a network request, the network request is sent to a load balancing F5 through the internet, the load balancing F5 transfers the relevant request to the container cluster, and the cluster LB routes to the micro service bus according to the configured access rule; the method comprises the steps that a micro-service bus carries out client security verification according to request information of a client, wherein the request information of the client comprises a user id, a user token, a timestamp and a service request object; after the security verification is passed, the micro service bus verifies the user identity of the client; after the user identity passes the verification, the micro-service bus routes the specific request to the corresponding service micro-service.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 3 is a schematic flow chart of a method for designing a micro service bus according to an embodiment of the present disclosure. As shown in fig. 3, an embodiment of the present application provides a micro service bus design method, which is applied to the container cluster shown in fig. 2, where the container cluster includes a cluster LB, a micro service bus, and at least one service micro service, and the method includes the following steps:
s301: receiving a network service request sent by a client, wherein the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp, and service request object.
In this step, the network service request is sent by the user through the application end, and the network service request is sent to the load balancing F5 through the internet, and then forwarded to the container cluster through the load balancing F5.
S302: forwarding the web service request to the container cluster, and routing the web service request to the micro service bus by the cluster LB according to a pre-configured access rule.
In this step, the routing, by the cluster LB, the network service request to the micro service bus according to a preconfigured access rule includes: finding a corresponding micro service bus by the cluster LB through an address path in the network service request; routing the network service request to the microservice bus.
S303: and the micro service bus performs client security check according to the client request information.
In this step, the performing, by the microservice bus, the client security check according to the client request information includes: and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
It should be noted that the client security check includes a unified message tamper-proof check and a unified message encryption/decryption check, where the unified message tamper-proof check mainly includes: the client side adds salt to two ends of the submitted message for summarization by adopting MD5 encryption, and puts summarized information into a request parameter sign; and after the background acquires the request message, executing the same salt adding abstract operation, and comparing the salt adding abstract operation with the abstract in the sign parameters. And if the request message is inconsistent with the request message, the request message is tampered, and the request is rejected. The unified message encryption and decryption verification mainly comprises the following steps: the request messages submitted to the background by the client are encrypted by a 3DES symmetric encryption algorithm; after the background receives the request message, the decryption key of the corresponding user is used for decryption
S304: and under the condition that the security verification is passed, the micro service bus verifies the user identity of the client.
In this step, the checking, by the micro service bus, the user identity of the client includes:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
It should be noted that the user identity check is a unified user check, that is: the micro service bus uniformly verifies the user ID, the user TOKEN, the timestamp and the service request object in the client request information transmitted by the client, and verifies whether the user has the authority of requesting the interface.
S305: and under the condition that the user identity is verified to be passed, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing.
The embodiment of the application provides a micro service bus design method, which is applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, and receives a network service request sent by a client, the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp and service request object; forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule; the microservice bus carries out client security verification according to the client request information; and under the condition that the security check and the user identity check pass, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing. According to the embodiment of the application, by standardizing the standard of the micro service of the container cloud platform for providing the service to the outside, the micro service bus is used for processing basic functions of safety, calling distribution, user verification and the like of the service to the outside, and then the network service request is routed to the corresponding service micro service to execute service processing.
Referring to fig. 4, based on the micro service bus design method disclosed in the foregoing embodiment, this embodiment correspondingly discloses a micro service bus design apparatus, which is applied to a container cluster, where the container cluster includes a cluster LB, a micro service bus, and at least one service micro service, and the apparatus includes:
a first processing unit 41, configured to receive a network service request sent by a client, where the network service request includes client request information, and the client request information includes: user ID, user TOKEN, timestamp and service request object;
a second processing unit 42, configured to forward the network service request to the container cluster, and route the network service request to the micro service bus by the cluster LB according to a preconfigured access rule;
a third processing unit 43, configured to perform client security check on the micro service bus according to the client request information;
a fourth processing unit 44, configured to, in a case that security verification passes, verify, by the micro service bus, a user identity of the client;
and a fifth processing unit 45, configured to, in a case that the user identity check passes, route the network service request to a corresponding service microservice by using the microservice bus to perform service processing.
Further, the second processing unit is specifically configured to:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
Further, the third processing unit is specifically configured to:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
Further, the fourth processing unit is specifically configured to:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
The micro-service bus design device comprises a processor and a memory, wherein the first processing unit, the second processing unit, the third processing unit, the fourth processing unit, the fifth processing unit and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the basic functions of handling the security, calling and distributing, user checking and the like of the external service by the micro service bus are achieved by adjusting kernel parameters.
The embodiment of the application provides a storage medium, wherein a program is stored on the storage medium, and the program realizes the design method of the micro service bus when being executed by a processor.
The embodiment of the application provides a processor, wherein the processor is used for running a program, and the micro service bus design method is executed when the program runs.
An electronic device 50 includes, as shown in fig. 5, at least one processor 501, at least one memory 502 connected to the processor, and a bus 503; the processor 501 and the memory 502 complete communication with each other through the bus 503; the processor 501 is used for calling the program instructions in the memory 502 to execute the micro service bus design method described above.
The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device:
receiving a network service request sent by a client, wherein the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp and service request object;
forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule;
the microservice bus carries out client security verification according to the client request information;
under the condition that the security verification is passed, the micro service bus verifies the user identity of the client;
and under the condition that the user identity is verified to be passed, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing.
Further, the routing, by the cluster LB, the network service request to the micro service bus according to a preconfigured access rule includes:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
Further, the micro service bus performs client security check according to the client request information, including:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
Further, the checking the user identity of the client by the micro service bus includes:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
The present application is described in terms of flowcharts and/or block diagrams of methods, apparatus (systems), computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A micro service bus design method is applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, and the method comprises the following steps:
receiving a network service request sent by a client, wherein the network service request comprises client request information, and the client request information comprises: user ID, user TOKEN, timestamp and service request object;
forwarding the network service request to the container cluster, and routing the network service request to the micro service bus by the cluster LB according to a pre-configured access rule;
the microservice bus carries out client security verification according to the client request information;
under the condition that the security verification is passed, the micro service bus verifies the user identity of the client;
and under the condition that the user identity is verified to be passed, the micro-service bus routes the network service request to the corresponding service micro-service to execute service processing.
2. The method of claim 1, wherein routing, by the cluster LB, the network service request to the micro-service bus according to a pre-configured access rule comprises:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
3. The method of claim 1, wherein the microservice bus performs a client security check based on the client request message, comprising:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
4. The method of claim 1, wherein the micro service bus verifies the user identity of the client, comprising:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
5. A micro service bus design device is applied to a container cluster, wherein the container cluster comprises a cluster LB, a micro service bus and at least one service micro service, and the device comprises:
a first processing unit, configured to receive a network service request sent by a client, where the network service request includes client request information, and the client request information includes: user ID, user TOKEN, timestamp and service request object;
the second processing unit is used for forwarding the network service request to the container cluster, and the cluster LB routes the network service request to the micro service bus according to a pre-configured access rule;
the third processing unit is used for carrying out client security verification on the micro service bus according to the client request information;
the fourth processing unit is used for verifying the user identity of the client by the micro service bus under the condition that the security verification is passed;
and the fifth processing unit is used for routing the network service request to the corresponding service micro service by the micro service bus to execute service processing under the condition that the user identity passes verification.
6. The apparatus according to claim 5, wherein the second processing unit is specifically configured to:
finding a corresponding micro service bus by the cluster LB through an address path in the network service request;
routing the network service request to the microservice bus.
7. The apparatus according to claim 5, wherein the third processing unit is specifically configured to:
and the micro service bus carries out security check on the client request information by adopting message tamper-proof check and message encryption and decryption check.
8. The apparatus according to claim 5, wherein the fourth processing unit is specifically configured to:
the micro service bus uniformly verifies whether the client request information transmitted by the client has the authority of requesting an interface to the user of the client or not so as to verify the user identity of the client.
9. A storage medium comprising a stored program, wherein the program, when executed, controls a device on which the storage medium is located to perform the microservice bus design method of any of claims 1-4.
10. An electronic device comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to invoke program instructions in the memory to perform the micro service bus design method of any of claims 1 to 4.
CN202111004188.3A 2021-08-30 2021-08-30 Micro-service bus design method and device Pending CN113721893A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111004188.3A CN113721893A (en) 2021-08-30 2021-08-30 Micro-service bus design method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111004188.3A CN113721893A (en) 2021-08-30 2021-08-30 Micro-service bus design method and device

Publications (1)

Publication Number Publication Date
CN113721893A true CN113721893A (en) 2021-11-30

Family

ID=78679000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111004188.3A Pending CN113721893A (en) 2021-08-30 2021-08-30 Micro-service bus design method and device

Country Status (1)

Country Link
CN (1) CN113721893A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374735A (en) * 2021-12-30 2022-04-19 苏州中科先进技术研究院有限公司 Micro-service bus system and block data commanding and scheduling platform
CN115665265A (en) * 2022-12-29 2023-01-31 国家超级计算天津中心 Request processing method, device, equipment, storage medium and system
CN116821944A (en) * 2023-08-31 2023-09-29 中电安世(成都)科技有限公司 Data processing method and system based on data element

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374735A (en) * 2021-12-30 2022-04-19 苏州中科先进技术研究院有限公司 Micro-service bus system and block data commanding and scheduling platform
CN115665265A (en) * 2022-12-29 2023-01-31 国家超级计算天津中心 Request processing method, device, equipment, storage medium and system
CN115665265B (en) * 2022-12-29 2023-04-04 国家超级计算天津中心 Request processing method, device, equipment, storage medium and system
CN116821944A (en) * 2023-08-31 2023-09-29 中电安世(成都)科技有限公司 Data processing method and system based on data element
CN116821944B (en) * 2023-08-31 2023-11-14 中电安世(成都)科技有限公司 Data processing method and system based on data element

Similar Documents

Publication Publication Date Title
US11647010B2 (en) Single sign-on access to cloud applications
Chandramouli Microservices-based application systems
CN111541785B (en) Block chain data processing method and device based on cloud computing
EP2947569B1 (en) Hybrid applications operating between on-premise and cloud platforms
US9787697B2 (en) Providing security services within a cloud computing environment
CN113721893A (en) Micro-service bus design method and device
US11120107B2 (en) Managing content delivery to client devices
US9548897B2 (en) Network entity registry for network entity handles included in network traffic policies enforced for a provider network
US9544288B2 (en) Messaging gateway
EP2989776A1 (en) System and method for creating a development and operational platform for mobile applications
US9912682B2 (en) Aggregation of network traffic source behavior data across network-based endpoints
CN113157648A (en) Block chain based distributed data storage method, device, node and system
Seth et al. Analytical assessment of security mechanisms of cloud environment
CN113811873A (en) Distribution of security credentials
Saini et al. E2EE for data security for hybrid cloud services: a novel approach
US20220108031A1 (en) Cloud Core Architecture for Managing Data Privacy
US10594703B2 (en) Taint mechanism for messaging system
US11349663B2 (en) Secure workload configuration
US11716354B2 (en) Determination of compliance with security technical implementation guide standards
Makris et al. Transition from monolithic to microservice-based applications. Challenges from the developer perspective
CN114598749A (en) Service access method and device
CN116055556A (en) Method, system, device and equipment for data exchange
US20180152340A1 (en) Managing a generation and delivery of digital identity documents
CN110278133B (en) Checking method, device, computing equipment and medium executed by server
US20220376924A1 (en) Header for conveying trustful client address

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination