CN115208693A - Security access control method and device based on micro-service - Google Patents
Security access control method and device based on micro-service Download PDFInfo
- Publication number
- CN115208693A CN115208693A CN202211098463.7A CN202211098463A CN115208693A CN 115208693 A CN115208693 A CN 115208693A CN 202211098463 A CN202211098463 A CN 202211098463A CN 115208693 A CN115208693 A CN 115208693A
- Authority
- CN
- China
- Prior art keywords
- access
- service
- micro
- user
- microservice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a security access control method and a security access control device based on microservices, and also discloses an electronic device and a non-transient computer readable storage medium, which relate to the technical field of data access, and the method comprises the following steps: acquiring access roles of the user for different micro services based on the user information, and acquiring access permissions of the user for different micro services based on the access roles; respectively responding to the access actions of the user aiming at different micro services based on the access authority; the micro service carries an effective access time period, and the micro service can be executed with access action in the effective access time period; otherwise, the microservice cannot be performed the access action. The security access control method and device based on the microservice provided by the invention enable a user to get rid of the limitation that different processes on a certain program can only have single access authority, realize independent access and data acquisition of the same user on different processes, and improve the access efficiency and the access security.
Description
Technical Field
The invention relates to the technical field of data access, in particular to a security access control method and device based on microservice.
Background
With the rapid development of the internet industry, application systems need to use a large amount of data resources, and data services are a way to provide data for the application systems through data interfaces. When a user accesses an application system, access rights need to be controlled, wherein how to perform secure access control on data services in the application system becomes an important content.
At present, the following technologies mainly exist in data service access control: 1) autonomous Access Control method (DAC), 2) Mandatory Access Control Method (MAC), and 3) Role-Based Access Control method (RBAC), but all of the above methods have respective disadvantages, which result in that Access Control to data services cannot meet the purpose of being efficient and secure.
Disclosure of Invention
The invention aims to provide a security access control method and a security access control device based on microservices, which are used for solving the defects in the prior art, and the technical problem to be solved by the invention is realized by the following technical scheme.
The invention provides a security access control method based on microservice, which is applied to an internal system and comprises the following steps:
acquiring access roles of users aiming at different micro services based on user information, and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program;
respectively responding to the access actions of the user for different micro services based on the access authority;
the microservice carries an effective access time period within which the microservice can be subjected to access actions; otherwise, the microservice cannot be performed an access action.
According to the security access control method based on the microservice, provided by the invention, the program operation authority comprises at least one of data storage authority, data deletion authority, data modification authority and data searching authority.
The invention provides a security access control method based on micro-service, which is applied to an external system and comprises the following steps:
when the method is applied to the single micro service, a post request sent by a user is received;
reading the service code in the url and the user information in the request body;
verifying whether the service code and the user information are matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
According to the safety access control method based on the micro-service, provided by the invention, the request body also comprises data query time information, whether the service code, the user information and the data query time information are matched with preset information is verified, and if the service code, the user information and the data query time information are matched with the preset information, the user is allowed to execute an access action on the micro-service; and if not, the feedback matching fails.
According to the security access control method based on the micro service provided by the invention, the method further comprises the following steps:
when the method is applied to a plurality of micro services, the access authority of a user for a micro service group is obtained based on user information, the micro service group is formed by combining a plurality of micro services according to a preset sequence, and when the access authority does not exist, the access failure of the micro service group is fed back;
and when the access authority exists, sequentially accessing a plurality of micro services in the micro service group, feeding back access data when the micro service access is successful, and feeding back the micro service access failure and skipping to execute the access process of the next micro service in the micro service group when the micro service access failure occurs.
The invention also provides a security access control device based on micro-service, which is applied to an internal system and comprises:
the permission acquisition module is used for acquiring access roles of users aiming at different micro services based on user information and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program;
the micro service carries an effective access time period, and the micro service can be executed with the access action in the effective access time period; otherwise, the microservice cannot be performed an access action.
The invention also provides a security access control device based on micro-service, which is applied to an external system and comprises:
the receiving module is used for receiving a post request sent by a user;
the reading module is used for reading the service code in the url and the user information in the request body;
the verification module is used for verifying whether the user information is matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
The invention also provides an electronic device, comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of the microservice-based security access control method.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the microservice-based security access control method as described in any of the above.
The present invention also provides a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the microservice-based security access control method as described in any of the above.
The embodiment of the invention has the following advantages:
the access roles of the users are acquired according to the user information, and the access roles express the access authority of the users to different micro services, so that the same user can access the micro services on the basis of different access roles; based on the method, the user gets rid of the limitation that different processes on a certain program can only have single access authority, the independent access and data acquisition of the same user on different processes are realized, and the access efficiency and the access safety degree are improved; meanwhile, the effective time period is set during service release, so that a user has service access authority in a specific time period, and a service provider can perform data service maintenance operation outside the effective time period, thereby ensuring the timeliness of the data service and performing periodic update maintenance.
Drawings
FIG. 1 is a schematic flow chart of a security access control method based on microservice provided by the present invention;
FIG. 2 is a second flowchart of the security access control method based on microservices according to the present invention;
FIG. 3 is a third flowchart of the microservice-based security access control method provided by the present invention;
FIG. 4 is a fourth flowchart of the security access control method based on microservices provided by the present invention;
FIG. 5 is a fifth flowchart of the security access control method based on microservice provided by the present invention;
FIG. 6 is a sixth schematic flow chart of the security access control method based on microservice provided by the present invention;
FIG. 7 is a seventh schematic flow chart of a security access control method based on microservice provided by the present invention;
FIG. 8 is a schematic diagram of a micro-service based security access control device according to the present invention;
FIG. 9 is a second schematic structural diagram of a security access control device based on microservice provided by the present invention;
fig. 10 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
It should be noted that the above detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular is intended to include the plural unless the context clearly indicates otherwise. Furthermore, it will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the accompanying drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in other sequences than those illustrated or otherwise described herein.
Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic flow chart of a security access control method based on microservices provided by the present invention, which is applied to an internal system, and as shown in fig. 1, the method includes:
step S110, acquiring access roles of a user for different micro services based on user information, and acquiring access permissions of the user for the different micro services based on the access roles, wherein the micro services are processes from at least one program;
step S120, respectively responding to the access actions of the user aiming at different micro services based on the access authority, wherein the micro services carry effective access time periods, and the micro services can be executed with the access actions in the effective access time periods; otherwise, the microservice cannot be performed an access action.
It should be noted that the access role expresses the size of the access right of the user to the microservice, that is, the size of the access right of the user to a certain process in the program, and the specific access role includes: the access authority of the roles is sequentially reduced, and the specific access authority content can be preset as required; meanwhile, aiming at the situation that the content in a certain fixed micro service is not invariable, when the content of the micro service is changed, the micro service on the system platform needs to be updated, the method can limit the micro service to be accessed in an effective period, and regularly updates the micro service in non-access time.
For example, a user can access a target micro service within the effective time, so that the timeliness of the micro service is guaranteed, and a micro service provider sets an effective time period on a service release page to specify the specific time that the user can access.
According to the security access control method based on the micro-service, the access role of the user is obtained according to the user information, so that the same user can access different micro-services based on different access roles; based on the method, the user gets rid of the limitation that different processes on a certain program can only have single access authority, the independent access and data acquisition of the same user on different processes are realized, and the access efficiency and the access safety degree are improved; meanwhile, the effective time period is set during service release, so that a user has service access authority in a specific time period, and a service provider can perform data service maintenance operation outside the effective time period, thereby ensuring the timeliness of the data service and performing periodic update maintenance.
According to the security access control method based on the micro-service, provided by the invention, the access authority comprises at least one of data storage authority, data deletion authority, data modification authority and data search authority.
It should be noted that the present invention performs atomic level subdivision on the classification of the micro service, the micro service itself, and the operations of increasing, deleting, modifying and checking the micro service, and converts the operations into corresponding segmented character strings, for example, the permission of the micro service classification 1 is server: service1, the permission of the micro service classification 2 is server: service2, and the more detailed storage permission of the micro service1 is server: service1: save, and the deletion permission is server: service1: delete. After the authority is allocated to the role and the role is bound with the user, the user enters a system page, whether the user is used for a server authority or not is judged firstly, if not, the whole service module cannot be seen, the user can check which service classification authority the user has, for example, only the server is provided with the service1, the system background can screen the service classified as the service1 from all the services in the database and return the service to the user, if the user does not have the save and delete authorities, the page can place the corresponding operation option in a forbidden state according to the user authority, even if the user tampers with the page, the background can check the user authority after the operation is submitted, and error information can be returned if the check fails.
According to the security access control method based on the micro-service, provided by the invention, the user realizes the fine access and the accurate access to the micro-service through the fine classification of the access authority.
Fig. 2 is a second schematic flowchart of the security access control method based on microservice provided by the present invention, which is applied to an external system, as shown in fig. 2, the method includes:
step S210, receiving a post request sent by a user;
step S220, reading the service code in the url and the user information in the request body;
step S230, verifying whether the service code and the user information are matched with preset information, and if so, allowing the user to execute an access action on the microservice; and if not, the feedback matching fails.
According to the security access control method based on the micro-service, in the invention, the request body also comprises data query time information, whether the service code, the user information and the data query time information are matched with preset information is verified, and if the service code, the user information and the data query time information are matched with the preset information, the user is allowed to execute an access action on the micro-service; and if not, the feedback matching fails.
It should be noted that the security access control methods based on microservices applied to the external system and the internal system belong to different control authorities, are independent and do not interfere with each other, and ensure security.
When the remote service is created, the service code can be set to select the setting of the authorization date, the authorization time, the authorized user, the content filtering and even the access times, and the like, and the function called remotely is based on the http protocol, the user sends a post request, the service code accessed is set in the url, and the request body carries the information of the accessed user, the data query condition and the like.
The service information needing to be accessed is pulled from the database after the user request is received in the background, the user identity information and the service authorization condition are checked, the date and the time are checked even if the check is passed, if any information is inconsistent, the service cannot be accessed, and the data security is ensured. Even if the third party is not logged in to the user, the authorized code of the authorized user can be used as the certificate for identity verification, and the usability of the service is improved. Due to the limitation of date and time, the service has sufficient updating and modifying time, the user is prevented from acquiring wrong data, and the reliability of service data is ensured.
According to the micro-service-based security access control method provided by the invention, the service code in the url, the user information in the request body and the data query time information are read, preset information in the database is used for comparing with the information one by one, and the user access to the micro service can be realized only after all the information is successfully compared.
According to the security access control method based on the micro service provided by the invention, in the invention, the method further comprises the following steps:
when the method is applied to a plurality of micro services, the access authority of a user for a micro service group is obtained based on user information, the micro service group is formed by combining a plurality of micro services according to a preset sequence, and when the access authority does not exist, the access failure of the micro service group is fed back;
and when the access authority exists, sequentially accessing a plurality of micro services in the micro service group, feeding back access data when the micro service access is successful, and feeding back the micro service access failure and skipping to execute the access process of the next micro service in the micro service group when the micro service access failure occurs.
It should be noted that the microservice group formed by arranging a plurality of microservices is also essentially a service which can be authorized and invoked remotely like a common microservice, but can accommodate a plurality of microservices and order the accommodated microservices. The authorization of the micro service group is slightly different from the authorization of the ordinary micro service, and if a user wants to access the micro service group, in addition to the authorization of the micro service group, the user also needs to have the authorization of all the micro services accommodated by the micro service group, otherwise, the execution is stopped.
When the user accesses the micro service group, the system can check the authorization condition of the micro services one by one according to a preset sequence and execute the access, and returns the data information of all the micro services, if any micro service step has an error, abnormal information is recorded, the user is allowed to check the running condition of the micro services, and the specific step has the abnormality is displayed, and if the step is successful, the data result of each micro service is returned.
According to the safe access control method based on the micro-services, the micro-services are packaged into groups to obtain the micro-service groups, the user can access the access authority based on the micro-service groups and the access authority of each micro-service in the micro-service groups in sequence, the micro-services in the groups are accessed in sequence based on the micro-service groups, the requirements of the user on accessing different micro-services according to the preset sequence are met, and the operability of access is improved.
According to the security access control method based on the micro-service, in the invention, the micro-service carries an effective access time period, and in the effective access time period, the micro-service can be executed access action; otherwise, the microservice cannot be subjected to an access action.
Fig. 3 is a third schematic flowchart of the microservice-based security access control method provided by the present invention, as shown in fig. 3,
step1, a user enters a system;
step2, checking the authority of the user for owning the service classification based on the data in the service database;
step3, return to service class 1.
Fig. 4 is a fourth schematic flowchart of the security access control method based on microservice provided by the present invention, as shown in fig. 4,
step1, the user modifies the service information;
step2, checking whether the user has the authority of the service based on the data information in the service database; if so, modifying the service information and returning success information, and simultaneously storing the modified service information to a service database; if not, returning failure information and terminating the process.
Fig. 5 is a fifth flowchart of the microservice-based security access control method provided by the present invention, as shown in fig. 5,
step1, a user accesses the remote service, carries user information or user credentials, and simultaneously stores the user access information to a service database.
Step2, checking the user and service authority information, and receiving the service authorization from the service database; if the check fails, failure information is returned.
Step3, if the check is passed, checking the access date and time, and if the check is passed, returning data information; if the access date and time check fails, failure information is returned.
Fig. 6 is a sixth schematic flowchart of the security access control method based on microservice provided by the present invention, as shown in fig. 6,
and Step1, arranging the user access service, storing the user access information into a service database, and simultaneously carrying the user information by the user.
Step2, checking whether the user has service arrangement authorization based on the data information in the service database, and if so, disassembling the service arrangement to access the service in sequence; if not, returning failure information.
Step3, checking the authorization and date of the service1 based on the service database, if so, checking the authorization and date of the service2, and if so, returning data information; the service2 authorization and date are checked and if not, failure information is returned.
Fig. 7 is a seventh schematic flowchart of the microservice-based security access control method provided by the present invention, as shown in fig. 7,
the system personnel carry out fine-grained access control of service, and carry out access operation of single service or service arrangement after the fine-grained access control is finished;
the external system remotely calls the single service based on the service code, and the plurality of single services are combined to form the service arrangement.
Fig. 8 is a schematic structural diagram of a security access control device based on microservices according to the present invention, and as shown in fig. 8, the security access control device 800 includes:
the permission obtaining module 810 is configured to obtain, based on user information, access roles of a user for different micro services, and obtain, based on the access roles, access permissions that the user has for the different micro services, where the micro services are processes from at least one program;
an access execution module 820, configured to respectively respond to access actions of the user for different micro services based on the access permissions; the micro service carries an effective access time period within which the micro service can be executed with an access action; otherwise, the microservice cannot be performed an access action.
According to the security access control device based on the micro-service, the access role of the user is obtained according to the user information, the access role expresses the access authority of the user to different micro-services, and therefore the same user can access the different micro-services based on different access roles; based on the method, the user gets rid of the limitation that different processes on a certain program can only have single access authority, the independent access and data acquisition of the same user on different processes are realized, and the access efficiency and the access safety degree are improved; meanwhile, the effective time period is set during service release, so that a user has service access authority in a specific time period, and a service provider can perform data service maintenance operation outside the effective time period, thereby ensuring the timeliness of the data service and performing periodic update maintenance.
Fig. 9 is a second schematic configuration diagram of a security access control device based on microservices according to the present invention, and as shown in fig. 9, the security access control device 900 includes:
a receiving module 910, configured to receive a post request sent by a user;
a reading module 920, configured to read a service code in the url and user information in the request body;
a verification module 930, configured to verify whether the user information matches preset information, and if so, allow the user to perform an access action on the microservice; and if not, the feedback matching fails.
The safe access control device based on the micro-service reads the service code in the url, the user information in the request body and the data query time information, compares preset information in the database with the information one by one, and can realize the access of the user to the micro-service only after all the information is successfully compared.
Fig. 10 illustrates a physical structure diagram of an electronic device, and as shown in fig. 10, the electronic device may include: a processor (processor) 1010, a communication Interface (Communications Interface) 1020, a memory (memory) 630 and a communication bus 1040, wherein the processor 1010, the communication Interface 1020 and the memory 1030 are in communication with each other via the communication bus 1040. The processor 1010 may call logic instructions in the memory 1030 to perform a microservice-based security access control method for an internal system, the method comprising: the method comprises the steps of obtaining access roles of users aiming at different micro services based on user information, and obtaining access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program; respectively responding to the access actions of the user for different micro services based on the access authority; the microservice carries an effective access time period within which the microservice can be subjected to access actions; otherwise, the microservice cannot be subjected to an access action.
Or, the security access control method based on the micro service is executed and applied to an external system, and the method comprises the following steps: when the method is applied to the single micro service, a post request sent by a user is received; reading the service code in the url and the user information in the request body; verifying whether the service code and the user information are matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
Furthermore, the logic instructions in the memory 1030 can be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer being capable of executing the microservice-based security access control method provided by the above methods, and the method being applied to an internal system, and the method including: acquiring access roles of users aiming at different micro services based on user information, and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program; respectively responding to the access actions of the user for different micro services based on the access authority; the microservice carries an effective access time period within which the microservice can be subjected to access actions; otherwise, the microservice cannot be performed an access action.
Or the security access control method based on the microservice provided by executing the methods is applied to an external system, and the method comprises the following steps: when the method is applied to the single micro service, a post request sent by a user is received; reading the service code in the url and the user information in the request body; verifying whether the service code and the user information are matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
In another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the above-mentioned security access control method based on microservices, when the method is applied to an internal system, and the method including: acquiring access roles of users aiming at different micro services based on user information, and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program; respectively responding to the access actions of the user for different micro services based on the access authority; the microservice carries an effective access time period within which the microservice can be subjected to access actions; otherwise, the microservice cannot be performed an access action.
Or the security access control method based on the microservice provided by executing the methods is applied to an external system, and the method comprises the following steps: when the method is applied to the single micro service, a post request sent by a user is received; reading the service code in the url and the user information in the request body; verifying whether the service code and the user information are matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
In the foregoing detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, like numerals typically identify like components, unless context dictates otherwise. The illustrated embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented here.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A security access control method based on micro-service is applied to an internal system and is characterized by comprising the following steps:
acquiring access roles of users aiming at different micro services based on user information, and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program;
respectively responding to the access actions of the user for different micro services based on the access authority;
the microservice carries an effective access time period within which the microservice can be subjected to access actions; otherwise, the microservice cannot be subjected to an access action.
2. The microservice-based secure access control method of claim 1, wherein the access rights comprise at least one of data saving rights, data deleting rights, data modifying rights, and data searching rights.
3. A security access control method based on micro-service is applied to an external system and is characterized by comprising the following steps:
when the method is applied to the single micro service, a post request sent by a user is received;
reading the service code in the url and the user information in the request body;
verifying whether the service code and the user information are matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
4. The microservice-based security access control method according to claim 3, wherein the request body further comprises data query time information, verifies whether the service code, the user information and the data query time information match preset information, and if so, allows the user to perform an access action on the microservice; and if not, the feedback matching fails.
5. The microservice-based security access control method of claim 3, further comprising:
when the method is applied to a plurality of micro services, the access authority of a user for a micro service group is obtained based on user information, the micro service group is formed by combining a plurality of micro services according to a preset sequence, and when the access authority does not exist, the access failure of the micro service group is fed back;
and when the access authority exists, sequentially accessing a plurality of micro services in the micro service group, feeding back access data when the micro service access is successful, and feeding back the micro service access failure and skipping to execute the access process of the next micro service in the micro service group when the micro service access failure occurs.
6. A security access control device based on micro service, which is applied to an internal system, is characterized by comprising:
the permission acquisition module is used for acquiring access roles of users aiming at different micro services based on user information and acquiring access permissions of the users aiming at the different micro services based on the access roles, wherein the micro services are processes from at least one program;
the micro service carries an effective access time period, and the micro service can be executed with the access action in the effective access time period; otherwise, the microservice cannot be subjected to an access action.
7. A security access control device based on micro service, applied to an external system, is characterized by comprising:
the receiving module is used for receiving a post request sent by a user;
the reading module is used for reading the service code in the url and the user information in the request body;
the verification module is used for verifying whether the user information is matched with preset information or not, and if so, allowing the user to execute an access action on the micro service; and if not, the feedback matching fails.
8. An electronic device comprising a memory, a processor and a computer program stored on said memory and executable on said processor, characterized in that said processor, when executing said program, carries out the steps of the microservice-based security access control method according to any one of claims 1 to 5.
9. A non-transitory computer readable storage medium, having a computer program stored thereon, wherein the computer program, when being executed by a processor, implements the steps of the microservice-based security access control method according to any of the claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211098463.7A CN115208693B (en) | 2022-09-09 | 2022-09-09 | Security access control method and device based on micro-service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211098463.7A CN115208693B (en) | 2022-09-09 | 2022-09-09 | Security access control method and device based on micro-service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115208693A true CN115208693A (en) | 2022-10-18 |
| CN115208693B CN115208693B (en) | 2022-12-20 |
Family
ID=83571986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211098463.7A Active CN115208693B (en) | 2022-09-09 | 2022-09-09 | Security access control method and device based on micro-service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208693B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702180A (en) * | 2023-08-02 | 2023-09-05 | 北京智芯微电子科技有限公司 | Microkernel operating system, access control method, chip, device and medium thereof |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790001A (en) * | 2016-12-12 | 2017-05-31 | 中电科华云信息技术有限公司 | Multisystem role-security management method and system based on unified interface |
| CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
| US20190102567A1 (en) * | 2017-09-29 | 2019-04-04 | Intel Corporation | Crypto-enforced capabilities for isolation |
| CN109981716A (en) * | 2017-12-28 | 2019-07-05 | 北京奇虎科技有限公司 | A kind of micro services call method and device |
| CN110069941A (en) * | 2019-03-15 | 2019-07-30 | 深圳市买买提信息科技有限公司 | A kind of interface access authentication method, apparatus and computer-readable medium |
| CN110781476A (en) * | 2019-10-15 | 2020-02-11 | 南京南瑞信息通信科技有限公司 | Flexible micro-service security access control method and system |
| CN111600899A (en) * | 2020-05-25 | 2020-08-28 | 华人运通(上海)云计算科技有限公司 | Micro-service access control method and device, electronic equipment and storage medium |
| CN112560014A (en) * | 2021-01-05 | 2021-03-26 | 广州华资软件技术有限公司 | Service opening control scheme for setting opening time and limiting request times |
| CN114143069A (en) * | 2021-11-26 | 2022-03-04 | 联奕科技股份有限公司 | Authority management system and method applied to microservice |
| CN114692172A (en) * | 2020-12-25 | 2022-07-01 | 北京千里日成科技有限公司 | User request processing method and device |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
-
2022
- 2022-09-09 CN CN202211098463.7A patent/CN115208693B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790001A (en) * | 2016-12-12 | 2017-05-31 | 中电科华云信息技术有限公司 | Multisystem role-security management method and system based on unified interface |
| US20190102567A1 (en) * | 2017-09-29 | 2019-04-04 | Intel Corporation | Crypto-enforced capabilities for isolation |
| CN109583152A (en) * | 2017-09-29 | 2019-04-05 | 英特尔公司 | Password for isolation enforces ability |
| CN109981716A (en) * | 2017-12-28 | 2019-07-05 | 北京奇虎科技有限公司 | A kind of micro services call method and device |
| CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
| CN110069941A (en) * | 2019-03-15 | 2019-07-30 | 深圳市买买提信息科技有限公司 | A kind of interface access authentication method, apparatus and computer-readable medium |
| CN110781476A (en) * | 2019-10-15 | 2020-02-11 | 南京南瑞信息通信科技有限公司 | Flexible micro-service security access control method and system |
| CN111600899A (en) * | 2020-05-25 | 2020-08-28 | 华人运通(上海)云计算科技有限公司 | Micro-service access control method and device, electronic equipment and storage medium |
| CN114692172A (en) * | 2020-12-25 | 2022-07-01 | 北京千里日成科技有限公司 | User request processing method and device |
| CN112560014A (en) * | 2021-01-05 | 2021-03-26 | 广州华资软件技术有限公司 | Service opening control scheme for setting opening time and limiting request times |
| CN114143069A (en) * | 2021-11-26 | 2022-03-04 | 联奕科技股份有限公司 | Authority management system and method applied to microservice |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
Non-Patent Citations (1)
| Title |
|---|
| 沙鋆杰: "基于RBAC模型的云计算平台访问控制系统设计研究", 《信息与电脑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702180A (en) * | 2023-08-02 | 2023-09-05 | 北京智芯微电子科技有限公司 | Microkernel operating system, access control method, chip, device and medium thereof |
| CN116702180B (en) * | 2023-08-02 | 2024-04-05 | 北京智芯微电子科技有限公司 | Microkernel operating system, access control method, chip, device and medium thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115208693B (en) | 2022-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107403106B (en) | Database fine-grained access control method based on terminal user | |
| CN106506521B (en) | Resource access control method and device | |
| CN109104412B (en) | Account authority management method, account authority management system and computer readable storage medium | |
| US10511632B2 (en) | Incremental security policy development for an enterprise network | |
| US8839354B2 (en) | Mobile enterprise server and client device interaction | |
| CN102447677B (en) | Resource access control method, system and equipment | |
| US7702693B1 (en) | Role-based access control enforced by filesystem of an operating system | |
| US9848001B2 (en) | Secure access to mobile applications | |
| CN106487744B (en) | Shiro verification method based on Redis storage | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN109740333B (en) | Rights management method for integrated system and subsystem, server and storage medium | |
| US8719950B2 (en) | Access control apparatus and storage medium | |
| US20140250505A1 (en) | Multi-user use of single-user apps | |
| CN111181975A (en) | Account management method, device, equipment and storage medium | |
| US9280674B2 (en) | Information processing apparatus and method of controlling same | |
| CN115208693B (en) | Security access control method and device based on micro-service | |
| CN104348616B (en) | A kind of method, apparatus and system for accessing terminal security component | |
| CN114357498A (en) | Data desensitization method and device | |
| CN114417300A (en) | Multi-tenant user access control system and method | |
| CN110889108B (en) | spark task submitting method and device and server | |
| KR101345959B1 (en) | Method for multi-user authority management for single-user mobile handset platform and mobile handset using the same | |
| CN108494749A (en) | Method, apparatus, equipment and the computer readable storage medium of IP address disabling | |
| CN111045725A (en) | Control method, device and storage medium of code management system | |
| CN111881475B (en) | Method for selecting role authority based on authority association | |
| CN112733165B (en) | File access control method, device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |