CN114244548B - Cloud IDE-oriented dynamic scheduling and user authentication method - Google Patents
Cloud IDE-oriented dynamic scheduling and user authentication method Download PDFInfo
- Publication number
- CN114244548B CN114244548B CN202110387706.8A CN202110387706A CN114244548B CN 114244548 B CN114244548 B CN 114244548B CN 202110387706 A CN202110387706 A CN 202110387706A CN 114244548 B CN114244548 B CN 114244548B
- Authority
- CN
- China
- Prior art keywords
- development
- service
- user
- authentication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a cloud IDE-oriented dynamic scheduling and user authentication method, which comprises the following steps: s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password; s2, using the user name and the password received from the S1 as authentication information by using the Nginx service, and authenticating the authentication information; s3, the development service on the development server receives the request information, detects whether the development environment tool service is started successfully, if not, reports errors, and if so, carries user information and sends a request to the Nginx service; s4, pushing out development environment tool services to be forwarded to a certain fixed development server according to the forwarding strategy; s5, user authentication is achieved through the user information, and if authentication is passed, a development interface is entered. The invention solves the problems of dynamic scheduling of development tools, user authentication service and resource load balancing.
Description
Technical Field
The invention relates to a cloud IDE-oriented dynamic scheduling and user authentication method, and belongs to the technical field of cloud IDEs.
Background
Currently, there are several mainstream products on the market, such as Visual Studio Online, theia, etc., which are all based on browser usage patterns. Among them, theia is an extensible platform for developing multi-language cloud-side IDE and desktop-level IDE using the latest web technology, although its interface is similar to VS Code and references many things in terms of VS Code, even directly supports the extension of VS Code, so that many VS Code users can directly use IDE products developed by Theia. However, the ia service is started on the server, and the server ip and the designated port number are only input in the browser to be directly used, so that a great safety problem exists; meanwhile, in order to solve the problem of unbalanced server load caused by multi-user use, a load balancing mechanism is introduced.
Currently, the cloud IDE tool is in a single-user mode, namely one user has a complete set of cloud service and related environments, and multiple sets of environments are required to be configured for multi-user use; meanwhile, because a browser-based mode is used, a safety problem exists, and the port exposure can cause that any person can access all files under the user, so that the potential safety hazard is great. In a server cluster, a problem of unbalanced server load caused by the fact that multiple people use development tools in the same server.
At present, a mode of remote development based on a server is becoming more popular, and a development environment deployed on the server can reduce dependence on a local environment, but a user also configures a set of environment for use only by himself, so that simultaneous use of multiple users cannot be realized. For clustered servers, multiple users may focus on a certain server to use development tools, while some servers may experience less user usage.
Disclosure of Invention
The invention aims to provide a cloud IDE-oriented dynamic scheduling and user authentication method for solving the problems of dynamic scheduling of development tools, user authentication service and resource load balancing.
In order to achieve the above purpose, the invention adopts the following technical scheme: the cloud IDE-oriented dynamic scheduling and user authentication method is provided, and is based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
Due to the application of the technical scheme, compared with the prior art, the invention has the following advantages:
aiming at a server cluster and a multi-user use mode, the invention provides a framework with centralized management, dynamic scheduling and user authentication functions, provides the framework for multi-user use, reduces links of disk space and environment configuration, enhances the use safety, and does not have the safety problem of single-user use; the real ip address of the server can be hidden, the uniform login address is always displayed in url, and the centralized management is convenient for updating and maintenance.
Drawings
Fig. 1 is a schematic diagram of a cloud IDE-oriented dynamic scheduling and user authentication method according to the present invention.
Detailed Description
Examples: the invention provides a cloud IDE-oriented dynamic scheduling and user authentication method, which is based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address (unified login point provided by Nginx service) and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy (such as a Hash strategy and a minimum connection number strategy);
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
Further explanation of the above embodiments is as follows:
the invention aims to provide services for multiple users through a set of development tool environment, and simultaneously provide a safety mechanism and realize load balancing.
1) Nginx, server, development environment deployment
The Nginx service is deployed on a special server to be used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file; development services are deployed on other servers in the cluster, and are mainly responsible for port management and management of development environment tools; and reserving a part of ports on the development server as a port resource pool for the development service.
2) Start-up
The user inputs a unified login address (unified login point provided by ng nx) and a designated service port in the browser, and a user login interface is displayed to require the user to input a user name and a password.
3) Authentication and forwarding
The Nginx service takes the received user name and password as authentication information, authenticates the authentication information, if the authentication is not passed, continuously requests to input the authentication information, and if the authentication is failed for a plurality of times, continuously requests to input the authentication information for authentication after waiting for a certain time; if the authentication is passed, the request is forwarded to a development service on a development server according to a forwarding policy.
4) Server processing mechanism
The development server receives the request information, and first checks whether the development environment tool service started under the server exists. If the service exists, acquiring port information of the service and carrying the user information to send a request to the Nginx service; if the port is not available, an idle port is required to be taken out from the port resource pool, the development environment tool service is started, the port number of the port is designated as the port number which is just acquired, whether the development environment tool service is started successfully or not is detected, the error is not successfully reported, and the user information is carried to send a request to Nginx successfully.
5) Nginx secondary forwarding
The Nginx receives the user information, and calculates a development environment tool service to be forwarded to a certain fixed development server according to a forwarding strategy, wherein the port number is a port number returned by the received development server.
6) Development tool certification
The development environment tool receives the user request, realizes user authentication by using the user information, and enters a development interface after the authentication is passed; failure of authentication will report errors.
The Nginx can forward to the determined local service for the determined user; through the two times of transferring Nginx forwarding, not only can the development environment tool service be accessed, but also the real IP of the server can be hidden, thereby playing a role in protection.
When the cloud IDE-oriented dynamic scheduling and user authentication method is adopted, a framework with centralized management, dynamic scheduling and user authentication functions is provided for a server cluster and a multi-user use mode, and the framework is provided for multi-user use, so that links of disk space and environment configuration are reduced, the use safety is enhanced, and the safety problem of single-user use is avoided; the real ip address of the server can be hidden, the uniform login address is always displayed in url, and the centralized management is convenient for updating and maintenance.
The above embodiments are provided to illustrate the technical concept and features of the present invention and are intended to enable those skilled in the art to understand the content of the present invention and implement the same, and are not intended to limit the scope of the present invention. All equivalent changes or modifications made in accordance with the spirit of the present invention should be construed to be included in the scope of the present invention.
Claims (1)
1. The cloud IDE-oriented dynamic scheduling and user authentication method is characterized by being based on the following configuration:
the Nginx service is deployed on a special server to obtain an Nginx server, the Nginx server is used as a login and forwarding node, and a development server address needing forwarding is set in a configuration file;
the development service is deployed on other servers in the cluster to obtain a development server, and is mainly responsible for port management and management of development environment tools;
reserving a part of ports on a development server as a port resource pool for development services;
configuring a development environment tool under a global path to ensure that each user can access;
the dynamic scheduling and user authentication method comprises the following steps:
s1, a user inputs a unified login address and a designated service port in a browser, and inputs a user name and a password according to requirements in a displayed user login interface;
s2, using the user name and the password received from the S1 as authentication information by the Nginx service, authenticating the authentication information, if the authentication is not passed, continuing to request to input the authentication information, and if the authentication is failed for a plurality of times, requesting to wait for a certain time before continuing to input the authentication information for authentication; if the authentication is passed, forwarding the request to a development service on a development server according to a forwarding strategy;
s3, the development service on the development server receives the request information, and firstly, whether an started development environment tool service exists under the server or not is checked;
if the development environment tool service exists, acquiring port information of the development environment tool service, carrying the user information and sending a request to an Nginx service;
if not, an idle port is taken out from the reserved port pool, the development environment tool service is started, and the port number is designated as the port number which is just acquired;
detecting whether the development environment tool service is started successfully or not, if not, reporting errors, and if so, carrying user information and sending a request to the Nginx service;
s4, the Nginx service receives the user information, and according to the forwarding strategy, the development environment tool service to be forwarded to a certain fixed development server is deduced;
s5, the development environment tool service receives the user request, user authentication is achieved through the user information, if authentication is passed, the development interface is entered, and if authentication fails, errors are reported.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110387706.8A CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110387706.8A CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114244548A CN114244548A (en) | 2022-03-25 |
CN114244548B true CN114244548B (en) | 2023-10-13 |
Family
ID=80742821
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110387706.8A Active CN114244548B (en) | 2021-04-12 | 2021-04-12 | Cloud IDE-oriented dynamic scheduling and user authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114244548B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844859A (en) * | 2022-05-05 | 2022-08-02 | 北京达佳互联信息技术有限公司 | Domain name configuration method and device, electronic equipment and storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007293760A (en) * | 2006-04-27 | 2007-11-08 | Hitachi Ltd | Single sign-on cooperation method and system using individual authentication |
CN104639325A (en) * | 2014-12-31 | 2015-05-20 | 广州蓝海彤翔网络科技有限公司 | Cloud game system and cloud game method based on unified certification |
CN104660409A (en) * | 2013-11-25 | 2015-05-27 | 北京神州泰岳软件股份有限公司 | System login method in cluster environment and authentication server cluster |
CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
EP3316544A1 (en) * | 2015-07-24 | 2018-05-02 | Huawei Technologies Co., Ltd. | Token generation and authentication method, and authentication server |
CN109639746A (en) * | 2017-10-09 | 2019-04-16 | 北京安软天地科技有限公司 | A kind of load-balancing method towards safety certification transport gateway cluster |
EP3493463A1 (en) * | 2017-11-30 | 2019-06-05 | Canon Kabushiki Kaisha | System and control method therefor |
CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
CN110493352A (en) * | 2019-08-30 | 2019-11-22 | 南京联创互联网技术有限公司 | A kind of unified gateway service system and its method of servicing based on WEB middleware |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9369456B2 (en) * | 2012-09-21 | 2016-06-14 | Intuit Inc. | Single sign-on in multi-tenant environments |
CN107612895B (en) * | 2017-09-05 | 2020-07-10 | 网宿科技股份有限公司 | Internet anti-attack method and authentication server |
TWI676115B (en) * | 2018-07-13 | 2019-11-01 | 優碩資訊科技股份有限公司 | System and method for managing certification for cloud service system |
-
2021
- 2021-04-12 CN CN202110387706.8A patent/CN114244548B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007293760A (en) * | 2006-04-27 | 2007-11-08 | Hitachi Ltd | Single sign-on cooperation method and system using individual authentication |
CN104660409A (en) * | 2013-11-25 | 2015-05-27 | 北京神州泰岳软件股份有限公司 | System login method in cluster environment and authentication server cluster |
CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
CN104639325A (en) * | 2014-12-31 | 2015-05-20 | 广州蓝海彤翔网络科技有限公司 | Cloud game system and cloud game method based on unified certification |
EP3316544A1 (en) * | 2015-07-24 | 2018-05-02 | Huawei Technologies Co., Ltd. | Token generation and authentication method, and authentication server |
WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
CN109639746A (en) * | 2017-10-09 | 2019-04-16 | 北京安软天地科技有限公司 | A kind of load-balancing method towards safety certification transport gateway cluster |
EP3493463A1 (en) * | 2017-11-30 | 2019-06-05 | Canon Kabushiki Kaisha | System and control method therefor |
CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
CN110493352A (en) * | 2019-08-30 | 2019-11-22 | 南京联创互联网技术有限公司 | A kind of unified gateway service system and its method of servicing based on WEB middleware |
Non-Patent Citations (3)
Title |
---|
分布式协同统一身份认证平台的设计与实现;彭勇;黄剑华;王喆;王全亮;王欢;;软件工程(10);全文 * |
基于车载指挥调度系统的动态口令认证方法;李文峰;范黎明;肖书春;雷文礼;;采矿技术(02);全文 * |
用SSH构建安全的集成网络开发环境;黄逸之;苏丹;;计算机与信息技术(12);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114244548A (en) | 2022-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10218782B2 (en) | Routing of communications to one or more processors performing one or more services according to a load balancing function | |
CN108108223B (en) | Kubernetes-based container management platform | |
Yang et al. | Blockchain-based secure distributed control for software defined optical networking | |
US11218595B2 (en) | Method and system for providing resiliency in interaction servicing | |
US7246174B2 (en) | Method and system for accessing and managing virtual machines | |
US20100218237A1 (en) | Systems and methods for managing third-party application programming interface in a collaboration space | |
WO2017097123A1 (en) | Access request conversion method and device | |
CN110493352A (en) | A kind of unified gateway service system and its method of servicing based on WEB middleware | |
US20140280859A1 (en) | Sharing control system and method for network resources download information | |
US20130254761A1 (en) | Granular application sessions tagging | |
US8234336B2 (en) | Virtual conference center architecture | |
US20100088698A1 (en) | Techniques for managing communication sessions | |
CN111130835A (en) | Data center dual-active system, switching method, device, equipment and medium | |
CN106911648B (en) | Environment isolation method and equipment | |
CN104811476B (en) | A kind of High Availabitity deployment implementation method of application-oriented service | |
CN106844111A (en) | The access method of cloud storage NFS | |
US11025688B1 (en) | Automated streaming data platform | |
CN114244548B (en) | Cloud IDE-oriented dynamic scheduling and user authentication method | |
CN105490861A (en) | System and method of management of network management device | |
US20110153826A1 (en) | Fault tolerant and scalable load distribution of resources | |
CN104809026B (en) | A kind of method that CPU computing resources are borrowed using remote node | |
CN108600156A (en) | A kind of server and safety certifying method | |
CN202309766U (en) | Online service system based on activity catalog verification | |
CN116781564A (en) | Network detection method and system for container cloud platform | |
US20170195426A1 (en) | Maintaining session across plural providing devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |