CN114282179A - Container system authorization method and server - Google Patents
Container system authorization method and server Download PDFInfo
- Publication number
- CN114282179A CN114282179A CN202111637932.3A CN202111637932A CN114282179A CN 114282179 A CN114282179 A CN 114282179A CN 202111637932 A CN202111637932 A CN 202111637932A CN 114282179 A CN114282179 A CN 114282179A
- Authority
- CN
- China
- Prior art keywords
- authorization
- server
- container system
- license
- valid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The application provides a container system authorization method and a server, wherein the method comprises the following steps: the first server receives a container system login request sent by the client, the first server responds to the container system login request, the encrypted authorization license is decrypted and verified, and if the verification is passed, the first server sends a container system login response to the client, so that the target client logs in the container system. And authorization of the Docker system is realized.
Description
Technical Field
The application relates to the technical field of computers, in particular to a container system authorization method and a server.
Background
Computer software is one of the main technical foundations of modern society, is an important product in the information age, and the protection problem of the software becomes an important content for protecting intellectual property rights.
In the related art, for software authorization, an authorization request is usually sent to a software manager by a software installation terminal, and the software manager authenticates the software installation terminal and returns authorization information to the software installation terminal after the authentication is legal.
However, because of the isolation between services, the Docker system cannot perform software authorization on the Docker system in this way.
Disclosure of Invention
The present application is directed to provide a container system authorization method and a server to authorize a Docker software system, in order to overcome the above-mentioned shortcomings in the prior art.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a container system authorization method, applied to a first server, where the method includes:
receiving a container system login request sent by a target client;
responding to the container system login request, decrypting the received encrypted authorization license, and verifying the authorization license obtained by decryption;
and if the verification is passed, sending a container system login response to the target client, so that the target client logs in the container system.
In some embodiments, the authorization license includes: the verifying of the decrypted authorization license includes:
judging whether the authorization type is a preset type or not, and whether the valid service life meets a preset valid condition or not, so as to obtain a judgment result of the authorization type and a judgment result of the valid service life;
and checking the authorization license according to the judgment result of the authorization type and the judgment result of the valid service life.
In some embodiments, the authorization license further comprises: the verifying the authorization license according to the judgment result of the authorization type and the judgment result of the valid lifetime of the authorization registration information of the first server includes:
if the judgment result of the authorization type indicates that the authorization type is the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server or not;
if the authorization registration information is the same as the actual registration information, determining that the verification is passed;
and if the authorization registration information is different from the actual registration information, determining that the verification fails.
In some embodiments, the verifying the authorization license according to the determination result of the authorization type and the determination result of the valid usage period further includes:
and if the judgment result of the authorization type indicates that the authorization type is not the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, determining that the verification is passed.
In some embodiments, the method further comprises:
updating the valid use period in the authorization license by performing a timed task.
In some embodiments, the method further comprises:
and if the verification is passed, adding the encrypted authorization license to a blacklist.
In some embodiments, the authorization license further comprises: the number of authorized clients corresponding to the container system, after sending a container system login response to the client, the method further comprises:
determining the number of login clients logging into the container system;
if the number of the login clients exceeds the number of the authorized clients, sending an access prohibition indication to the target client to prohibit the target client from accessing the container system;
and if the number of the login clients does not exceed the number of the authorized clients, sending an access instruction to the target client, so that the target client accesses the container system.
In a second aspect, another embodiment of the present application provides a container system authorization method, which is applied to a second server, and the method includes:
mapping a system information file of a first server into a container file, and reading actual registration information of the first server from the container file;
encrypting according to the actual registration information and the preset authorization information of the second server to generate an encrypted authorization permit;
decrypting the encrypted authorization license, and verifying the authorization license obtained by decryption to obtain a verification result;
and if the verification result indicates that the verification is passed, sending the encrypted authorization license to the first server.
In a third aspect, another embodiment of the present application provides a container system authorization apparatus, including:
the receiving module is used for receiving a container system login request sent by a target client;
the decryption module is used for responding to the container system login request and decrypting the received encrypted authorization license, and the verification module is used for verifying the authorization license obtained by decryption;
and the sending module is used for sending a container system login response to the target client if the verification is passed, so that the target client logs in the container system.
In some embodiments, the authorization license includes: the verification module is specifically configured to:
judging whether the authorization type is a preset type or not, and whether the valid service life meets a preset valid condition or not, so as to obtain a judgment result of the authorization type and a judgment result of the valid service life;
and checking the authorization license according to the judgment result of the authorization type and the judgment result of the valid service life.
In some embodiments, the authorization license further comprises: the verification module is specifically configured to:
if the judgment result of the authorization type indicates that the authorization type is the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server or not;
if the authorization registration information is the same as the actual registration information, determining that the verification is passed;
and if the authorization registration information is different from the actual registration information, determining that the verification fails.
In some embodiments, the verification module is specifically configured to:
and if the judgment result of the authorization type indicates that the authorization type is not the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, determining that the verification is passed.
In some embodiments, further comprising:
a processing module for updating the validity lifetime in the authorization license by performing a timed task.
In some embodiments, the processing module is further configured to: and if the verification is passed, adding the encrypted authorization license to a blacklist.
In some embodiments, the authorization license further comprises: the number of authorized clients corresponding to the container system further includes:
the determining module is used for determining the number of login clients which log in the container system;
the sending module is further configured to send an access prohibition instruction to the target client if the number of the login clients exceeds the number of the authorized clients, so as to prohibit the target client from accessing the container system;
and if the number of the login clients does not exceed the number of the authorized clients, sending an access instruction to the target client, so that the target client accesses the container system.
In a fourth aspect, another embodiment of the present application provides a container system authorization apparatus, including:
the system comprises a processing module, a storage module and a processing module, wherein the processing module is used for mapping a system information file of a first server into a container file and reading actual registration information of the first server from the container file;
the encryption module is used for carrying out encryption processing according to the actual registration information and the preset authorization information of the second server to generate an encrypted authorization permit;
the decryption module is used for decrypting the encrypted authorization license and verifying the authorization license obtained by decryption to obtain a verification result;
and the sending module is used for sending the encrypted authorization license to the first server if the verification result indicates that the verification is passed.
In a fifth aspect, another embodiment of the present application provides a server, including: a processor, a memory and a bus, the memory storing a computer program executable by the processor, the processor and the memory communicating via the bus when the server is running, the processor executing the computer program to perform the method of any of the first aspect.
In a sixth aspect, another embodiment of the present application provides a server, including: a processor, a memory and a bus, the memory storing a computer program executable by the processor, the processor and the memory communicating via the bus when the server is running, the processor executing the computer program to perform the method of the second aspect.
In a seventh aspect, another embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program is executed by a processor to perform the method of any one of the first and second aspects.
The beneficial effect of this application is:
the application provides a container system authorization method and a server, wherein the method comprises the following steps: the first server receives a container system login request sent by the client, the first server responds to the container system login request, the encrypted authorization license is decrypted and verified, and if the verification is passed, the first server sends a container system login response to the client, so that the target client logs in the container system. And authorization of the Docker system is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a first flowchart illustrating an authorization method for a container system according to an embodiment of the present disclosure;
fig. 2 is a second flowchart illustrating an authorization method for a container system according to an embodiment of the present disclosure;
fig. 3 is a third schematic flowchart of an authorization method for a container system according to an embodiment of the present application;
fig. 4 is a fourth schematic flowchart of an authorization method for a container system according to an embodiment of the present application;
fig. 5 is a fifth flowchart illustrating an authorization method for a container system according to an embodiment of the present application;
fig. 6 is a first schematic structural diagram of an authorization apparatus of a container system according to an embodiment of the present disclosure;
fig. 7 is a second schematic structural diagram of an authorization apparatus of a container system according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that in the embodiments of the present application, the term "comprising" is used to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
The Docker is an open-source application container engine, and due to the characteristic of isolation among services of the Docker system, the current software authorization scheme cannot be adapted to the Docker system and cannot authorize the Docker system. Based on this, the application provides a software authorization and authentication scheme which is flexible and effective for a Docker system, has wider applicability, is safer, and controls more effective software, and by reading registration information of a server deploying the Docker system, generating a corresponding authorization license by using a license generation module, verifying the authorization license by using a license verification module, and performing service authorization (that is, when the verification passes, the authorization license is sent to the server deploying the Docker system), verifying the authorization license by using a service verification module of the server deploying the Docker system, and updating an authorization state (that is, if the verification passes, a client can log in a container system), thereby realizing authorization of the Docker system.
The container system authorization method provided by the present application is described in detail below with reference to several specific embodiments.
Fig. 1 is a first schematic flowchart of a container system authorization method provided in an embodiment of the present application, and as shown in fig. 1, the method includes:
s101, the first server receives a container system login request sent by a client.
S102, the first server responds to the container system login request, decrypts the encrypted authorization license, and verifies the authorization license obtained through decryption.
S103, if the verification is passed, the first server sends a container system login response to the target client, so that the target client logs in the container system.
The target client may be any client with a container system deployed thereon, the first server is deployed with a container system, and the container system may be a Docker system.
The client sends a container system login request to a first server, the first server receives the container system login request sent by a target client, decrypts the received encrypted authorization license and verifies the authorization license obtained by decryption, wherein the encrypted authorization license is sent to the first server by a second server, the second server is an authorization management server of the container system, that is, the second server generates an authorization license in advance and encrypts the authorization license to obtain the encrypted authorization license, the encrypted authorization license is sent to the first server, the first server can store the encrypted authorization license, and the encrypted authorization license is decrypted in response to the container system login request sent by the target client, and the decrypted authorization license is verified.
The encrypted authorization license may be obtained by encrypting the authorization license by using an Encryption Algorithm, where the Encryption Algorithm includes, but is not limited to, Advanced Encryption Standard (AES), MD5 Message Digest Algorithm (MD5 Message-Digest Algorithm, MD5) to ensure security of transmission content.
And if the verification is passed, the first server sends a container system login response to the target client, so that the target client logs in the container system. In some embodiments, the method further comprises:
if the verification passes, the encrypted authorization license is added to the blacklist.
If the verification is passed, the encrypted authorization license is added into the blacklist, so that the encrypted authorization license is prevented from being reused when a container system login request sent by the client is received next time, and multiple uses of a single authorization license are also avoided.
It should be noted that the authorization license includes an effective usage period of the container system, the first server may verify whether the effective usage period of the container system satisfies a preset effective condition when verifying the authorization license, if the preset effective condition is satisfied, it is indicated that the first server and the client may use the container system in the effective trial period, and if the preset effective condition is not satisfied, it is indicated that the first server and the client may not use the container system, where the preset effective condition may be that the effective trial period is greater than zero days.
In addition, the encrypted authorization license may be uploaded to a management page of the container system of the first server, so that the first server decrypts the encrypted authorization license in a container environment corresponding to the container system, and verifies the authorization license obtained by decryption.
In the container system authorization method of this embodiment, the first server receives a container system login request sent by the client, and the first server responds to the container system login request, decrypts the encrypted authorization license, verifies the authorization license obtained by decryption, and sends a container system login response to the client if verification passes, so that the target client logs in the container system. And authorization of the Docker system is realized.
Fig. 2 is a second flowchart illustrating a container system authorization method according to an embodiment of the present application, as shown in fig. 2, in step S102, the verifying, by the first server, the authorization license obtained by decrypting includes:
s201, the first server judges whether the authorization type is a preset type or not, whether the valid service life meets a preset valid condition or not, and a judgment result of the authorization type and a judgment result of the valid service life are obtained.
The preset type can be a formal use type of the container system, and the authorization license comprises the following steps: the type of authorization and the expiration date of the authorization license.
The first server decrypts the encrypted authorization license to obtain the authorization license, then verifies the authorization type in the authorization license, judges whether the authorization type is a preset type, obtains a judgment result of the authorization type, and judges whether the valid use period meets a preset valid condition to obtain a judgment result of the valid use period, wherein the preset valid condition can be that the valid use period is longer than zero days.
S202, the first server verifies the authorization license according to the judgment result of the authorization type and the judgment result of the valid service life.
The first server verifies the authorization license according to the judgment result of the authorization type and the judgment result of the valid use period, and in some embodiments, if the judgment result of the authorization type indicates that the authorization type of the container system is a preset type and the judgment result of the valid use period indicates that the valid use period meets a preset valid condition, it is determined that the authorization license is verified to be passed.
In some embodiments, if the determination result of the authorization type indicates that the authorization type of the container system is not the preset type and the determination result of the valid use period indicates that the valid use period satisfies the preset valid condition, it is determined that the verification is passed, that is, if the authorization type of the container system is the built-in trial version, it is further determined whether the determination result of the valid use period indicates that the valid use time satisfies the preset valid condition, and if the valid use time satisfies the preset valid condition, it is determined that the authorization license is verified.
It should be noted that, the validity lifetime satisfies the preset validity condition to indicate that the authorization license is valid, that is, the authorization license is not expired, and if the validity lifetime does not satisfy the preset validity condition to indicate that the authorization license is invalid, that is, the authorization license is expired, the authorization license check fails.
In the container system authorization method of the embodiment, the first server verifies the authorization license according to the authorization type and the valid use period, so that the client can be ensured to use the container system in the valid use period.
Fig. 3 is a third flowchart of an authorization method for a container system according to an embodiment of the present application, and as shown in fig. 3, in step S202, the first server verifies an authorization license according to a determination result of an authorization type and a determination result of an effective usage period, where the verification includes:
s301, if the judgment result of the authorization type indicates that the authorization type is a preset type and the judgment result of the valid use period indicates that the valid use period meets a preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server.
S302, if the authorized registration information is the same as the actual registration information, the first server determines that the verification is passed.
S303, if the authorized registration information is different from the actual registration information, the first server determines that the verification fails.
The authorization license further includes authorization registration information of the first server, where the authorization registration information includes, but is not limited to, an identifier of a Central Processing Unit (CPU) of the first server and a Media Access Control Address (MAC), which are included in the authorization license, actual registration information of the first server is actual registration information of the first server, which is obtained when the first server verifies the authorization license, and the actual registration information includes, but is not limited to, an identifier of an actual CPU of the first server, a unique identifier of the first server, such as a MAC Address, and the like.
If the judgment result of the authorization type indicates that the authorization type is a preset type and the judgment result of the valid use period indicates that the valid use period meets a preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server or not, if the authorization registration information is the same as the actual registration information, the authorization license is valid, namely the authorization license passes verification, and if the authorization registration information is not the same as the actual registration information, the authorization license is invalid, namely the authorization license fails verification.
It should be noted that, the authorization license may also include other authorization-related information, such as: the system comprises an authorization unit, the number of authorized login clients and remark descriptions, wherein the authorization unit refers to a software provider of the container system and is used for indicating ownership of software, the number of authorized login clients refers to the number of clients which simultaneously login the container system and are specified by an authorized license, and the remark descriptions refer to some related remark descriptions of the authorized license.
In some embodiments, the method further comprises:
by performing the timed task, the valid use period in the authorization license is updated.
After receiving the encrypted authorization license sent by the second server, the first server can decrypt the encrypted authorization license to obtain the authorization license, wherein the authorization license includes a valid use period of the authorization license, and the first server can execute a timing task to update the valid use period in the authorization license, that is, the first server updates the valid use period in the updated authorization license every time the timing task is executed, so that the influence of the time for maliciously modifying the first server on the valid time of the authorization license can be effectively reduced, that is, the time for maliciously modifying the first server is prevented from prolonging the valid authorization time of the authorization license.
For example, the unit of the valid usage period is day, the timing period of the timing task is one day, if the time for executing the timing task each time is 0 in the morning, the value of the valid usage period in the authorization license is reduced by one each time, or the first server executes the timing task once per minute, one tag (tag) value is recorded, and when the value of the tag is 24 × 60 (one day), the value of the valid usage period in the authorization license is reduced by one.
Fig. 4 is a fourth flowchart of the container system authorization method provided in the embodiment of the present application, as shown in fig. 4, after the first server sends a container system login response to the target client in step S103, the method further includes:
s401, the first server determines the number of login clients which log in the container system.
S402, if the number of the login clients exceeds the number of the authorized clients, the first server sends an access prohibition instruction to the target client so as to prohibit the target client from accessing the container system.
S403, if the number of the login clients does not exceed the number of the authorized clients, the first server sends an access instruction to the target client, so that the target client accesses the container system.
Wherein, the authorization license further comprises: the number of authorized clients corresponding to the container system refers to the number of clients simultaneously logging in the container system specified by the authorization license.
The first server sends a container system login response to the target client, after the target client logs in the container system, the first server can also determine the number of login clients which log in the container system, the login clients comprise the target clients, if the number of the login clients exceeds the number of authorized clients, the first server sends an access prohibition instruction to the target client to prohibit the target client from accessing the container system, and if the number of the login clients does not exceed the number of the authorized clients, the first server sends the access prohibition instruction to the target client to enable the target client to access the container system, namely, the first server realizes client management and control, counts the number of the login clients which log in successfully, and prohibits the target client from accessing when the number of the login clients exceeds the number of the authorized clients.
Fig. 5 is a schematic flowchart of a fifth process of an authorization method for a container system according to an embodiment of the present application, as shown in fig. 5, the method includes:
s501, the second server maps the system information file of the first server into the container file, and reads the actual registration information of the first server from the container file.
The first server may be a user server, the second server may be an authorization management server of the container system, and the second server may obtain a system information file of the first server through the information obtaining service, where the system information file includes actual registration information of the first server, and the actual registration information includes, but is not limited to, an actual CPU identifier of the first server, a unique identifier of the first server such as a MAC address, and the like.
The container system may be a Docket system, and due to the characteristics of virtualization and information isolation of the Docket system, the registration information of the first server cannot be directly read in the Docket system, so in this embodiment, the second server may obtain the system information file of the first server, map the system information file into the container file of the Docket system according to a mapping relationship between the system information file and the container file of the Docket system, and read the actual registration information of the first server from the container file.
For example, for a CPU identifier, based on the characteristics of the virtualization and information isolation of the Docker system, it is impossible to read a relevant CPU identifier in the Docker system, and therefore when the Docker system is deployed and started, the system information file of the first server is mapped to the corresponding container file, and the corresponding CPU information is read in the container file.
For the MAC address, different virtual network IPs are created when the Docker system is created, and since the IPs change in real time, the MAC address cannot be obtained through the IPs, at this time, MAC addresses of all network cards of the first server may be read from the container in a mapping manner, and the read MAC addresses of the network cards are spliced to obtain the MAC address of the first server.
S502, the second server carries out encryption processing according to the actual registration information to generate an encrypted authorization permit.
S503, the second server decrypts the encrypted authorization license and verifies the decrypted authorization license to obtain a verification result.
S504, if the verification result indicates that the verification is passed, the second server sends the encrypted authorization license to the first server.
The second server can encrypt the actual registration information and other authorization information by adopting an encryption algorithm through a preset license authorization tool to generate an encrypted authorization license, wherein the other authorization information comprises: authorization type, valid trial period of authorized license, authorization unit, number of authorized login clients, remark description and the like.
The second server may encrypt the actual registration information and other authorization information by using AES and MD5 algorithms to obtain an authorization license, so as to ensure security of the transmission content, and then the second server may also verify accuracy of the authorization license, so that the second server decrypts the encrypted authorization license and verifies the decrypted authorization license file to obtain a verification result, where the authorization license file may include the authorization registration information of the first server, and the authorization registration information may be the same as or different from the actual registration information, and if the authorization registration information is different from the actual registration information, it indicates that an error exists in the encryption and decryption processes.
In order to ensure the accuracy of the encrypted authorization license sent to the first server, the second server decrypts the encrypted authorization license, verifies authorization registration information in the decrypted authorization license, if the verification result indicates that the authorization registration information is the same as the actual registration information, the verification is passed, and the encrypted authorization license is sent to the first server. If the verification result indicates that the authorized registration information is different from the actual registration information, the verification fails.
In the container system authorization method of the embodiment, after the second server generates the authorization license, the authorization license is verified, and when the verification is passed, the encrypted authorization license is sent to the first server. The accuracy of the transmitted authorization license is guaranteed.
Fig. 6 is a schematic structural diagram of a container system authorization apparatus according to an embodiment of the present disclosure, which may be integrated in a first server. As shown in fig. 6, the apparatus includes:
a receiving module 601, configured to receive a container system login request sent by a target client;
a decryption module 602, configured to respond to the container system login request and decrypt the received encrypted authorization ticket, and a verification module 603, configured to verify the authorization ticket obtained through decryption;
a sending module 604, configured to send a container system login response to the target client if the verification passes, so that the target client logs in the container system.
In some embodiments, the authorization license includes: the authorization type and the valid lifetime, the checking module 603 is specifically configured to:
judging whether the authorization type is a preset type or not, and whether the valid service life meets a preset valid condition or not, so as to obtain a judgment result of the authorization type and a judgment result of the valid service life;
and checking the authorization license according to the judgment result of the authorization type and the judgment result of the valid service life.
In some embodiments, the authorization license further comprises: the verification module 603 is specifically configured to:
if the judgment result of the authorization type indicates that the authorization type is the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server or not;
if the authorization registration information is the same as the actual registration information, determining that the verification is passed;
and if the authorization registration information is different from the actual registration information, determining that the verification fails.
In some embodiments, the verification module 603 is specifically configured to:
and if the judgment result of the authorization type indicates that the authorization type is not the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, determining that the verification is passed.
In some embodiments, further comprising:
a processing module 605 for updating the valid use period in the authorization license by executing a timing task.
In some embodiments, the processing module 605 is further configured to: and if the verification is passed, adding the encrypted authorization license to a blacklist.
In some embodiments, the authorization license further comprises: the number of authorized clients corresponding to the container system further includes:
a determining module 606, configured to determine the number of login clients that login to the container system;
the sending module 604 is further configured to send an access prohibition instruction to the target client if the number of the login clients exceeds the number of the authorized clients, so as to prohibit the target client from accessing the container system;
and if the number of the login clients does not exceed the number of the authorized clients, sending an access instruction to the target client, so that the target client accesses the container system.
The description of the processing flow of each module in the device and the interaction flow between the modules may refer to the related description of the method executed by the first server in the above method embodiment, and will not be described in detail here.
Fig. 7 is a schematic structural diagram of a container system authorization apparatus according to an embodiment of the present application, where the apparatus may be integrated in a second server. As shown in fig. 7, the apparatus includes:
a processing module 701, configured to map a system information file of a first server into a container file, and read actual registration information of the first server from the container file;
an encryption module 702, configured to perform encryption processing according to the actual registration information of the second server and preset authorization information, and generate an encrypted authorization license;
the decryption module 703 is configured to decrypt the encrypted authorization license, and verify the authorization license obtained through decryption to obtain a verification result;
a sending module 704, configured to send the encrypted authorization license to the first server if the verification result indicates that the verification passes.
The description of the processing flow of each module in the device and the interaction flow between the modules may refer to the related description of the method executed by the second server in the above method embodiment, and will not be described in detail here.
Fig. 8 is a schematic structural diagram of a server according to an embodiment of the present application, and as shown in fig. 8, the server includes: a processor 801, a memory 802 and a bus 803, wherein the memory 802 stores a computer program executable by the processor 801, when the server runs, the processor 801 communicates with the memory 802 through the bus 803, and the processor 801 executes the computer program to execute the method executed by the first server in the above method embodiment.
Fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application, and as shown in fig. 9, the server includes: a processor 901, a memory 902 and a bus 903, wherein the memory 902 stores a computer program executable by the processor 901, when the server runs, the processor 901 communicates with the memory 902 through the bus 903, and the processor 901 executes the computer program to execute the method executed by the second server in the above method embodiment.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the above method embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to corresponding processes in the method embodiments, and are not described in detail in this application. In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and there may be other divisions in actual implementation, and for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or modules through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.
Claims (10)
1. A container system authorization method applied to a first server, the method comprising:
receiving a container system login request sent by a target client;
responding to the container system login request, decrypting the received encrypted authorization license, and verifying the authorization license obtained by decryption;
and if the verification is passed, sending a container system login response to the target client, so that the target client logs in the container system.
2. The method of claim 1, wherein the authorization license comprises: the verifying of the decrypted authorization license includes:
judging whether the authorization type is a preset type or not, and whether the valid service life meets a preset valid condition or not, so as to obtain a judgment result of the authorization type and a judgment result of the valid service life;
and checking the authorization license according to the judgment result of the authorization type and the judgment result of the valid service life.
3. The method of claim 2, wherein the authorization license further comprises: the verifying the authorization license according to the judgment result of the authorization type and the judgment result of the valid lifetime of the authorization registration information of the first server includes:
if the judgment result of the authorization type indicates that the authorization type is the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, judging whether the authorization registration information is the same as the actual registration information of the first server or not;
if the authorization registration information is the same as the actual registration information, determining that the verification is passed;
and if the authorization registration information is different from the actual registration information, determining that the verification fails.
4. The method according to claim 3, wherein the verifying the authorization license according to the judgment result of the authorization type and the judgment result of the valid use period further comprises:
and if the judgment result of the authorization type indicates that the authorization type is not the preset type and the judgment result of the valid service life indicates that the valid service life meets the preset valid condition, determining that the verification is passed.
5. The method of claim 2, further comprising:
updating the valid use period in the authorization license by performing a timed task.
6. The method of claim 1, further comprising:
and if the verification is passed, adding the encrypted authorization license to a blacklist.
7. The method of claim 1, wherein the authorization license further comprises: the number of authorized clients corresponding to the container system, after sending a container system login response to the client, the method further comprises:
determining the number of login clients logging into the container system;
if the number of the login clients exceeds the number of the authorized clients, sending an access prohibition indication to the target client to prohibit the target client from accessing the container system;
and if the number of the login clients does not exceed the number of the authorized clients, sending an access instruction to the target client, so that the target client accesses the container system.
8. A container system authorization method applied to a second server, the method comprising:
mapping a system information file of a first server into a container file, and reading actual registration information of the first server from the container file;
carrying out encryption processing according to the actual registration information to generate an encrypted authorization license;
decrypting the encrypted authorization license, and verifying the authorization license obtained by decryption to obtain a verification result;
and if the verification result indicates that the verification is passed, sending the encrypted authorization license to the first server.
9. A server, comprising: a processor, a memory and a bus, the memory storing a computer program executable by the processor, the processor and the memory communicating via the bus when the server is running, the processor executing the computer program to perform the method of any of claims 1 to 7.
10. A server, comprising: a processor, a memory and a bus, the memory storing a computer program executable by the processor, the processor and the memory communicating via the bus when the server is running, the processor executing the computer program to perform the method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637932.3A CN114282179A (en) | 2021-12-29 | 2021-12-29 | Container system authorization method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637932.3A CN114282179A (en) | 2021-12-29 | 2021-12-29 | Container system authorization method and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114282179A true CN114282179A (en) | 2022-04-05 |
Family
ID=80878084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111637932.3A Pending CN114282179A (en) | 2021-12-29 | 2021-12-29 | Container system authorization method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282179A (en) |
-
2021
- 2021-12-29 CN CN202111637932.3A patent/CN114282179A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200242218A1 (en) | Systems and methods for providing identity assurance for decentralized applications | |
| JP5747981B2 (en) | System and method for remote maintenance of multiple clients in an electronic network using virtual machines | |
| EP3275159B1 (en) | Technologies for secure server access using a trusted license agent | |
| JP2021513691A (en) | Methods and systems to secure communication between the host system and the data processing accelerator | |
| CN113098697B (en) | Block chain data writing and accessing method and device | |
| CN113259123B (en) | Block chain data writing and accessing method and device | |
| US20150047001A1 (en) | Application program execution device | |
| CN113726743A (en) | Method, device, equipment and medium for detecting network replay attack | |
| JP2008176741A (en) | Client terminal, service providing server, service providing system, control method, and service providing method | |
| CN114282179A (en) | Container system authorization method and server | |
| CN113556365B (en) | Authentication result data transmission system, method and device | |
| CN112631735A (en) | Virtual machine authorization management method and device, electronic equipment and storage medium | |
| JP2021114100A (en) | File management system, file management method, and file management program | |
| CN117254969A (en) | Registration authentication method for intelligent equipment accessing to Internet of things system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |