CN114785578A - Rpc service authority management method and system - Google Patents
Rpc service authority management method and system Download PDFInfo
- Publication number
- CN114785578A CN114785578A CN202210384649.2A CN202210384649A CN114785578A CN 114785578 A CN114785578 A CN 114785578A CN 202210384649 A CN202210384649 A CN 202210384649A CN 114785578 A CN114785578 A CN 114785578A
- Authority
- CN
- China
- Prior art keywords
- micro
- service
- client
- authority
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a rpc service authority management method, which comprises the following steps: step S1, creating a micro-service record in a database of the micro-service terminal; step S2, the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record; step S3, the micro service end reads the authority information of the micro service at regular time according to the mark of the micro service after starting, and stores the authority information in the memory; step S4, before the client accesses the grpc method provided by the micro service, signature information needs to be provided; step S5, after receiving the request of the client, the micro-service end reads the head of the client request from the authentication middleware of the micro-service end, screens the authority information of the client from the memory and checks the authority information; step S6, the background newly added authority configuration data of the micro-server side is notified to the micro-server side through the mq message queue, the message is written into the mq message queue, and the micro-server side consumes the message; the method can be realized in a micro-service system, and the permission configuration of a grpc method is met.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for managing rpc service authority.
Background
The communication mode of the micro-service is different from the http interface request mode of the traditional single application, and the services are communicated through grpc remote procedure call to request or acquire service data. The grpc access authority of the micro-service is managed, the common mode is that the micro-service is deployed in a network segment, and the micro-service cannot be accessed externally through a mode of limiting an intranet port. However, this method is not fine and smooth enough to satisfy finer authority management, for example, the client a can only access the grpc method 1 of the server B, but not allow the client a to access the grpc method 2 of the server B, and in this case, the method of restricting the intranet port cannot satisfy the requirement.
Disclosure of Invention
In order to overcome the above problems, the present invention provides a method for satisfying the permission configuration of a grpc method in a microservice system.
The invention is realized by adopting the following scheme: a method of rpc service rights management, the method comprising the steps of:
step S1, creating a micro service record in a database of the micro service terminal;
step S2, the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record;
step S3, the micro service end reads the authority information of the micro service at regular time according to the mark of the micro service after starting, and stores the authority information in the memory;
step S4, before the client accesses the grpc method provided by the micro service, signature information needs to be provided and stored in the head of the request;
step S5, after receiving the request of the client, the micro-service end reads the head of the client request from the authentication middleware of the micro-service end, screens the authority information of the client from the memory and checks the authority information;
and step S6, the background newly added authority configuration data of the micro-service end is notified to the micro-service end through the mq message queue, the message is written into the mq message queue, the micro-service end consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro-service, so that the timely updating is realized.
Further, the step S1 is further specifically: creating a micro-service record in a database of a micro-service end, providing a micro-service name and a service identifier, generating the micro-service record, creating an RPC service method record, providing the service identifier and a grpc method packet path, and generating the service method record.
Further, the step S2 is further specifically: the client applies for the authority of the target micro-service method to be accessed to the background of the micro-service end, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
Further, the step S3 is further specifically: the step S3 further includes: after the micro server is started, the authority information belonging to the micro server is read every 10 minutes according to the identification of the micro server, and the identification is formed by using the object name and the grpc method packet path and stored in a dictionary map structure in an internal memory of the micro server.
Further, the step S4 is further specifically: before accessing a grpc method provided by a target service, a client needs to bring signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
Further, the step S5 is further specifically: after receiving the request, the micro-server reads the client user name in the head part and the grpc method packet path called by the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, checks whether an IP is legal, and checks whether signature summary character strings are consistent.
Further, the step S6 is further specifically: and (4) the background of the micro server adds the authority configuration data, the micro server is informed by using the mq message queue, a message is written into the mq message queue, the micro server consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro service, so that the micro service can be updated in time.
The invention also provides a rpc service authority management system, which comprises a creating module, a generating module, a starting module, an accessing module, a receiving module and a notification module, wherein the creating module creates a micro-service record in a database of the micro-service terminal; the generation module, namely the client applies for the micro-service authority to be accessed to the micro-server background, and generates a service authority record; the starting module, namely the micro server side reads the authority information of the micro service at regular time according to the identification of the micro service after starting and stores the authority information in the memory; before the access module, namely the client accesses the grpc method provided by the microservice, signature information needs to be provided and stored at the head of the request; the receiving module, namely the micro-service end, reads the head of the client request in the authentication middleware of the micro-service end after receiving the request of the client, screens the authority information of the client from the memory and checks the authority information; the notification module, namely the background newly added authority configuration data of the micro-service end, notifies the micro-service end through the mq message queue, writes the message into the mq message queue, the micro-service end consumes the message, and re-executes the step S3 to read the related authority configuration information of the micro-service, thereby realizing the timely update.
Further, the creating module is further specifically configured to: creating a micro-service record in a database of a micro-service end, providing a micro-service name and a service identifier, generating the micro-service record, creating an RPC service method record, providing the service identifier and a grpc method packet path, and generating the service method record.
Further, the generating module is further specifically: the client applies for the authority of the target micro-service method to be accessed to the background of the micro-service end, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
Further, the starting module is further specifically: after the micro server is started, the authority information belonging to the micro server is read every 10 minutes according to the identification of the micro server, and the identification is formed by using the object name and the grpc method packet path and stored in a dictionary map structure in an internal memory of the micro server.
Further, the access module is further specifically: before accessing a grpc method provided by a target service, a client needs to take signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
Further, the receiving module is further specifically: after receiving the request, the micro-server reads the client user name in the head part and the grpc method packet path called by the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, whether an IP is legal, and checks whether signature summary character strings are consistent.
Further, the notification module is further specifically: and (4) the background of the micro server adds the authority configuration data, the micro server is informed by using the mq message queue, a message is written into the mq message queue, the micro server consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro service, so that the micro service can be updated in time.
The invention has the beneficial effects that: the invention can meet the authority configuration of a grpc method in a microservice system, and ensures that the system authority management is more detailed.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, a rpc method for managing service rights of the present invention includes the following steps:
step S1, creating a micro-service record in a database of the micro-service terminal;
step S2, the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record;
step S3, the micro service end reads the authority information of the micro service at regular time according to the mark of the micro service after starting, and stores the authority information in the memory;
step S4, before the client accesses the grpc method provided by the micro service, signature information needs to be provided and stored in the head of the request;
step S5, after receiving the request of the client, the micro-service end reads the head of the client request from the authentication middleware of the micro-service end, screens the authority information of the client from the memory and checks the authority information;
and step S6, the background newly-added authority configuration data of the micro-service end is notified to the micro-service end through the mq message queue, a message is written into the mq message queue, the micro-service end consumes the message, and step S3 is executed again to read the related authority configuration information of the micro-service, so that the micro-service can be updated in time.
The invention is further illustrated by the following specific examples:
step one, creating a micro-service record, providing a micro-service name and a service identifier, and generating a service record; and creating an RPC service method record, providing a service identifier and a grpc method packet path, and generating the service method record.
We exemplify the grpc method GetUserInfo of the obtaining user who wants the commodity microservice to access the user microservice. First, a record of user micro service is created in the database, the name of the micro service is user service, the service is identified as micro. Then, creating a grpc method record of the user micro service, wherein the service is identified as micro.svc.user, the grpc method package path is/micro.svc.user/account.GetUserInfo, and the sql statement insert micro _ grpc _ tb (svc _ code, grpc _ pkg) values ('micro.svc.user', 'micro.svc.user/account.GetUserInfo') are executed.
And step two, the client applies for the authority of the target micro-service method to be accessed from the background, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
If a client needs to access a grpc method GetUserInfo of a user microservice and needs to apply for access authority to a background, the client user name is shop, the client user password is pwdshop123, the client server ip is 112.49.230.248, the target service is identified as micro.sv.user, the packet path of the accessed grpc method GetUserInfo is/micro.sv.user/account.GetUserInfo, and sql statements of insert micro _ power _ tb (svc _ code, pc _ pkg, client _ username, client _ pwd, client _ value) values (' micro.sv. user ', ' micro.sv. user/account.GetUserInfo ', ' shot ', ' micro.sv ' sw.sp.123 ', and ' 112.49.230.248 ').
And step three, the micro server side reads authority information belonging to the self service at regular time according to the identification of the self service after being started, and the identification formed by the object name and the grpc method packet path is stored in a dictionary map structure and stored in a memory.
When the user micro service is started, a coroutine is started for asynchronously and regularly reading the authority configuration information of the service, and the authority configuration information is read every 10 minutes. And executing a statement select from micro _ power _ tb _ where _ svc _ code ═ micro.svc.user' to obtain a permission powerinfo set under the service, wherein the data comprise { "svc _ code" { "micro.svc.user", "grpc _ pkg": "/micro.svc.user/account.GetUserInfo", "client _ user": clip "," client _ pwd ": pwdshop 123", "client _ ip": 112.49.230.248 "}. Defining a map field variable var _ powerMap map [ string ] [ powerinfo ], circularly obtaining a data authority set, and using an object name and a grpc method packet path composition identifier to be stored in the _ powerMap, wherein the data identifier in the example is key "/micro.
And step four, before the client accesses a grpc method provided by the target service, signature information needs to be brought together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
The client accesses the grpc method GetUserInfo of the user microservice in the following calling mode: GetUserInfo (& UserReq { "UserID": 88888}), the user needs to bring signature information together and store the signature information in the head for the user microservice to check whether the user has the access right. The client user name Head [ client _ username ] ═ shop ", the current timestamp Head [ timestamp ] -" 1649070572000 ", the organization rule of the signature digest string is (client _ username + timestamp + json string requesting data + client _ pwd) MD5, the signature digest string is stored in Head [ check ] -" 4C849465152949F8E313BF A0EDCF4 ", Head is stored in the context of go, and the following user client.
After receiving the request, the micro server reads the client user name in the head and the method packet path of the called grpc of the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, checks whether an IP is legal, and checks whether signature summary character strings are consistent.
The service authentication middleware has the functions that before the grpc method is executed, the service authentication middleware firstly passes through the authentication middleware, authority judgment is firstly carried out in the authentication middleware, if the client side is judged to have no authority, the request is directly intercepted, failure is returned, and if the client side has the authority, the request is released.
Firstly, reading timestamp information in Head [ timestamp ], converting the timestamp information into time, judging whether the time difference with the current time of the server exceeds 10 minutes, and if the time difference exceeds 10 minutes, returning failure.
And reading the Head [ client _ user name ] to obtain a client user name, knowing that the grpc packet path of the requested GetUserInfo is/micro.sv.user/account.GetUserInfo by the authentication middleware, and searching whether the key in the _ powerMap is data of "/micro.sv.user/account.GetUserInfo _ shop". Get { "svc _ code": micro. svc. user "," grpc _ pkg ": micro. svc. user/account. GetUserInfo", "client _ user": short "," client _ pwd ": pwdshop 123", "client _ ip": 112.49.230.248 ".
A determination is made as to whether the client IP equals 112.49.230.248, and an inequality returns a failure.
Reading Head [ check ] to obtain a client signature summary character string, judging whether the summary character strings are consistent according to a formula (client _ username + timetag + json string of request data + client _ pwd) MD5, if not, returning failure, and if so, successfully authenticating.
And step six, newly adding authority configuration data in the background, notifying the micro server by using the mq, writing a message into the mq, consuming the message by the micro server, and re-executing the step three to read the relevant authority configuration information of the service so as to update in time.
And if the background has newly added authority configuration data, namely the micro _ power _ tb authority configuration table has newly added or updated operation, generating a notification message to the mq, wherein the mq queue name is a notify _ microservice identifier, and if the authority configuration table has newly added data about the micro.
And the user micro server monitors the notification with the mq queue name of notify _ micro.svc.
The invention discloses a method for managing the authority of a micro-service grpc method, which comprises the following steps: 1. creating a micro-service record, providing a service name and a service identifier to generate a service record; and creating rpc a service method record, and providing the service identification and the grpc method package path to generate a service method record. 2. The client applies for the authority of the target micro-service method to be accessed from the background, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record. 3. After the micro server is started, the authority information belonging to the micro server is read at regular time according to the identification of the micro server, and the identification formed by the object name and the grpc method packet path is stored in a dictionary map structure and stored in a memory. 4. Before accessing a grpc method provided by a target service, a client needs to carry the following signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request. 5. After receiving the request, the micro-server reads the client user name in the head part and the method packet path of the called grpc of the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, checks whether an IP is legal, and checks whether signature summary character strings are consistent. 6. And (4) adding permission configuration data in the background, notifying the micro server by using the mq message queue, writing a message into the mq message queue, consuming the message by the micro server, and re-executing the step three to read the relevant permission configuration information of the service so as to update in time.
The invention also provides a rpc service authority management system, which comprises a creating module, a generating module, a starting module, an accessing module, a receiving module and a notification module, wherein the creating module creates a micro-service record in a database of the micro-service terminal; the generation module, namely the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record; the starting module, namely the micro server side reads the authority information of the micro service at regular time according to the identification of the micro service after starting and stores the authority information in the memory; the access module, namely before the client accesses the grpc method provided by the microservice, needs to provide signature information and stores the signature information in the head of the request; the receiving module, namely the micro service end, reads the head of the client request in the authentication middleware of the micro service end after receiving the client request, screens the authority information of the client from the memory and checks the authority information; the notification module, namely the background newly-added authority configuration data of the micro-service end, notifies the micro-service end through the mq message queue, writes the message into the mq message queue, and the micro-service end consumes the message and re-executes the step S3 to read the related authority configuration information of the micro-service, thereby realizing timely update.
The creating module is further specifically: creating a micro-service record in a database of a micro-service end, providing a micro-service name and a service identifier, generating the micro-service record, creating an RPC service method record, providing the service identifier and a grpc method package path, and generating the service method record.
The generation module is further specifically: the client applies for the authority of the target micro-service method to be accessed to the background of the micro-service end, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
The starting module is further specifically: after the micro server is started, the authority information belonging to the micro server is read every 10 minutes according to the identification of the micro server, and the identification is formed by using the object name and the grpc method packet path and stored in a dictionary map structure in an internal memory of the micro server.
The access module is further specifically: before accessing a grpc method provided by a target service, a client needs to bring signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
The receiving module is further specifically: after receiving the request, the micro-server reads the client user name in the head part and the grpc method packet path called by the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, checks whether an IP is legal, and checks whether signature summary character strings are consistent.
The notification module is further specifically: and (4) the background of the micro server adds the authority configuration data, the micro server is informed by using the mq message queue, a message is written into the mq message queue, the micro server consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro service, so that the micro service can be updated in time.
The above description is only a preferred embodiment of the present invention, and all the equivalent changes and modifications made according to the claims of the present invention should be covered by the present invention.
Claims (14)
1. A method of rpc service rights management, the method comprising the steps of:
step S1, creating a micro service record in a database of the micro service terminal;
step S2, the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record;
step S3, the micro service end reads the authority information of the micro service at regular time according to the identification of the micro service after starting, and stores the authority information in the memory;
step S4, before the client accesses the grpc method provided by the micro service, signature information needs to be provided and stored in the head of the request;
step S5, after receiving the request of the client, the micro-server reads the head of the client request from the authentication middleware of the micro-server, screens the authority information of the client from the memory and checks the authority information;
and step S6, the background newly-added authority configuration data of the micro-service end is notified to the micro-service end through the mq message queue, a message is written into the mq message queue, the micro-service end consumes the message, and step S3 is executed again to read the related authority configuration information of the micro-service, so that the micro-service can be updated in time.
2. The method rpc service right management according to claim 1, wherein: the step S1 further includes: creating a micro-service record in a database of a micro-service end, providing a micro-service name and a service identifier, generating the micro-service record, creating an RPC service method record, providing the service identifier and a grpc method packet path, and generating the service method record.
3. A method rpc for service rights management, according to claim 1, wherein: the step S2 further includes: the client applies for the authority of the target micro-service method to be accessed to the background of the micro-service end, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
4. The method rpc service right management according to claim 1, wherein: the step S3 further includes: the step S3 further includes: after the micro server is started, the authority information belonging to the micro server is read every 10 minutes according to the identification of the micro server, and the identification is formed by using the object name and the grpc method packet path and stored in a dictionary map structure in an internal memory of the micro server.
5. The method rpc service right management according to claim 1, wherein: the step S4 further includes: before accessing a grpc method provided by a target service, a client needs to take signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
6. A method rpc for service rights management, according to claim 1, wherein: the step S5 further includes: after receiving the request, the micro-server reads the client user name in the head part and the grpc method packet path called by the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, whether an IP is legal, and checks whether signature summary character strings are consistent.
7. A method rpc for service rights management, according to claim 1, wherein: the step S6 further includes: and (4) the background of the micro server adds authority configuration data, the micro server is informed to the micro server by using the mq message queue, a message is written into the mq message queue, the micro server consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro service, so that the micro service can be updated in time.
8. A system for rpc service rights management, comprising: the system comprises a creating module, a generating module, a starting module, an accessing module, a receiving module and a notification module, wherein the creating module is used for creating a micro-service record in a database of a micro-service terminal; the generation module, namely the client applies for the micro service authority to be accessed to the micro server background to generate a service authority record; the starting module, namely the micro server side reads the authority information of the micro service at regular time according to the identification of the micro service after starting and stores the authority information in the memory; the access module, namely before the client accesses the grpc method provided by the microservice, needs to provide signature information and stores the signature information in the head of the request; the receiving module, namely the micro service end, reads the head of the client request in the authentication middleware of the micro service end after receiving the client request, screens the authority information of the client from the memory and checks the authority information; the notification module, namely the background newly-added authority configuration data of the micro-service end, notifies the micro-service end through the mq message queue, writes the message into the mq message queue, and the micro-service end consumes the message and re-executes the step S3 to read the related authority configuration information of the micro-service, thereby realizing timely update.
9. A rpc service right management system according to claim 8, wherein: the creating module is further specifically: creating a micro-service record in a database of a micro-service end, providing a micro-service name and a service identifier, generating the micro-service record, creating an RPC service method record, providing the service identifier and a grpc method package path, and generating the service method record.
10. A system rpc for service rights management, according to claim 8, wherein: the generation module is further specifically: the client applies for the authority of the target micro-service method to be accessed to the background of the micro-service end, provides a client user name, a client user password, a client server IP, a target service identifier and an access grpc method packet path, and generates a service authority record.
11. A system rpc for service rights management, according to claim 8, wherein: the starting module is further specifically: after the micro server is started, the authority information belonging to the micro server is read every 10 minutes according to the identification of the micro server, and the identification is formed by using the object name and the grpc method packet path and stored in a dictionary map structure in an internal memory of the micro server.
12. A rpc service right management system according to claim 8, wherein: the access module is further specifically: before accessing a grpc method provided by a target service, a client needs to bring signature information together: and storing the client user name, the current timestamp and the signature summary character string in the head of the request.
13. A system rpc for service rights management, according to claim 8, wherein: the receiving module is further specifically: after receiving the request, the micro-server reads the client user name in the head part and the grpc method packet path called by the service in the authentication middleware of the server, screens authority information of the client user name from a dictionary map of a memory, checks whether a time stamp is within 5 minutes, whether an IP is legal, and checks whether signature summary character strings are consistent.
14. A rpc service right management system according to claim 8, wherein: the notification module is further specifically: and (4) the background of the micro server adds the authority configuration data, the micro server is informed by using the mq message queue, a message is written into the mq message queue, the micro server consumes the message, and the step S3 is executed again to read the related authority configuration information of the micro service, so that the micro service can be updated in time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210384649.2A CN114785578B (en) | 2022-04-13 | 2022-04-13 | Rpc service authority management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210384649.2A CN114785578B (en) | 2022-04-13 | 2022-04-13 | Rpc service authority management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114785578A true CN114785578A (en) | 2022-07-22 |
| CN114785578B CN114785578B (en) | 2023-09-29 |
Family
ID=82429509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210384649.2A Active CN114785578B (en) | 2022-04-13 | 2022-04-13 | Rpc service authority management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114785578B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170331812A1 (en) * | 2016-05-11 | 2017-11-16 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
| US20180041491A1 (en) * | 2016-08-05 | 2018-02-08 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
| CN110995702A (en) * | 2019-12-02 | 2020-04-10 | 杭州安恒信息技术股份有限公司 | User authentication method based on distributed micro service |
| CN111600899A (en) * | 2020-05-25 | 2020-08-28 | 华人运通(上海)云计算科技有限公司 | Micro-service access control method and device, electronic equipment and storage medium |
| WO2021022792A1 (en) * | 2019-08-02 | 2021-02-11 | 创新先进技术有限公司 | Authentication and service serving methods and apparatuses, and device |
| CN112367321A (en) * | 2020-11-10 | 2021-02-12 | 苏州万店掌网络科技有限公司 | Method for quickly constructing service call and middle station API gateway |
| CN113055367A (en) * | 2021-03-08 | 2021-06-29 | 浪潮云信息技术股份公司 | Method and system for realizing micro-service gateway authentication |
| US20210314342A1 (en) * | 2019-07-25 | 2021-10-07 | Deepfactor, Inc. | Systems, methods, and computer-readable media for executing a web application scan service |
| CN113505382A (en) * | 2021-06-18 | 2021-10-15 | 杭州华橙软件技术有限公司 | Micro-service authentication method, electronic device and storage medium |
| CN113676336A (en) * | 2021-10-22 | 2021-11-19 | 深圳市明源云采购科技有限公司 | Microservice access proxy method, apparatus and storage medium |
-
2022
- 2022-04-13 CN CN202210384649.2A patent/CN114785578B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170331812A1 (en) * | 2016-05-11 | 2017-11-16 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
| US20180041491A1 (en) * | 2016-08-05 | 2018-02-08 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
| US20210314342A1 (en) * | 2019-07-25 | 2021-10-07 | Deepfactor, Inc. | Systems, methods, and computer-readable media for executing a web application scan service |
| WO2021022792A1 (en) * | 2019-08-02 | 2021-02-11 | 创新先进技术有限公司 | Authentication and service serving methods and apparatuses, and device |
| CN110995702A (en) * | 2019-12-02 | 2020-04-10 | 杭州安恒信息技术股份有限公司 | User authentication method based on distributed micro service |
| CN111600899A (en) * | 2020-05-25 | 2020-08-28 | 华人运通(上海)云计算科技有限公司 | Micro-service access control method and device, electronic equipment and storage medium |
| CN112367321A (en) * | 2020-11-10 | 2021-02-12 | 苏州万店掌网络科技有限公司 | Method for quickly constructing service call and middle station API gateway |
| CN113055367A (en) * | 2021-03-08 | 2021-06-29 | 浪潮云信息技术股份公司 | Method and system for realizing micro-service gateway authentication |
| CN113505382A (en) * | 2021-06-18 | 2021-10-15 | 杭州华橙软件技术有限公司 | Micro-service authentication method, electronic device and storage medium |
| CN113676336A (en) * | 2021-10-22 | 2021-11-19 | 深圳市明源云采购科技有限公司 | Microservice access proxy method, apparatus and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114785578B (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10887081B2 (en) | Audit trail configuration in a blockchain | |
| US11762970B2 (en) | Fine-grained structured data store access using federated identity management | |
| US11601414B2 (en) | Contact consolidation across multiple services | |
| US9047392B2 (en) | System and method for conversion of JMS message data into database transactions for application to multiple heterogeneous databases | |
| US9817703B1 (en) | Distributed lock management using conditional updates to a distributed key value data store | |
| US8489550B2 (en) | Multi-tenancy data storage and access method and apparatus | |
| US7167874B2 (en) | System and method for command line administration of project spaces using XML objects | |
| WO2021151316A1 (en) | Method and apparatus for querying data, electronic device, and storage medium | |
| CN110765484B (en) | Credit data processing method and electronic equipment | |
| US20060259960A1 (en) | Server, method and program product for management of password policy information | |
| JP2005535947A (en) | System and method for accessing different types of back-end data stores | |
| US8090853B2 (en) | Data access control | |
| US20100250603A1 (en) | System and Method of Performing Risk Analysis using a Portal | |
| AU2012337242A1 (en) | Systems and methods for dynamic service integration | |
| US9355270B2 (en) | Security configuration systems and methods for portal users in a multi-tenant database environment | |
| US8140470B2 (en) | Unified and extensible implementation of a change state ID for update services based on a hash calculation | |
| US7707504B2 (en) | Offline configuration tool for secure store administration | |
| CN113780789A (en) | Unified data access service type fine-grained authority control method and system | |
| CN114785578A (en) | Rpc service authority management method and system | |
| CN116010926A (en) | Login authentication method, login authentication device, computer equipment and storage medium | |
| CN112583890B (en) | Message pushing method and device based on enterprise office system and computer equipment | |
| CN111913928A (en) | Distributed small file system, method, storage medium and electronic equipment for block storage | |
| US11768819B2 (en) | Data unblocking in application platforms | |
| US20230376628A1 (en) | Privacy Manager for Connected TV and Over-the-Top Applications | |
| CN113542245B (en) | Data traffic monitoring method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |