CN113965383B - Tenant data access management method, device, equipment and storage medium - Google Patents
Tenant data access management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113965383B CN113965383B CN202111229483.9A CN202111229483A CN113965383B CN 113965383 B CN113965383 B CN 113965383B CN 202111229483 A CN202111229483 A CN 202111229483A CN 113965383 B CN113965383 B CN 113965383B
- Authority
- CN
- China
- Prior art keywords
- tenant
- metadata
- data access
- mode
- tenant data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 72
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000004590 computer program Methods 0.000 claims description 15
- 238000001914 filtration Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 13
- 238000011161 development Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 8
- 238000012423 maintenance Methods 0.000 description 7
- 239000011230 binding agent Substances 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000007943 implant Substances 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000009395 breeding Methods 0.000 description 1
- 230000001488 breeding effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The application discloses a tenant data access management method, device, equipment and storage medium, wherein firstly, tenant metadata of each tenant are respectively configured and tenant metadata access modes are increased under a preset directory of an application system; if at least two tenant data access requests are detected, intercepting the at least two tenant data access requests through a preset interceptor; after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode to be started corresponding to a target tenant data access request; and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with a target tenant data access request in the target tenant metadata management mode. The whole process is simple and easy to realize, and can support multi-tenant data access under various business scenes.
Description
Technical Field
The present disclosure relates to the field of device data processing technologies, and in particular, to a tenant data access management method, device, and storage medium.
Background
In the development process of the intelligent agriculture and intelligent planting and breeding integrated platform system, the same application service needs to be provided for different enterprises or organizations for use, and the enterprises or organizations in the application scene are called tenants. And managing the data of the tenants at the application end so that different tenants can independently access the data. However, before each tenant performs data resource operation, at the application layer, the identity of each tenant is dynamically identified, and the operable data resource range of each tenant is limited.
In the prior art, at an application program layer, modes of manual control of tenant fields, authentication interception control and the like are needed to realize mutual isolation of access data among tenants. The whole process is complex, inflexible and reliable, and cannot support multiple tenants in multiple business scenes to simultaneously perform data access operation.
Disclosure of Invention
The application provides a tenant data access management method, device, equipment and storage medium, which can support different tenants in a multi-service scene to perform data access operation simultaneously.
In a first aspect, the present application provides a data access management method, including:
under a preset directory of an application system, respectively configuring tenant metadata of each tenant and increasing access modes of the tenant metadata;
Detecting tenant data access requests sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor;
after the at least two tenant data access requests are successfully intercepted, determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes;
and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
In a second aspect, the present application further provides a tenant data access management apparatus, including:
the configuration module is used for respectively configuring tenant metadata of each tenant and increasing the access mode of the tenant metadata under the preset directory of the application system;
the system comprises an interception module, a server and a server, wherein the interception module is used for detecting tenant data access requests sent by the application system, and intercepting the at least two tenant data access requests through a preset interceptor if at least two tenant data access requests sent by the application system are detected;
The determining module is used for determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access mode after intercepting the at least two tenant data access requests;
the acquiring module is used for starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
In a third aspect, the present application further provides a tenant data access management device, including:
a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to execute the computer program and implement the steps of the tenant data access management method as described in the first aspect above when the computer program is executed.
In a fourth aspect, the present application further provides a computer readable storage medium storing a computer program, which when executed by a processor causes the processor to implement the steps of the tenant data access management method as described in the first aspect above.
The application discloses a tenant data access management method, device, equipment and storage medium, wherein firstly, tenant metadata of each tenant are respectively configured and tenant metadata access modes are increased under a preset directory of an application system; if at least two tenant data access requests are detected, intercepting the at least two tenant data access requests through a preset interceptor; after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode to be started corresponding to a target tenant data access request; and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with a target tenant data access request in the target tenant metadata management mode. The method comprises the steps of configuring tenant metadata under a preset catalog of an application system, adding a tenant metadata access mode, and combining an interceptor to intercept at least two tenant data access requests, so that target tenant metadata matched with the target tenant data access requests are obtained under the target tenant metadata access mode. The whole process is simple and easy to realize, and can support multi-tenant data access under various business scenes.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flowchart of a tenant data access management method provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a tenant data access management method provided in another embodiment of the present application;
fig. 3 is a schematic diagram of an access process of target tenant metadata in a filtering mode provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a tenant data access management apparatus provided in an embodiment of the present application;
fig. 5 is a schematic block diagram of a tenant data access management device provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment of the application provides a tenant data access management method, device, equipment and storage medium. According to the tenant data access management method provided by the embodiment of the application, firstly, under the preset directory of an application system, tenant metadata of each tenant are respectively configured, and the tenant metadata access mode is increased; if at least two tenant data access requests are detected, intercepting the at least two tenant data access requests through a preset interceptor; after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode to be started corresponding to a target tenant data access request; and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with a target tenant data access request in the target tenant metadata management mode. The method comprises the steps of configuring tenant metadata under a preset catalog of an application system, adding a tenant metadata access mode, and combining an interceptor to intercept at least two tenant data access requests, so that target tenant metadata matched with the target tenant data access requests are obtained under the target tenant metadata access mode. The whole process is simple and easy to realize, and can support multi-tenant data access under various business scenes.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a schematic flowchart of a tenant data access management method according to an embodiment of the present application. The tenant data access management method can be implemented by tenant data access management equipment, and the tenant data access management equipment can be deployed on a single server or a server cluster. The method can also be deployed in a handheld terminal, a notebook computer, a wearable device or a robot, etc.
Specifically, as shown in fig. 1, the tenant data access management method provided in the present embodiment includes steps S101 to S104. The details are as follows:
s101, under a preset directory of an application system, respectively configuring tenant metadata of each tenant and increasing access modes of the tenant metadata.
In the embodiment of the present application, the preset target of the application system may be a configuration center corresponding to each functional module in the application system. For example, the preset catalog of application systems may be a microservice system; specifically, tenant metadata can be configured for each tenant and access modes of the tenant metadata can be increased in a configuration center of the micro-service system.
The preset catalog of the application system includes a configuration center of the micro service system, and the configuring of tenant metadata of each tenant and increasing of access modes of the tenant metadata under the preset catalog of the application system include: initializing a storage module in a configuration center of the micro-service system to obtain a tenant space for storing tenant metadata; and configuring the tenant metadata and the tenant metadata access modes of each tenant according to the service module configuration modes, and storing the configured tenant metadata and the configured tenant metadata access modes of each tenant into the tenant space.
The configuration center of the micro service system has the functions of uniformly managing each micro service in the application system, carrying out configuration adjustment and configuration modification automatic refreshing according to the running condition of the system (micro service load condition and the like) under the condition of not stopping the service. In the embodiment of the application, the configuration center of the micro service system is used for configuring the tenant metadata for each tenant and adding the management model of each tenant metadata, so that the tenant metadata can be managed according to the specification of the configuration center of the micro service system, the dynamic management of the tenant is provided for the application system, the operation of filtering the tenant is not required to be carried out in the application development process, the decoupling of tenant metadata management and service processing is realized, and the tenant metadata is further stored in the configuration center of the micro service system, so that the maintenance and the upgrading are convenient.
The service module configuration mode includes a configuration management specification of a java configuration file, and the configuring of tenant metadata of each tenant and each tenant metadata access mode according to the service module configuration mode includes: based on the configuration management specification of the java configuration file, independently configuring tenant metadata for each tenant; and respectively configuring the metadata access modes of each tenant according to the tenant metadata of each tenant.
For example, tenant metadata for each tenant includes a KEY and a KEY VALUE for the configuration item; when the tenant metadata is configured for the query API of the order service, the KEY of the tenant metadata may be configured as a tenant. In addition, in order to improve the readability of the configured tenant metadata and the convenience of post maintenance. Illustratively, the VALUE of the tenant metadata configuration item may be configured using a JSON structure, with configuration fields including: at least one of core fields of management mode, task type, tenant data value, enabling state, maintainer information, and maintenance time.
The metadata access modes of each tenant comprise a non-tenant mode, an authentication mode, a task mode, an external service mode, a data loading mode and a data filtering mode.
Specifically, in the embodiment of the present application, a non-tenant mode is configured for a service scenario that does not require tenant distinction; aiming at a service scene needing identity authentication, configuring an authentication mode; aiming at a business scene requiring timing task processing data, configuring a task mode; exposing an interface to external service for the external service to use the service scene of the system data resource in the development process of the application program, and configuring the service scene as an external service mode; aiming at a business scene of loading tenant metadata from a configuration center to an application service memory, configuring the tenant metadata into a data loading mode; for a read request of an application program, a data filtering mode and the like are configured. For example, in the monitoring system, when the whole data needs to be analyzed, the non-tenant mode may be configured corresponding to a service scenario in which tenant does not need to be distinguished.
S102, detecting tenant data access requests sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor.
The preset interceptor comprises an SQL interceptor, and the SQL interceptor can dynamically implant target tenant metadata matched with the data access request into an SQL statement to be executed as a condition to intercept illegal data access requests and prevent illegal access to the tenant metadata.
In an exemplary embodiment, if at least two tenant data access requests sent by an application system are detected, intercepting, by a preset interceptor, the at least two tenant data access requests includes: if at least two tenant data access requests sent by the application system are detected, determining the tenant data access requests needing to be intercepted by the SQL interceptor, and intercepting the tenant data access requests needing to be intercepted.
Specifically, the determining, by the SQL interceptor, the tenant data access request to be intercepted, and intercepting the tenant data access request to be intercepted, includes: dynamically implanting tenant metadata carried by the at least two tenant data access requests into SQL sentences as conditions; executing the SQL sentence, and matching the tenant metadata carried by the at least two tenant data access requests with the pre-configured tenant metadata of each tenant; and determining the tenant data access request to be intercepted according to the matching result, and intercepting the tenant data access request to be intercepted.
Specifically, the tenant metadata comprise tenant identity information, and the tenant identity information in the tenant metadata carried by the at least two tenant data access requests is matched with the tenant identity information included in the pre-configured tenant metadata of each tenant; and determining the tenant data access request to be intercepted according to the matching result, and intercepting the tenant data access request to be intercepted.
The tenant data access request to be intercepted is an exemplary tenant data access request except for the target tenant data access request, and it can be understood that if tenant identity information in tenant metadata carried by the tenant data access request is not matched with tenant identity information included in the pre-configured tenant metadata of each tenant, the tenant data access request to be intercepted is determined, and if tenant identity information in tenant metadata carried by the tenant data access request is matched with tenant identity information included in the pre-configured tenant metadata of each tenant, the tenant data access request is determined to be the target tenant data access request.
S103, after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes.
Specifically, tenant metadata carried by the target tenant data access request may be matched from the pre-configured tenant metadata of each tenant, and a tenant metadata access mode corresponding to the target tenant data access request may be determined according to the tenant metadata carried by the matched target tenant data access request.
Illustratively, the tenant data access request carries a service scenario, and the tenant metadata access mode corresponding to the target tenant data access request can be determined according to the service scenario. The configuration center of the micro service system is preset with a mapping relation between a service scene and a tenant metadata access mode.
S104, starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
For example, assuming that the target tenant metadata access mode is an authentication mode, reading target tenant metadata in a tenant space such as a tent_space to a target tenant main body Binder (UT-Binder), if it is detected that the application system completes identity authentication, reading binding relationship data between a user and a tenant from the target tenant main body Binder through an interceptor, acquiring corresponding target tenant metadata according to current authentication information, and putting the corresponding target tenant metadata into a context SQL condition of a current application program.
As another example, assuming that the target tenant metadata access mode is a task mode, it should be noted that the task mode may be to generate a schedule for performing a timing task processing by using an XXL-JOB or a SpringBoot source, tenant metadata under the task mode is configured in a tenant value field, if the task type adopts the XXL-JOB, the tenant value may also be configured in a parameter thereof, and after intercepting a request for the timing task, the interceptor automatically saves a task ID and a tenant parameter carried by the request into the UT-Binder, so as to add a tenant filtering condition in the SQL inter. Specifically, the task types under the task model include an XXL-JOB type and a schedule type, wherein XXL-JOB is a distributed timing task management component, and schedule is a timing task plug-in generated by SpringBoot and can be selected according to service requirements.
In addition, assuming that the target tenant metadata access mode is an external service mode, in the external service mode, a unique KEY is generated based on the service path, and the unique KEY and the configured tenant value are stored in the UT-Binder together so as to perform SQL condition filtering. In period, tenant value: each tenant is assigned a tenant ID, and the application program performs data filtering processing according to the tenant ID. It should be noted that, when the task type corresponding to the non-tenant mode or the task mode is XXL-JOB, the tenant value field may not be configured, and tenant value configuration needs to be performed in all other data access modes.
According to the processing process of the invention, the advantages of easy maintenance, high readability and easy updating of the configuration file and the dynamic monitoring and interceptor technology are combined, so that the configuration of the metadata item of the tenant can be conveniently maintained, and the updating can be dynamically applied to the subsequent business processing flow. The tenant metadata is loaded into the service memory after the system is started, and the local memory is directly read when the system is used, so that the program execution in the processing mode is particularly efficient, and the response speed of the application program is improved. The tenant dynamic management function enables an application developer to pay attention to the task of processing tenant filtration, and only pay attention to service development, so that development workload is reduced, and delivery efficiency is improved.
As can be seen from the above analysis, in the tenant data access management method provided in the embodiment of the present application, firstly, under a preset directory of an application system, tenant metadata of each tenant are configured and tenant metadata access modes of each tenant are increased respectively; if at least two tenant data access requests are detected, intercepting the at least two tenant data access requests through a preset interceptor; after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode to be started corresponding to a target tenant data access request; and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with a target tenant data access request in the target tenant metadata management mode. The method comprises the steps of configuring tenant metadata under a preset catalog of an application system, adding a tenant metadata access mode, and combining an interceptor to intercept at least two tenant data access requests, so that target tenant metadata matched with the target tenant data access requests are obtained under the target tenant metadata access mode. The whole process is simple and easy to realize, and can support multi-tenant data access under various business scenes.
Referring to fig. 2, fig. 2 is a schematic flowchart of a tenant data access management method according to another embodiment of the present application. The present embodiment is the same as the specific implementation procedure of S101 to S104 in comparison with the embodiment shown in fig. 1 in S203 to S206, except that S201 and S202 are further included before S203. The details are as follows:
s201, under a preset directory of the application system, respectively configuring states of tenant metadata of each tenant.
S202, managing the tenant data access request is determined according to the detected current state of the tenant metadata.
Wherein the states of the tenant metadata include an enabled state and a closed state; for example, an enabling state is used for configuring whether the currently configured tenant metadata is effective, if configured as TRUE indicates that the tenant metadata is configured as the enabling state, the application program can perform tenant management according to the configured policy after being started, and if configured as FALSE, the configuration is not enabled.
The determining, according to the configured state of the tenant metadata, to manage the tenant data access request includes: if the current state of the tenant metadata is detected to be an enabling state, determining to execute and detect the tenant data access request sent by the application system; and if the state of the current tenant metadata is detected to be the closed state, determining that the tenant data access request sent by the application system is not executed.
In addition, tenant metadata maintainer information, maintenance time and the like can be configured, wherein the maintainer information is used for configuring maintainer information of the current configuration, mailbox addresses of maintainers are suggested to be configured, and the maintenance time is used for recording update time of the current configuration.
S203, under the preset directory of the application system, respectively configuring tenant metadata of each tenant and increasing access modes of the tenant metadata.
S204, detecting tenant data access requests sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor.
S205, after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes.
S206, starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
It can be appreciated that the specific implementation process of steps S203 to S206 may refer to the implementation process of steps S101 to S104 in fig. 1, and will not be described herein.
In addition, in some embodiments, the target tenant metadata access pattern may include a data loading pattern in which the process of accessing the target tenant metadata includes: if detecting that the application program registers a monitoring event to the system through a tenant monitor (TenantMonitor), when the application program is started or after configured tenant metadata is changed, the monitoring event can be generated, and the latest tenant metadata is pushed to the application program subscribing the event, so that the function of reading the tenant metadata in real time by the application program is realized, the tenant metadata in a service memory can be stored in a tenant metadata cache, and loading of the tenant metadata in a tenant isolation center tenantFilter Val from a configuration center to an application service memory is completed.
In some embodiments, the target tenant metadata access mode may further include a data filtering mode in which the process of accessing the target tenant metadata includes: when a data access request sent by an application program is detected, an interceptor intercepts the data access request, checks whether the current data access request is configured in a tenant isolation center TenantFilterVal, releases the request if not, and manages the tenant if not. Specifically, checking a management mode of configuration, and storing the read tenant value corresponding to the current application context into a tenant isolation center TenantFilterVal for later process use according to a checking result. If the mode is a non-tenant mode, the tenant does not need to be managed, and the execution request is released.
Illustratively, determining the access procedure of the target tenant metadata in the filter mode may be specifically described with reference to fig. 2. Fig. 3 is a schematic diagram of an access process of target tenant metadata in a filtering mode provided in an embodiment of the present application. As can be seen from fig. 3, the application system 301 may pre-store the tenant data access requests in the tenant isolation center TenantFilterVal302 in access modes (such as a non-tenant mode, an authentication mode, a task mode and an external service mode) corresponding to different tenant metadata carried by the tenant data access requests, filter and intercept the tenant data access requests through the SQL interceptor 303, and check whether the current data access requests are configured in the tenant isolation center TenantFilterVal302, if not, release the tenant data access requests, and if yes, manage the tenant data access requests.
As can be seen from the above analysis, in the tenant data access management method provided in the embodiment of the present application, firstly, under a preset directory of an application system, tenant metadata of each tenant are configured and tenant metadata access modes of each tenant are increased respectively; if at least two tenant data access requests are detected, intercepting the at least two tenant data access requests through a preset interceptor; after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode to be started corresponding to a target tenant data access request; and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with a target tenant data access request in the target tenant metadata management mode. The method comprises the steps of configuring tenant metadata under a preset catalog of an application system, adding a tenant metadata access mode, and combining an interceptor to intercept at least two tenant data access requests, so that target tenant metadata matched with the target tenant data access requests are obtained under the target tenant metadata access mode. The whole process is simple and easy to realize, and can support multi-tenant data access under various business scenes.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a tenant data access management device according to an embodiment of the present application. The tenant data access management apparatus 400 is configured to execute the steps of the tenant data access management method described in the above embodiments. The tenant data access management apparatus 400 may be a single server or a cluster of servers, or the automated operation and maintenance apparatus 400 may be a terminal, which may be a handheld terminal, a notebook computer, a wearable device, a robot, or the like.
As shown in fig. 4, the tenant data access management apparatus 400 includes:
the first configuration module 401 is configured to configure tenant metadata of each tenant and increase access modes of the tenant metadata under a preset directory of the application system;
the interception module 402 is configured to detect a tenant data access request sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercept the at least two tenant data access requests through a preset interceptor;
a determining module 403, configured to determine, after intercepting the at least two tenant data access requests, a target tenant metadata access mode corresponding to the target data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes;
And the obtaining module 404 is configured to initiate the target tenant metadata access mode, and obtain target tenant metadata matched with the target data access request in the target tenant metadata access mode.
In an embodiment, the preset directory of the application system includes a configuration center of the micro service system, and the first configuration module 401 includes:
the obtaining unit is used for initializing a storage module in a configuration center of the micro-service system to obtain a tenant space for storing tenant metadata;
and the storage unit is used for configuring the tenant metadata and the tenant metadata access modes of each tenant according to the service module configuration mode, and storing the configured tenant metadata and the configured tenant metadata access modes of each tenant into the tenant space.
In an embodiment, the service module configuration mode includes a configuration management specification of a java configuration file, and the configuring the tenant metadata of each tenant and the tenant metadata access mode according to the service module configuration mode includes:
based on the configuration management specification of the java configuration file, independently configuring tenant metadata for each tenant;
and respectively configuring the metadata access modes of each tenant according to the tenant metadata of each tenant.
In an embodiment, the preset interceptor includes an SQL interceptor; the interception module 402 is specifically configured to:
if at least two tenant data access requests sent by the application system are detected, determining the tenant data access requests needing to be intercepted by the SQL interceptor, and intercepting the tenant data access requests needing to be intercepted.
In one embodiment, the intercepting module 402 includes:
an implanting unit, configured to dynamically implant tenant metadata carried by the at least two tenant data access requests as conditions into an SQL statement;
the matching unit is used for executing the SQL sentences and matching the tenant metadata carried by the at least two tenant data access requests with the preset tenant metadata of each tenant;
the interception unit is used for determining the tenant data access request to be intercepted according to the matching result and intercepting the tenant data access request to be intercepted.
In an embodiment, the tenant data access management apparatus further includes:
the second configuration module is used for respectively configuring the states of tenant metadata of each tenant under the preset directory of the application system;
And the management module is used for determining to manage the tenant data access request according to the detected current state of the tenant metadata.
In an embodiment, the states of the tenant metadata include an enabled state and a closed state; the management module comprises:
the first determining unit is used for determining to execute and detect the tenant data access request sent by the application system if the state of the tenant metadata is detected to be the enabling state;
and the second determining unit is used for determining not to execute the detection of the tenant data access request sent by the application system if the state of the tenant metadata is detected to be the closed state.
It should be noted that, for convenience and brevity of description, specific working processes of the tenant data access management device and each module described above may refer to corresponding processes in the tenant data access management method embodiments described in the foregoing embodiments, and are not described herein again.
The tenant data access management method described above may be implemented in the form of a computer program that may be run on an apparatus as shown in fig. 4.
Referring to fig. 5, fig. 5 is a schematic block diagram of a tenant data access management device provided in an embodiment of the present application. The tenant data access management device 500 includes a processor, a memory, and a network interface connected by a device bus, where the memory may include a storage medium and an internal memory.
The storage medium may store an operating device and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any one of a number of tenant data access management methods.
The processor is used to provide computing and control capabilities to support the operation of the entire computer device.
The internal memory provides an environment for the execution of a computer program in the non-volatile storage medium, which when executed by the processor, causes the processor to perform any one of the tenant data access management methods.
The network interface is used for network communication such as transmitting assigned tasks and the like. Those skilled in the art will appreciate that the structure shown in fig. 5 is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation of the terminal to which the present application is applied, and that the specific tenant data access management device 500 may include more or fewer components than shown in the drawings, or may combine some components, or may have a different arrangement of components.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein in one embodiment the processor is configured to run a computer program stored in the memory to implement the steps of:
under a preset directory of an application system, respectively configuring tenant metadata of each tenant and increasing access modes of the tenant metadata;
detecting tenant data access requests sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor;
after intercepting the at least two tenant data access requests, determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes;
And starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
In an embodiment, the preset directory of the application system includes a configuration center of the micro service system, and the configuring the tenant metadata of each tenant and increasing the access mode of the tenant metadata under the preset directory of the application system includes:
initializing a tenant space for storing tenant metadata in a configuration center of the micro-service system;
and configuring the tenant metadata and the tenant metadata access modes of each tenant according to the service module configuration modes, and storing the configured tenant metadata and the configured tenant metadata access modes of each tenant into the tenant space.
In an embodiment, the service module configuration mode includes a configuration management specification of a java configuration file, and the configuring the tenant metadata of each tenant and the tenant metadata access mode according to the service module configuration mode includes:
based on the configuration management specification of the java configuration file, independently configuring tenant metadata for each tenant;
And respectively configuring the metadata access modes of each tenant according to the tenant metadata of each tenant.
In an embodiment, the preset interceptor includes an SQL interceptor; if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor, including:
if at least two tenant data access requests sent by the application system are detected, determining the tenant data access requests needing to be intercepted by the SQL interceptor, and intercepting the tenant data access requests needing to be intercepted.
In an embodiment, the determining, by the SQL interceptor, the tenant data access request to be intercepted, and intercepting the tenant data access request to be intercepted, includes:
dynamically implanting tenant metadata carried by the at least two tenant data access requests into SQL sentences as conditions;
executing the SQL sentence, and matching the tenant metadata carried by the at least two tenant data access requests with the pre-configured tenant metadata of each tenant;
and determining the tenant data access request to be intercepted according to the matching result, and intercepting the tenant data access request to be intercepted.
In an embodiment, before intercepting, by a preset interceptor, at least two tenant data access requests sent by an application system if the at least two tenant data access requests are detected, the method further includes:
under a preset directory of the application system, respectively configuring the states of tenant metadata of each tenant;
and determining to manage the tenant data access request according to the detected current state of the tenant metadata.
In an embodiment, the states of the tenant metadata include an enabled state and a closed state; the determining, according to the configured state of the tenant metadata, to manage the tenant data access request includes:
if the current state of the tenant metadata is detected to be an enabling state, determining to execute and detect the tenant data access request sent by the application system;
and if the state of the current tenant metadata is detected to be the closed state, determining that the tenant data access request sent by the application system is not executed.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, the computer program comprises program instructions, and the processor executes the program instructions to realize the steps of the tenant data access management method provided by the embodiments of the application.
The computer readable storage medium may be an internal storage unit of the computer device according to the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, which are provided on the computer device.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A tenant data access management method, the method comprising:
under a preset directory of an application system, respectively configuring tenant metadata of each tenant and increasing access modes of the tenant metadata; the system comprises a plurality of tenants, wherein each tenant metadata access mode comprises a non-tenant mode, an authentication mode, a task mode, an external service mode, a data loading mode and a data filtering mode; configuring a service scene which does not need to distinguish tenants into a non-tenant mode; aiming at a service scene needing identity authentication, configuring an authentication mode; aiming at a business scene requiring timing task processing data, configuring a task mode; exposing an interface to external service for the external service to use the service scene of the system data resource in the development process of the application program, and configuring the service scene as an external service mode; aiming at a business scene of loading tenant metadata from a configuration center to an application service memory, configuring the tenant metadata into a data loading mode; the method comprises the steps of configuring a data filtering mode aiming at a reading request of an application program;
Detecting tenant data access requests sent by the application system, and if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor; before intercepting the at least two tenant data access requests by a preset interceptor if the at least two tenant data access requests sent by the application system are detected, the method further comprises: under a preset directory of the application system, respectively configuring the states of tenant metadata of each tenant; determining to manage the tenant data access request according to the detected current state of the tenant metadata; wherein the states of the tenant metadata include an enabled state and a closed state; the determining, according to the configured state of the tenant metadata, to manage the tenant data access request includes: if the current state of the tenant metadata is detected to be an enabling state, determining to execute and detect the tenant data access request sent by the application system; if the current state of the tenant metadata is detected to be a closed state, determining that the tenant data access request sent by the application system is not executed;
After intercepting the at least two tenant data access requests, determining a target tenant metadata access mode corresponding to the target tenant data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access modes;
and starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target tenant data access request in the target tenant metadata access mode.
2. The tenant data access management method according to claim 1, wherein the preset directory of the application system includes a configuration center of the micro service system, and the configuring tenant metadata of each tenant and increasing the tenant metadata access mode under the preset directory of the application system include:
initializing a tenant space for storing tenant metadata in a configuration center of the micro-service system;
and configuring the tenant metadata and the tenant metadata access modes of each tenant according to the service module configuration modes, and storing the configured tenant metadata and the configured tenant metadata access modes of each tenant into the tenant space.
3. The tenant data access management method of claim 2, wherein the service module configuration mode includes a configuration management specification of a java configuration file, and the configuring the tenant metadata and the tenant metadata access mode of each tenant according to the service module configuration mode includes:
Based on the configuration management specification of the java configuration file, independently configuring tenant metadata for each tenant;
and respectively configuring the metadata access modes of each tenant according to the tenant metadata of each tenant.
4. A tenant data access management method according to any one of claims 1 to 3, wherein the preset interceptor comprises an SQL interceptor; if at least two tenant data access requests sent by the application system are detected, intercepting the at least two tenant data access requests through a preset interceptor, including:
if at least two tenant data access requests sent by the application system are detected, determining the tenant data access requests needing to be intercepted by the SQL interceptor, and intercepting the tenant data access requests needing to be intercepted.
5. The tenant data access management method of claim 4, wherein determining, by the SQL interceptor, the tenant data access request to be intercepted and intercepting the tenant data access request to be intercepted, comprises:
dynamically implanting tenant metadata carried by the at least two tenant data access requests into SQL sentences as conditions;
Executing the SQL sentence, and matching the tenant metadata carried by the at least two tenant data access requests with the pre-configured tenant metadata of each tenant;
and determining the tenant data access request to be intercepted according to the matching result, and intercepting the tenant data access request to be intercepted.
6. A tenant data access management apparatus, comprising:
the configuration module is used for respectively configuring tenant metadata of each tenant and increasing the access mode of the tenant metadata under the preset directory of the application system; the system comprises a plurality of tenants, wherein each tenant metadata access mode comprises a non-tenant mode, an authentication mode, a task mode, an external service mode, a data loading mode and a data filtering mode; configuring a service scene which does not need to distinguish tenants into a non-tenant mode; aiming at a service scene needing identity authentication, configuring an authentication mode; aiming at a business scene requiring timing task processing data, configuring a task mode; exposing an interface to external service for the external service to use the service scene of the system data resource in the development process of the application program, and configuring the service scene as an external service mode; aiming at a business scene of loading tenant metadata from a configuration center to an application service memory, configuring the tenant metadata into a data loading mode; the method comprises the steps of configuring a data filtering mode aiming at a reading request of an application program;
The system comprises an interception module, a server and a server, wherein the interception module is used for detecting tenant data access requests sent by the application system, and intercepting the at least two tenant data access requests through a preset interceptor if at least two tenant data access requests sent by the application system are detected; before intercepting the at least two tenant data access requests by a preset interceptor if the at least two tenant data access requests sent by the application system are detected, the method further comprises: under a preset directory of the application system, respectively configuring the states of tenant metadata of each tenant; determining to manage the tenant data access request according to the detected current state of the tenant metadata; wherein the states of the tenant metadata include an enabled state and a closed state; the determining, according to the configured state of the tenant metadata, to manage the tenant data access request includes: if the current state of the tenant metadata is detected to be an enabling state, determining to execute and detect the tenant data access request sent by the application system; if the current state of the tenant metadata is detected to be a closed state, determining that the tenant data access request sent by the application system is not executed;
The determining module is used for determining a target tenant metadata access mode corresponding to the target data access request according to the pre-configured tenant metadata of each tenant and the tenant metadata access mode after intercepting the at least two tenant data access requests;
the acquisition module is used for starting the target tenant metadata access mode, and acquiring target tenant metadata matched with the target data access request in the target tenant metadata access mode.
7. A tenant data access management device, comprising:
a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to execute the computer program and implement the steps of the tenant data access management method according to any one of claims 1 to 5 when the computer program is executed.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, causes the processor to implement the steps of the tenant data access management method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111229483.9A CN113965383B (en) | 2021-10-21 | 2021-10-21 | Tenant data access management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111229483.9A CN113965383B (en) | 2021-10-21 | 2021-10-21 | Tenant data access management method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113965383A CN113965383A (en) | 2022-01-21 |
| CN113965383B true CN113965383B (en) | 2024-03-15 |
Family
ID=79465985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111229483.9A Active CN113965383B (en) | 2021-10-21 | 2021-10-21 | Tenant data access management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113965383B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620609A (en) * | 2008-06-30 | 2010-01-06 | 国际商业机器公司 | Multi-tenant data storage and access method and device |
| CN102456028A (en) * | 2010-10-27 | 2012-05-16 | 金蝶软件(中国)有限公司 | Multi-tenant-oriented data acquisition method, device and system |
| CN108449417A (en) * | 2018-03-29 | 2018-08-24 | 国信优易数据有限公司 | A kind of service data visitation method and device |
| CN108737325A (en) * | 2017-04-13 | 2018-11-02 | 华为技术有限公司 | A kind of multi-tenant data partition method, apparatus and system |
| CN108920494A (en) * | 2018-05-21 | 2018-11-30 | 深圳市彬讯科技有限公司 | Isolation access method, server-side and the storage medium of multi-tenant database |
| CN110990150A (en) * | 2019-11-15 | 2020-04-10 | 北京浪潮数据技术有限公司 | Tenant management method and system of container cloud platform, electronic device and storage medium |
| CN111917725A (en) * | 2020-06-30 | 2020-11-10 | 北谷电子有限公司上海分公司 | Encryption system and encryption method for multi-tenant SaaS platform |
| CN113039527A (en) * | 2019-05-06 | 2021-06-25 | 甲骨文国际公司 | System and method for customization in an analysis application environment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777047A (en) * | 2009-01-08 | 2010-07-14 | 国际商业机器公司 | System, equipment and method for accessing database under multiple-tenant environment |
| CN102236762A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Method for processing file access for multi-tenancy application and file agent device |
| CN103577457B (en) * | 2012-07-31 | 2017-09-08 | 国际商业机器公司 | For the method and system manipulated to multi-tenant database |
| US10803062B2 (en) * | 2017-01-31 | 2020-10-13 | Salesforce.Com, Inc. | Systems, methods, and apparatuses for implementing a by partition command term within a multi-tenant aware structured query language |
| US11218461B2 (en) * | 2018-06-29 | 2022-01-04 | Salesforce.Com, Inc. | Authenticating computing system requests with an unknown destination across tenants of a multi-tenant system |
| US11442859B2 (en) * | 2019-01-23 | 2022-09-13 | Oracle International Corporation | Multiple cache framework for managing data for scenario planning |
-
2021
- 2021-10-21 CN CN202111229483.9A patent/CN113965383B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620609A (en) * | 2008-06-30 | 2010-01-06 | 国际商业机器公司 | Multi-tenant data storage and access method and device |
| CN102456028A (en) * | 2010-10-27 | 2012-05-16 | 金蝶软件(中国)有限公司 | Multi-tenant-oriented data acquisition method, device and system |
| CN108737325A (en) * | 2017-04-13 | 2018-11-02 | 华为技术有限公司 | A kind of multi-tenant data partition method, apparatus and system |
| CN108449417A (en) * | 2018-03-29 | 2018-08-24 | 国信优易数据有限公司 | A kind of service data visitation method and device |
| CN108920494A (en) * | 2018-05-21 | 2018-11-30 | 深圳市彬讯科技有限公司 | Isolation access method, server-side and the storage medium of multi-tenant database |
| CN113039527A (en) * | 2019-05-06 | 2021-06-25 | 甲骨文国际公司 | System and method for customization in an analysis application environment |
| CN110990150A (en) * | 2019-11-15 | 2020-04-10 | 北京浪潮数据技术有限公司 | Tenant management method and system of container cloud platform, electronic device and storage medium |
| CN111917725A (en) * | 2020-06-30 | 2020-11-10 | 北谷电子有限公司上海分公司 | Encryption system and encryption method for multi-tenant SaaS platform |
Non-Patent Citations (5)
| Title |
|---|
| Byeong-Thaek Oh ; Hee-Sun Won ; Sung-Jin Hur.Multi-tenant supporting online application service system based on metadata model.13th International Conference on Advanced Communication Technology (ICACT2011).2011,173-176. * |
| Torben Jastrow ; Thomas Preuss.The Entity-Attribute-Value Data Model in a Multi-tenant Shared Data Environment. 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC).2016,494-497. * |
| 使用Annotation和拦截器实现访问控制;杨树林;胡洁萍;;北京印刷学院学报(02);56-58 * |
| 多租户SaaS应用系统关键技术的研究与实现;马镇;硕士电子期刊;第二章-第四章 * |
| 面向多租户的门户资源管理框架;高蕾;杨燕;钟华;于谨维;;计算机工程与设计(08);124-130 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113965383A (en) | 2022-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220078078A1 (en) | Fpga-enabled compute instances | |
| US10104011B2 (en) | System and method for determination of partition identifiers in a multitenant application server environment | |
| US11119809B1 (en) | Virtualization-based transaction handling in an on-demand network code execution system | |
| US8086838B2 (en) | Methods and systems for providing manufacturing mode detection and functionality in a UEFI BIOS | |
| CN112118565A (en) | Multi-tenant service gray level publishing method and device, computer equipment and storage medium | |
| US20120117544A1 (en) | Amplification of dynamic checks through concurrency fuzzing | |
| US20120297099A1 (en) | Control over loading of device drivers for an individual instance of a pci device | |
| US8973117B2 (en) | Propagating security identity information to components of a composite application | |
| CN114356521A (en) | Task scheduling method and device, electronic equipment and storage medium | |
| CN107391539B (en) | Transaction processing method, server and storage medium | |
| CN111399999B (en) | Computer resource processing method, device, readable storage medium and computer equipment | |
| CN113965383B (en) | Tenant data access management method, device, equipment and storage medium | |
| CN116760705A (en) | Multi-tenant platform isolation management system and method based on comprehensive energy management system | |
| US20180275998A1 (en) | Management processor using code from peripheral device | |
| US20220067065A1 (en) | Providing instant and distributed access to a source blob via copy-on-read blobs and link blobs | |
| US11709750B2 (en) | Dynamically mapping software infrastructure utilization | |
| US20110055816A1 (en) | Method to derive software use and software data object use characteristics by analyzing attributes of related files | |
| CN112130900A (en) | User information management method, system, equipment and medium for BMC | |
| CN111125232A (en) | Method and device for accessing public cloud asset information | |
| US20110023018A1 (en) | Software platform and method of managing application individuals in the software platform | |
| CN110852139A (en) | Biometric feature recognition method, biometric feature recognition device, biometric feature recognition equipment and storage medium | |
| CN113641966B (en) | Application integration method, system, equipment and medium | |
| US20240037017A1 (en) | Verification of core file debugging resources | |
| US20240062221A1 (en) | Systems and methods for managing software provisioning based on contracts | |
| US20230023945A1 (en) | Orchestrating and Automating Product Deployment Flow and Lifecycle Management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |