CN114244548B - Cloud IDE-oriented dynamic scheduling and user authentication method - Google Patents

Cloud IDE-oriented dynamic scheduling and user authentication method Download PDF

Info

Publication number
CN114244548B
CN114244548B CN202110387706.8A CN202110387706A CN114244548B CN 114244548 B CN114244548 B CN 114244548B CN 202110387706 A CN202110387706 A CN 202110387706A CN 114244548 B CN114244548 B CN 114244548B
Authority
CN
China
Prior art keywords
development
service
user
authentication
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110387706.8A
Other languages
Chinese (zh)
Other versions
CN114244548A (en
Inventor
陈华蓉
陈德训
孙川
刘勇
王敬宇
冯赟龙
彭达佳
宋佳伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Jiangnan Computing Technology Institute
Original Assignee
Wuxi Jiangnan Computing Technology Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Jiangnan Computing Technology Institute filed Critical Wuxi Jiangnan Computing Technology Institute
Priority to CN202110387706.8A priority Critical patent/CN114244548B/en
Publication of CN114244548A publication Critical patent/CN114244548A/en
Application granted granted Critical
Publication of CN114244548B publication Critical patent/CN114244548B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a cloud IDE-oriented dynamic scheduling and user authentication method, which comprises the following steps: s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password; s2, using the user name and the password received from the S1 as authentication information by using the Nginx service, and authenticating the authentication information; s3, the development service on the development server receives the request information, detects whether the development environment tool service is started successfully, if not, reports errors, and if so, carries user information and sends a request to the Nginx service; s4, pushing out development environment tool services to be forwarded to a certain fixed development server according to the forwarding strategy; s5, user authentication is achieved through the user information, and if authentication is passed, a development interface is entered. The invention solves the problems of dynamic scheduling of development tools, user authentication service and resource load balancing.

Description

Cloud IDE-oriented dynamic scheduling and user authentication method
Technical Field
The invention relates to a cloud IDE-oriented dynamic scheduling and user authentication method, and belongs to the technical field of cloud IDEs.
Background
Currently, there are several mainstream products on the market, such as Visual Studio Online, theia, etc., which are all based on browser usage patterns. Among them, theia is an extensible platform for developing multi-language cloud-side IDE and desktop-level IDE using the latest web technology, although its interface is similar to VS Code and references many things in terms of VS Code, even directly supports the extension of VS Code, so that many VS Code users can directly use IDE products developed by Theia. However, the ia service is started on the server, and the server ip and the designated port number are only input in the browser to be directly used, so that a great safety problem exists; meanwhile, in order to solve the problem of unbalanced server load caused by multi-user use, a load balancing mechanism is introduced.
Currently, the cloud IDE tool is in a single-user mode, namely one user has a complete set of cloud service and related environments, and multiple sets of environments are required to be configured for multi-user use; meanwhile, because a browser-based mode is used, a safety problem exists, and the port exposure can cause that any person can access all files under the user, so that the potential safety hazard is great. In a server cluster, a problem of unbalanced server load caused by the fact that multiple people use development tools in the same server.
At present, a mode of remote development based on a server is becoming more popular, and a development environment deployed on the server can reduce dependence on a local environment, but a user also configures a set of environment for use only by himself, so that simultaneous use of multiple users cannot be realized. For clustered servers, multiple users may focus on a certain server to use development tools, while some servers may experience less user usage.
Disclosure of Invention
The invention aims to provide a cloud IDE-oriented dynamic scheduling and user authentication method for solving the problems of dynamic scheduling of development tools, user authentication service and resource load balancing.
In order to achieve the above purpose, the invention adopts the following technical scheme: the cloud IDE-oriented dynamic scheduling and user authentication method is provided, and is based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
Due to the application of the technical scheme, compared with the prior art, the invention has the following advantages:
aiming at a server cluster and a multi-user use mode, the invention provides a framework with centralized management, dynamic scheduling and user authentication functions, provides the framework for multi-user use, reduces links of disk space and environment configuration, enhances the use safety, and does not have the safety problem of single-user use; the real ip address of the server can be hidden, the uniform login address is always displayed in url, and the centralized management is convenient for updating and maintenance.
Drawings
Fig. 1 is a schematic diagram of a cloud IDE-oriented dynamic scheduling and user authentication method according to the present invention.
Detailed Description
Examples: the invention provides a cloud IDE-oriented dynamic scheduling and user authentication method, which is based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address (unified login point provided by Nginx service) and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy (such as a Hash strategy and a minimum connection number strategy);
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
Further explanation of the above embodiments is as follows:
the invention aims to provide services for multiple users through a set of development tool environment, and simultaneously provide a safety mechanism and realize load balancing.
1) Nginx, server, development environment deployment
The Nginx service is deployed on a special server to be used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file; development services are deployed on other servers in the cluster, and are mainly responsible for port management and management of development environment tools; and reserving a part of ports on the development server as a port resource pool for the development service.
2) Start-up
The user inputs a unified login address (unified login point provided by ng nx) and a designated service port in the browser, and a user login interface is displayed to require the user to input a user name and a password.
3) Authentication and forwarding
The Nginx service takes the received user name and password as authentication information, authenticates the authentication information, if the authentication is not passed, continuously requests to input the authentication information, and if the authentication is failed for a plurality of times, continuously requests to input the authentication information for authentication after waiting for a certain time; if the authentication is passed, the request is forwarded to a development service on a development server according to a forwarding policy.
4) Server processing mechanism
The development server receives the request information, and first checks whether the development environment tool service started under the server exists. If the service exists, acquiring port information of the service and carrying the user information to send a request to the Nginx service; if the port is not available, an idle port is required to be taken out from the port resource pool, the development environment tool service is started, the port number of the port is designated as the port number which is just acquired, whether the development environment tool service is started successfully or not is detected, the error is not successfully reported, and the user information is carried to send a request to Nginx successfully.
5) Nginx secondary forwarding
The Nginx receives the user information, and calculates a development environment tool service to be forwarded to a certain fixed development server according to a forwarding strategy, wherein the port number is a port number returned by the received development server.
6) Development tool certification
The development environment tool receives the user request, realizes user authentication by using the user information, and enters a development interface after the authentication is passed; failure of authentication will report errors.
The Nginx can forward to the determined local service for the determined user; through the two times of transferring Nginx forwarding, not only can the development environment tool service be accessed, but also the real IP of the server can be hidden, thereby playing a role in protection.
When the cloud IDE-oriented dynamic scheduling and user authentication method is adopted, a framework with centralized management, dynamic scheduling and user authentication functions is provided for a server cluster and a multi-user use mode, and the framework is provided for multi-user use, so that links of disk space and environment configuration are reduced, the use safety is enhanced, and the safety problem of single-user use is avoided; the real ip address of the server can be hidden, the uniform login address is always displayed in url, and the centralized management is convenient for updating and maintenance.
The above embodiments are provided to illustrate the technical concept and features of the present invention and are intended to enable those skilled in the art to understand the content of the present invention and implement the same, and are not intended to limit the scope of the present invention. All equivalent changes or modifications made in accordance with the spirit of the present invention should be construed to be included in the scope of the present invention.

Claims (1)

1. The cloud IDE-oriented dynamic scheduling and user authentication method is characterized by being based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
CN202110387706.8A 2021-04-12 2021-04-12 Cloud IDE-oriented dynamic scheduling and user authentication method Active CN114244548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110387706.8A CN114244548B (en) 2021-04-12 2021-04-12 Cloud IDE-oriented dynamic scheduling and user authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110387706.8A CN114244548B (en) 2021-04-12 2021-04-12 Cloud IDE-oriented dynamic scheduling and user authentication method

Publications (2)

Publication Number Publication Date
CN114244548A CN114244548A (en) 2022-03-25
CN114244548B true CN114244548B (en) 2023-10-13

Family

ID=80742821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110387706.8A Active CN114244548B (en) 2021-04-12 2021-04-12 Cloud IDE-oriented dynamic scheduling and user authentication method

Country Status (1)

Country Link
CN (1) CN114244548B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844859A (en) * 2022-05-05 2022-08-02 北京达佳互联信息技术有限公司 Domain name configuration method and device, electronic equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007293760A (en) * 2006-04-27 2007-11-08 Hitachi Ltd Single sign-on cooperation method and system using individual authentication
CN104639325A (en) * 2014-12-31 2015-05-20 广州蓝海彤翔网络科技有限公司 Cloud game system and cloud game method based on unified certification
CN104660409A (en) * 2013-11-25 2015-05-27 北京神州泰岳软件股份有限公司 System login method in cluster environment and authentication server cluster
CN105099690A (en) * 2014-05-19 2015-11-25 江苏博智软件科技有限公司 OTP and user behavior-based certification and authorization method in mobile cloud computing environment
WO2017186005A1 (en) * 2016-04-29 2017-11-02 中兴通讯股份有限公司 Method, server, and terminal for cloud desktop authentication
EP3316544A1 (en) * 2015-07-24 2018-05-02 Huawei Technologies Co., Ltd. Token generation and authentication method, and authentication server
CN109639746A (en) * 2017-10-09 2019-04-16 北京安软天地科技有限公司 A kind of load-balancing method towards safety certification transport gateway cluster
EP3493463A1 (en) * 2017-11-30 2019-06-05 Canon Kabushiki Kaisha System and control method therefor
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services
CN110493352A (en) * 2019-08-30 2019-11-22 南京联创互联网技术有限公司 A kind of unified gateway service system and its method of servicing based on WEB middleware

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9369456B2 (en) * 2012-09-21 2016-06-14 Intuit Inc. Single sign-on in multi-tenant environments
CN107612895B (en) * 2017-09-05 2020-07-10 网宿科技股份有限公司 Internet anti-attack method and authentication server
TWI676115B (en) * 2018-07-13 2019-11-01 優碩資訊科技股份有限公司 System and method for managing certification for cloud service system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007293760A (en) * 2006-04-27 2007-11-08 Hitachi Ltd Single sign-on cooperation method and system using individual authentication
CN104660409A (en) * 2013-11-25 2015-05-27 北京神州泰岳软件股份有限公司 System login method in cluster environment and authentication server cluster
CN105099690A (en) * 2014-05-19 2015-11-25 江苏博智软件科技有限公司 OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN104639325A (en) * 2014-12-31 2015-05-20 广州蓝海彤翔网络科技有限公司 Cloud game system and cloud game method based on unified certification
EP3316544A1 (en) * 2015-07-24 2018-05-02 Huawei Technologies Co., Ltd. Token generation and authentication method, and authentication server
WO2017186005A1 (en) * 2016-04-29 2017-11-02 中兴通讯股份有限公司 Method, server, and terminal for cloud desktop authentication
CN109639746A (en) * 2017-10-09 2019-04-16 北京安软天地科技有限公司 A kind of load-balancing method towards safety certification transport gateway cluster
EP3493463A1 (en) * 2017-11-30 2019-06-05 Canon Kabushiki Kaisha System and control method therefor
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services
CN110493352A (en) * 2019-08-30 2019-11-22 南京联创互联网技术有限公司 A kind of unified gateway service system and its method of servicing based on WEB middleware

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
分布式协同统一身份认证平台的设计与实现;彭勇;黄剑华;王喆;王全亮;王欢;;软件工程(10);全文 *
基于车载指挥调度系统的动态口令认证方法;李文峰;范黎明;肖书春;雷文礼;;采矿技术(02);全文 *
用SSH构建安全的集成网络开发环境;黄逸之;苏丹;;计算机与信息技术(12);全文 *

Also Published As

Publication number Publication date
CN114244548A (en) 2022-03-25

Similar Documents

Publication Publication Date Title
US10218782B2 (en) Routing of communications to one or more processors performing one or more services according to a load balancing function
CN108108223B (en) Kubernetes-based container management platform
Yang et al. Blockchain-based secure distributed control for software defined optical networking
US11218595B2 (en) Method and system for providing resiliency in interaction servicing
US7246174B2 (en) Method and system for accessing and managing virtual machines
US20100218237A1 (en) Systems and methods for managing third-party application programming interface in a collaboration space
WO2017097123A1 (en) Access request conversion method and device
CN110493352A (en) A kind of unified gateway service system and its method of servicing based on WEB middleware
US20140280859A1 (en) Sharing control system and method for network resources download information
US20130254761A1 (en) Granular application sessions tagging
US8234336B2 (en) Virtual conference center architecture
US20100088698A1 (en) Techniques for managing communication sessions
CN111130835A (en) Data center dual-active system, switching method, device, equipment and medium
CN106911648B (en) Environment isolation method and equipment
CN104811476B (en) A kind of High Availabitity deployment implementation method of application-oriented service
CN106844111A (en) The access method of cloud storage NFS
US11025688B1 (en) Automated streaming data platform
CN114244548B (en) Cloud IDE-oriented dynamic scheduling and user authentication method
CN105490861A (en) System and method of management of network management device
US20110153826A1 (en) Fault tolerant and scalable load distribution of resources
CN104809026B (en) A kind of method that CPU computing resources are borrowed using remote node
CN108600156A (en) A kind of server and safety certifying method
CN202309766U (en) Online service system based on activity catalog verification
CN116781564A (en) Network detection method and system for container cloud platform
US20170195426A1 (en) Maintaining session across plural providing devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant