CN115292673A - Container application authorization method and device, readable storage medium and electronic equipment - Google Patents

Container application authorization method and device, readable storage medium and electronic equipment Download PDF

Info

Publication number
CN115292673A
CN115292673A CN202210827421.6A CN202210827421A CN115292673A CN 115292673 A CN115292673 A CN 115292673A CN 202210827421 A CN202210827421 A CN 202210827421A CN 115292673 A CN115292673 A CN 115292673A
Authority
CN
China
Prior art keywords
client
container application
license information
database
registered
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210827421.6A
Other languages
Chinese (zh)
Inventor
李东鸽
马帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN202210827421.6A priority Critical patent/CN115292673A/en
Publication of CN115292673A publication Critical patent/CN115292673A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects

Abstract

The disclosure relates to a container application authorization method, a device, a readable storage medium and an electronic device, wherein the container application authorization method comprises the following steps: the method comprises the steps of obtaining first license information corresponding to a container application, checking the legality of second license information corresponding to the container application of a client according to the first license information, and controlling the registration of the container application of the client under the condition that the second license information is legal. The software use permission information is acquired from the database by each client, so that the client can autonomously detect the authorization validity to achieve the decentralized effect, an additional independent authorization server is not required to be arranged, and the flexibility of software authorization is improved under the condition that a fixed IP address or an MAC address at one side of the client is not required to be provided.

Description

Container application authorization method and device, readable storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a container application authorization method and apparatus, a readable storage medium, and an electronic device.
Background
In the software authorization method, a container application is authorized by importing a license file. Generally, a license file mainly binds information such as an IP (Internet Protocol) address, a MAC (Media Access Control) address, a CPU (central processing unit) and a memory of a computer or a virtualization device, and if the license file does not match the bound information, the container application cannot be normally used.
In the related art, a separate authorization server is added to authorize the separate authorization server, and the IP and MAC of a computer or a virtualization device are not provided, so that the flexibility of container application authorization is improved. However, this method requires a separate authorization server, increases the deployment cost, and the data processing pressure of the separate authorization server is large.
Disclosure of Invention
In order to overcome the problems in the related art, the present disclosure provides a container application authorization method, apparatus, readable storage medium, and electronic device.
According to a first aspect of the embodiments of the present disclosure, there is provided a container application authorization method, including:
acquiring first license information and the number of registered clients corresponding to the container application, wherein the first license information is software use license information stored in a database by a software manufacturer;
verifying the legality of second license information, corresponding to the container application, of the client according to the first license information;
and controlling the registration of the container application of the client under the condition that the second license information is legal.
Optionally, the first license information includes an authorizable number characterizing a maximum number of clients the software vendor is allowed to use the container application according to the repository;
before controlling registration of the container application of the client in a case where the second license information is legitimate, the method further includes:
acquiring the number of registered clients from the database;
the controlling the registration of the container application of the client when the second license information is legal comprises:
and controlling the registration of the container application of the client according to the number of the registered clients and the authorized number under the condition that the second license information is legal.
Optionally, the controlling registration of the container application of the client according to the number of registered clients and the authorized number includes:
performing survival detection on the registered clients under the condition that the number of the registered clients is greater than or equal to the authorized number;
deleting the non-live client in the database when detecting that the registered client comprises the non-live client;
and when the registered client number after the non-survival client is deleted is less than the authorized number, registering the container application of the client to the database.
Optionally, the performing survival detection on the registered client includes:
and carrying out survival detection on the registered client according to the communication identifier of the registered client stored in the database, wherein the communication identifier is written into the database when the registered client is registered to the database.
Optionally, the controlling registration of the container application of the client includes:
storing, in the repository, a start time of a container application on the client when it is determined that the container application of the client is registered to the repository;
and the starting time is used for deleting the client from the registered clients in the database when the time length from the starting time reaches a preset time length threshold value, and returning to execute the step of acquiring the first permission information corresponding to the container application and the number of the registered clients from the database.
Optionally, before the obtaining the first license information and the number of registered clients corresponding to the container application from the repository, the method further includes:
and establishing communication connection with a database based on connection information in second permission information of the container application corresponding to the client, wherein the connection information comprises the IP address of the database.
Optionally, before the obtaining the first license information and the number of registered clients corresponding to the container application from the repository, the method further includes:
and in the case that the first license information applied corresponding to the container does not exist in the database, acquiring the first license information from a software manufacturer and storing the first license information into the database.
According to a second aspect of the embodiments of the present disclosure, there is provided a container application authorization apparatus including:
a first acquisition module configured to acquire first license information and the number of registered clients corresponding to the container application, the first license information being software use license information stored by a software vendor to a repository;
the verifying module is configured to verify the legality of second license information, corresponding to the container application, of the client according to the first license information;
a control module configured to control registration of the container application of the client based on a case that the second license information is legal.
Optionally, the first license information includes an authorizable number characterizing a maximum number of clients the software vendor is allowed to use the container application according to the repository;
the device further comprises:
a second acquisition module configured to acquire the number of registered clients from the repository;
the control module includes:
a control sub-module configured to control registration of the container application of the client according to the number of registered clients and the authorized number under a condition that the second license information is legal.
Optionally, the control module comprises:
a detection module configured to perform a survival detection on the registered clients if the number of registered clients is greater than or equal to the authorized number;
a sending module configured to delete a non-live client in the repository when detecting that the registered clients include the non-live client;
a registration module configured to register a container application of the client to the repository when the number of registered clients after the deletion of the non-live client is smaller than the authorized number.
Optionally, the detection module includes:
a detection submodule configured to perform survival detection on the registered client according to a communication identifier of the registered client stored in the repository, the communication identifier being written into the repository when the registered client is registered in the repository.
Optionally, the control module includes:
a storage sub-module configured to store, in the repository, a start time of a container application on the client when it is determined to register the container application of the client to the repository;
and the starting time is used for deleting the client from the registered clients in the database when the time length from the starting time reaches a preset time length threshold value, and returning to execute the step of acquiring the first permission information corresponding to the container application and the number of the registered clients from the database.
Optionally, the apparatus further comprises:
a connection module configured to establish a communication connection with a repository based on connection information in second license information of a client-corresponding container application, the connection information including an IP address of the repository.
Optionally, the apparatus further comprises:
a storage module configured to acquire the first license information from a software vendor and store the first license information into the repository, in a case where the repository does not have the first license information corresponding to the container application.
According to a third aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of the first aspect.
According to a fourth aspect of embodiments of the present disclosure, there is provided a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of the first aspect described above.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
by storing first license information to a repository, wherein the first license information is software use license information stored to the repository by a software manufacturer, and embedding a verification program at a client, the verification program is used for the client to execute a container application authorization method. Specifically, the client acquires first license information corresponding to the container application from the database, then verifies the legality of second license information corresponding to the container application by the client according to the first license information, and controls the registration of the container application of the client under the condition that the second license information is legal. The software use permission information is acquired from the database by each client, and the container application authorization method is executed, so that the spontaneous detection of authorization validity of each client can be realized, the decentralized effect is achieved, an additional independent authorization server does not need to be arranged, and the flexibility of software authorization is improved under the condition that a fixed IP address or an MAC address on one side of the client is not required to be provided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic application scenario diagram illustrating a container application authorization method according to an exemplary embodiment.
Fig. 2 is a flow diagram illustrating a method for container application authorization in accordance with an example embodiment.
Fig. 3 is a flowchart illustrating a method of obtaining first license information and the number of registered clients according to an example embodiment.
FIG. 4 is a flow diagram illustrating another container application authorization method in accordance with an example embodiment.
Fig. 5 is a flow diagram illustrating yet another method of container application authorization in accordance with an example embodiment.
Fig. 6 is a block diagram illustrating a container application authorization apparatus according to an example embodiment.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the disclosure, as detailed in the appended claims.
In the software authorization method, software application is authorized by importing license files. Generally, the license file mainly binds information such as an IP address, an MAC address, a CPU, a memory, and the like of a computer or a virtualization device, and if the license file does not match the bound information, the software application cannot be normally used. However, some application scenarios cannot provide a fixed IP address or MAC address, or provide an IP address or MAC address is otherwise inconvenient. For example, in a container application scenario, the currently mainstream container technology mainly adopts a dynamic on-demand flexible deployment manner, that is, an IP address or a MAC address cannot be provided, or a container environment providing the IP address or the MAC address is particularly inconvenient.
In the related art, an independent authorization server is added to authorize the independent authorization server, so that the independent authorization server serves as a centralized server, can uniformly authenticate the client side of the container application, and can realize the authorized use of the container application after the authentication is passed. When the independent authorization server authenticates the client, the client is not required to provide the IP address and the MAC address of the computer or the virtualization equipment, so that the flexibility of container application authorization can be improved. However, this method requires a separate authorization server, increases the deployment cost, and the data processing pressure of the separate authorization server is large.
In view of the above problem, in the related art, each container application of a client needs to be connected with a database, and the database is used for storing information so as to enable each container application to perform normal operation and use. That is, the related art includes a repository and an independent authorization server, and a plurality of container applications, each of which is connected to the repository and the independent authorization server. The independent authorization server is used as a centralized server and used for uniformly authenticating the client side of the container application and realizing the authorized use of the container application after the authentication is passed; the database is used for storing relevant information of normal operation of the container application. The embodiment of the disclosure provides a container application authorization method, a device, a readable storage medium and an electronic device, wherein software use permission information is stored in an existing database, each client acquires the software use permission information from the database, and the container application authorization method is executed, so that the authorization legality can be autonomously detected by each client, and the decentralized effect is achieved. The container application authorization method is applied to the client side provided with the container applications, each container application is connected with the database through the client side, the client side can directly acquire information from the database to complete the detection of the authorization validity of the client side, so that an additional independent authorization server is not required to be arranged, and the flexibility of software authorization is improved under the condition that a fixed IP address or an MAC address on one side of the client side is not required to be provided.
An application scenario of the container application authorization method provided in the embodiment of the present disclosure is described below. Fig. 1 is a schematic application scenario diagram of a container application authorization method according to an exemplary embodiment, and as shown in fig. 1, the application scenario may be applied to a container application scenario, where the container application scenario includes a plurality of container applications and a repository for connection of the plurality of container applications, and the plurality of container applications may be run by using resources of the same host, where the resources refer to the repository of the container applications. The database can be published by a software manufacturer when the container application is published and is deployed in a server, and the database is used for being connected with a client so as to enable the container application to perform normal data storage and data acquisition, thereby supporting normal operation and use of the container application. For example, as shown in fig. 1, the plurality of container applications may include a container application a, a container application B, a container application N, and the like, and the container application authorization method provided by the embodiment of the present disclosure may be applied to a client installed with the container application.
Fig. 2 is a flowchart illustrating a container application authorization method according to an exemplary embodiment, where as shown in fig. 2, an execution subject of the method is a client that installs the container application, for example, a check program is embedded in the container application, and the client implements the container application authorization method shown in fig. 2 by running the check program, where the method includes:
in step S201, first license information corresponding to the container application is acquired, and the first license information is software use license information stored in a repository by a software vendor.
In this embodiment, considering that the container application of each client needs to be connected to one database to be able to perform normal operation, the software vendor may directly store the first license information in the database without separately deploying an independent authorization server.
When the client is started, for example, when the container application is started, the verification program can be executed, and the authorization validity can be autonomously detected. Specifically, the client first obtains first license information of the corresponding container application from a database, wherein the first license information is software use license information stored in the database by a software manufacturer.
In step S202, the client is checked for validity of the second license information applied to the container based on the first license information.
The second license information of the container application corresponding to the client is configured in advance at the client, for example, after a user of the client obtains the second license information through a legally purchased channel, the client may be configured based on the second license information. The second license information may include an IP address of the repository (i.e., an IP address of a server on which the repository is deployed) so that the client can connect to the repository according to the second license information. When the validity of the second license information needs to be checked, the second license information can be read in real time and then checked using the first license information.
In one possible implementation, the first license information and the second license information may each include a corresponding library IP, a library instance name, and a user name. The database IP, the database instance name and the user name are used for client connection and registering the database, and whether the second permission information is legal or not is verified by checking whether the database IP, the database instance name and the user name in the second permission information are the same as the database IP, the database instance name and the user name in the first permission information.
It should be noted that the software manufacturer may change the server of the repository deployment (accordingly, the first license information stored in the repository also changes with the change of the server, for example, the repository IP in the first license information changes with the change of the server). In this way, if the user of the client does not legally purchase the container application, the library is copied and deployed to a new server, and the new client is configured based on the IP address of the new server to obtain new second license information. In this case, since the first license information in the copied repository is not changed with the change of the new server, the new client will prevent the illegal use of the container application by the user because the new second license information cannot pass the validity check of the first license information.
In step S203, if the second license information is valid, registration of the container application of the client is controlled.
In this embodiment, when the second license information is legal, for example, when the database IP, the database instance name, and the user name in the second license information are the same as the database IP, the database instance name, and the user name in the first license information, the registration of the container application of the client can be controlled. For example, a container application of a client is registered to a repository to enable the client to use the container application, thereby enabling a user to normally use the container application.
In the above technical solution provided by the embodiment of the present disclosure, first license information is stored in a repository, where the first license information is software use license information stored in the repository by a software manufacturer, and a verification program is embedded in a client, where the verification program is used for the client to execute a container application authorization method. Specifically, the client acquires first license information corresponding to the container application from the database, then verifies the validity of second license information corresponding to the container application by the client according to the first license information, and controls the registration of the container application of the client under the condition that the second license information is legal. The software use permission information is obtained from the database through each client, the container application authorization method is executed, the client can detect authorization validity autonomously, and the decentralized effect is achieved (for example, a check program is embedded in the client and is used for the client to execute the container application authorization method, so that the client is not required to be authenticated by a centralized server).
In one possible embodiment, the first license information may include an authorizable number characterizing a maximum number of clients the software vendor is allowed to use the container application from the repository;
the registered client number may also be acquired from the repository before registration of the container application of the control client in case that the second license information is legal. And controlling the registration of the container application of the client according to the number of the registered clients and the authorized number under the condition that the second license information is legal.
In this embodiment, the first license information may include an authorizable number characterizing a maximum number of clients that the software vendor allows to use the container application according to the repository. For example, the authorized number may be 100, and at this time, among the clients connected to the library, the number of clients allowed to use the container application is 100. The number of registered clients represents the number of clients that the repository has authorized to register for use of the container application.
When the second license information is legal, for example, the information such as the database IP, the database instance name, and the user name in the second license information is the same as the information such as the database IP, the database instance name, and the user name in the first license information, it can be determined that the second license information is legal.
After the verification of the second license information is legal, it may be determined whether to register the container application of the client to the repository according to a magnitude relationship between the number of registered clients and the number that can be authorized. If the number of registered clients is less than the authorized number, the authorization of the clients can be confirmed to pass, and the container application of the clients can be registered in the database. If the number of registered clients is greater than or equal to the authorized number, it can be determined that the client authorization is not passed.
For example, the authorized number is 100, and when the number of registered clients is less than 100, for example, the number of registered clients is equal to 80, the authorization of the client is confirmed to pass; and confirming that the authorization of the client is not passed when the number of registered clients is greater than or equal to 100. When the client authorization is confirmed, the container application of the client may be registered to the repository so that the client can use the container application, thereby enabling the user to normally use the container application.
In this embodiment, after the verification of the second license information is legal, the authorized number is further verified, and the registration of the container application of the client is controlled according to the size relationship between the registered client number and the authorized number, so that the use of the container application is further limited by the authorized number, and the user is prevented from illegally and unlimitedly using the container application.
In a possible implementation manner, the repository is pre-established with a license information table and an application information table, where the license information table is used to store the first license information, and the application information table is used to store the registration information of the client, where the registration information may include a communication identifier corresponding to the client and a starting time of the client.
Fig. 3 is a flowchart illustrating a method for obtaining first license information and a number of registered clients according to an exemplary embodiment, where, as shown in fig. 3, obtaining the first license information of the corresponding container application and obtaining the number of registered clients from the repository may specifically include:
in step S301, first license information is acquired from a license information table in a library.
The client can obtain the public key of the software manufacturer and decrypt the first license information by using the public key, so that the decrypted first license information can be obtained by analysis.
Illustratively, the license information table is shown as the following table:
name of field Type of field Note
License_content Blob License data file
The License _ content is License content, and includes first License information, which is a binary large object, and is a field type for storing a binary file.
In step S302, the number of registered clients is acquired from the application information table of the repository.
The registration information is obtained from the application information table of the database, the registration information comprises communication identifiers corresponding to the registered clients after the authorization is passed, and then the number of the registered clients is determined according to the number of the communication identifiers contained in the registration information.
Illustratively, the application information table is shown in the following table:
name of field Type of field Note
Docker_id Varchar(256) Container communication identification
Start_time Timestamp Time of container start-up
The Docker _ id is a container communication identifier and includes a communication identifier corresponding to a registered client, the Varchar is a variable-length character string, the Start _ time is container Start time and includes Start time of a container application on the client, and the Timestamp is a Timestamp.
In this embodiment, since the container application of the client must be connected to the repository to operate normally, by storing the first license information and the registration information representing the number of registered clients in the repository, each client can directly obtain the first license information and the number of registered clients corresponding to the container application from the repository, so that there is no need to obtain the first license information from an additional independent authorization server, and the deployment of independent authorization servers is reduced.
In a possible embodiment, before obtaining the first license information and the number of registered clients of the corresponding container application from the repository, the client may further establish a connection with the repository, for example: and establishing communication connection with the data bank based on connection information in the second permission information of the container application corresponding to the client, wherein the connection information comprises the IP address of the data bank.
The user can configure the data of the client according to the second permission information, can configure the connection information such as the database IP, the database instance name, the user name and the password, and when the client is started, the client can acquire the connection information such as the database IP, the database instance name, the user name and the password, and can send the connection information such as the database IP, the database instance name, the user name and the password to the database so as to establish the communication connection with the database.
In this embodiment, the client can successfully connect the database through the connection information, so as to obtain information from the database or store the information in the database, and the container application of the client can be successfully operated only if the database is successfully connected and the container application is authorized to be legal, and the connection information is included in the second permission information.
In a possible implementation, before obtaining the first license information corresponding to the container application, it may be further determined whether the first license information exists in the repository, and in the case that the first license information corresponding to the container application does not exist in the repository, the first license information is obtained from the software vendor and stored in the repository.
In this embodiment, after the client successfully establishes the communication connection with the database, the first permission information can be obtained from the database. At this time, the client may send a first license information acquisition request to the database, the database searches for corresponding first license information in response to the first license information acquisition request, and when the database does not have the first license information, for example, the result of the corresponding first license information found by the database is empty, the database may return information that the first license information does not exist to the client, and at this time, the client may acquire the first license information from the software vendor.
Illustratively, when the client confirms that the first license information does not exist in the database, an import page can be displayed to the user, the import page can comprise a two-dimensional code and an import plug-in, the user can acquire the user information by scanning the two-dimensional code, and the first license information is acquired from a server corresponding to the software manufacturer according to the user information. Then, the user can trigger the import plug-in, so that the first license information can be imported into the database. Because the first permission information has more contents, the user can be prevented from directly inputting the first permission information through the import page, and the first permission information can be imported into the database more conveniently and quickly.
In the solution of this embodiment, if the client confirms that the database does not have the first license information, the first license information can be obtained from the software manufacturer, and the first license information is stored in the database, at this time, the first license information can be permanently stored in the database only by once importing the first license information, and all clients corresponding to the same container application can obtain the first license information from the database to detect the authorization validity of the client when being connected to the database.
Fig. 4 is a flowchart illustrating another container application authorization method according to an exemplary embodiment, where, as shown in fig. 4, in a possible implementation manner, there is also a case that the number of registered clients is greater than or equal to the authorized number, and at this time, the registration of the container application of the client is controlled according to the number of registered clients and the authorized number, including:
in step S401, in the case that the number of registered clients is greater than or equal to the number that can be authorized, a survival detection is performed on the registered clients.
In the case that the number of registered clients is greater than or equal to the authorized number, it is not possible to confirm that the authorization of the client is successful, that is, it is not possible to register the container application of the client in the repository. When multiple clients perform authorization verification, the number of registered clients is greater than the authorized number. For example, if there are 5 clients performing authorization check at the same time, and the first license information and the second license information of the 5 clients are consistent, if the number of the currently registered clients is 9 and the number of the currently registered clients is 10, then the container applications of the 5 clients can be registered in the repository, resulting in that the number of the registered clients is 14 and is greater than the number of the currently registered clients 10.
In one embodiment, the registered client may be tested for survival based on the communication identity of the registered client stored by the repository.
Each client corresponds to a communication identifier, the client can acquire the communication identifier of the registered client, and the client can establish communication connection with other clients through the communication identifiers so as to perform survival detection on the registered client. If the registered client is in a survival state, sending heartbeat messages to other connected clients at regular time, when the client receives the heartbeat messages, determining that the client sending the heartbeat messages is a survival client, and if the heartbeat messages of the connected clients are not received within preset time, determining that the client is a non-survival client, wherein the communication identification is written into the database when the registered client is registered in the database.
In step S402, when it is detected that the registered clients include non-live clients, the non-live clients in the repository are deleted.
For example, when it is detected that the registered client includes the non-live client, the communication identifier corresponding to the non-live client may be obtained, and based on the communication identifier corresponding to the non-live client, the deletion information may be generated and sent to the repository. After the database receives the deletion information, the communication identifier which is the same as the communication identifier contained in the deletion information can be found from the database in response to the deletion information and deleted, so that the non-living client in the database is deleted.
In step S403, when the number of registered clients after deletion of the non-live client is less than the authorized number, the container application of the client is registered to the repository.
In this embodiment, when the database deletes the communication identifier corresponding to the stored non-live client successfully, the database may send information that the deletion of the non-live client is successful to the client, at this time, the client may obtain the number of registered clients after the deletion of the non-live client, and when the number of registered clients after the deletion of the non-live client is smaller than the authorized number, the container application of the client may be registered in the database, so as to authorize the client to use the container application. For example, the number of registered clients is 15, the number of authorized clients is 10, and the number of non-live clients is 6, at this time, the number of registered clients after deleting the non-live clients is 9, which is smaller than the number of authorized clients, at this time, the container application of the client may be registered in the repository, so as to authorize the client to use the container application; if the number of the non-survival clients is 3, at this time, the number of the registered clients after deleting the non-survival clients is 12, which is still larger than the authorized number, at this time, it is determined that the client authorization does not pass, and the container application of the client cannot be registered in the database.
For example, the method for registering the container application of the client to the repository may be: the client can send the corresponding communication identifier to the database, and the database can store the communication identifier after receiving the communication identifier so as to complete the registration of the container application of the client.
In the above embodiment, in the case that the number of registered clients is equal to the authorized number, the registered clients may also be subjected to survival detection, so as to delete the non-survival clients, thereby preventing the non-survival clients from occupying the authorized number.
In a possible implementation, controlling registration of the container application of the client may further include:
when the container application of the client is determined to be registered to the database, storing the starting time of the container application on the client in the database;
and the starting time is used for deleting the client from the registered clients in the database when the time length from the starting time reaches a preset time length threshold value, and returning to execute the step of acquiring the first permission information corresponding to the container application and the number of the registered clients from the database.
The application information table in the database can also be used for storing the starting time of the container application on the client, and specifically, when the container application is started on the client, the starting time is recorded and stored in the database.
After the container application of the client is registered to the database, the container application of the client can be registered again in response to the time length from the starting moment reaching a preset time length threshold value.
The time from the starting time to the current time can be recorded according to the starting time, and a preset time threshold is preset, wherein the preset time threshold can be set according to actual conditions, for example, the preset time threshold can be 7 days. When the time length from the starting time to the current time is equal to the preset time length threshold, re-authorization detection can be triggered, the client can respond that the time length from the starting time reaches the preset time length threshold, re-register the container application of the client, namely re-execute the methods from the step S201 to the step S203, and before re-registering the container application of the client, the client can be deleted from the registered clients in the database.
According to the method, the preset time length threshold value is set, and when the starting time length of the container application on the client reaches the preset time length threshold value, the container application of the client is authorized again, so that the authorization safety of the container application is improved.
Fig. 5 is a flowchart illustrating a further method for container application authorization according to an example embodiment, as shown in fig. 5, including:
step S501: acquiring first license information and the number of registered clients corresponding to the container application, wherein the first license information is software use license information stored in a database by a software manufacturer, and the first license information comprises an authorized number which represents the maximum number of clients which the software manufacturer allows to use the container application according to the database.
Step S502: and verifying the validity of the second license information of the client to the container application according to the first license information.
Step S503: and registering the container application of the client to the repository in the case that the number of registered clients is less than the authorized number based on the second license information being legal.
Step S504: performing survival detection on the registered clients under the condition that the number of the registered clients is greater than or equal to the authorized number on the basis of the legality of the second license information;
step S505: deleting the non-live client in the database when detecting that the registered client comprises the non-live client;
step S506: and when the number of registered clients after the non-live clients are deleted is less than the authorized number, registering the container application of the client to the database.
According to the method, the legality of the acquired second license information is verified firstly according to the first license information, and the authorized quantity is verified after the legality of the second license information is verified. In case the authorized number passes the verification, i.e. the number of registered clients is smaller than the authorized number, the container application of the client can be registered to the repository to authorize the client to use the container application. When the number of the registered clients is larger than or equal to the authorized number, the authorized number is not checked to pass. At this time, the registered clients can be subjected to survival detection so as to delete the non-survival clients, so that the non-survival clients are prevented from occupying the authorized number, and when the number of the registered clients after the non-survival clients are deleted is smaller than the authorized number, the container application of the clients can be registered in the database so as to authorize the clients to use the container application.
The following provides a possible complete embodiment:
when the container application of the client is started, the client executes the following steps:
step S1, obtaining the first permission information from the permission information table in the database, obtaining the second permission information, and checking the validity of the second permission information according to the first permission information. If the second license information is legal, step S2 is executed, and if the second license information is illegal, the process is ended.
And S2, acquiring registration information from the application information table in the database, wherein the registration information at least comprises communication identifiers corresponding to the registered clients after the authorization is passed, so as to determine the number of the registered clients.
And S3, judging whether the number of the registered clients is smaller than the authorized number, if so, executing S7, otherwise, executing S4.
And S4, detecting whether the registered client side comprises a non-survival client side, if so, executing the step S5, and if not, ending.
And step S5, deleting the non-survival client in the database.
And S6, judging whether the number of the registered clients after the non-survival clients are deleted is smaller than the authorized number, if so, executing the step S7, and if not, ending the step.
Step S7, registering the container application of the client to a database.
According to the method, the legality of the acquired second license information is verified firstly according to the first license information, and the authorized quantity is verified after the legality of the second license information is verified. In the case that the authorized number passes the verification, i.e., the number of registered clients is less than the authorized number, the container application of the client can be registered to the repository to authorize the client to use the container application. When the number of registered clients is larger than or equal to the authorized number, the authorized number is not checked. At this time, the registered clients can be subjected to survival detection so as to delete the non-survival clients, so that the non-survival clients are prevented from occupying the authorized number, and when the number of the registered clients after the non-survival clients are deleted is smaller than the authorized number, the container application of the clients can be registered in the database so as to authorize the clients to use the container application.
Fig. 6 is a block diagram illustrating a container application authorization apparatus according to an example embodiment. Referring to fig. 6, the container application authorizing apparatus 600 may include: a first acquisition module 601, a verification module 602, and a control module 603. Wherein:
a first obtaining module 601 configured to obtain first license information corresponding to the container application, where the first license information is software use license information stored in a repository by a software manufacturer;
a verification module 602 configured to verify the validity of the second license information of the container application corresponding to the client according to the first license information;
a control module 603 configured to control registration of the container application of the client based on a case that the second license information is legitimate.
Optionally, the first license information includes an authorizeable amount characterizing a maximum number of clients the software vendor is allowed to use the container application according to the repository;
the device further comprises:
a second acquisition module configured to acquire the number of registered clients from the repository;
the control module 603 includes:
a control sub-module configured to control registration of the container application of the client according to the number of registered clients and the authorized number, in a case where the second license information is legal.
Optionally, the control module 603 includes:
a detection module configured to perform a survival detection on the registered clients if the number of registered clients is greater than or equal to the authorized number;
a sending module configured to delete a non-live client in the repository when detecting that the registered client includes the non-live client;
a registration module configured to register a container application of the client to the repository when the number of registered clients after the deletion of the non-live client is smaller than the authorized number.
Optionally, the detection module includes:
a detection sub-module configured to perform survival detection on the registered client according to a communication identifier of the registered client stored in the repository, wherein the communication identifier is written into the repository when the registered client is registered in the repository.
Optionally, the control module 603 includes:
a storage sub-module configured to store, in the repository, a start time of a container application of the client when it is determined to register the container application to the repository;
and the starting time is used for deleting the client from the registered clients in the database when the time length from the starting time reaches a preset time length threshold value, and returning to execute the step of acquiring the first permission information corresponding to the container application and the number of the registered clients from the database.
Optionally, the apparatus further comprises:
a connection module configured to establish a communication connection with a repository based on connection information in second license information of a client-corresponding container application, the connection information including an IP address of the repository.
Optionally, the apparatus further comprises:
a storage module configured to acquire first license information from a software vendor and store the first license information into a repository, in a case where the repository does not have the first license information corresponding to the container application.
With regard to the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
FIG. 7 is a block diagram of an electronic device shown in accordance with an example embodiment. As shown in fig. 7, the electronic device 700 may include: a processor 701 and a memory 702. The electronic device 700 may also include one or more of a multimedia component 703, an input/output interface 704, and a communication component 705.
The processor 701 is configured to control the overall operation of the electronic device 700, so as to complete all or part of the steps in the container application authorization method. The memory 702 is used to store various types of data to support operation at the electronic device 700, such as instructions for any application or method operating on the electronic device 700 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like. The Memory 702 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically Erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia components 703 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 702 or transmitted through the communication component 705. The audio assembly also includes at least one speaker for outputting audio signals. The input/output interface 704 provides an interface between the processor 701 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 705 is used for wired or wireless communication between the electronic device 700 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, or combinations thereof, which is not limited herein. The corresponding communication component 705 may thus comprise: wi-Fi module, bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the container Application authorization method described above.
In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions, which when executed by a processor, implement the steps of the container application authorization method described above. For example, the computer readable storage medium may be the above-described memory 702 comprising program instructions executable by the processor 701 of the electronic device 700 to perform the above-described container application authorization method.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A container application authorization method applied to a client side, the method comprising:
acquiring first license information corresponding to the container application, wherein the first license information is software use license information stored in a database by a software manufacturer;
verifying the validity of second license information of the container application corresponding to the client according to the first license information;
and controlling the registration of the container application of the client under the condition that the second license information is legal.
2. The container application authorization method according to claim 1,
the first license information includes an authorizeable quantity characterizing a maximum number of clients the software vendor is allowed to use the container application according to the repository;
before controlling registration of the container application of the client in a case where the second license information is legitimate, the method further includes:
acquiring the number of registered clients from the database;
the controlling the registration of the container application of the client when the second license information is legal comprises:
and controlling the registration of the container application of the client according to the number of the registered clients and the authorized number under the condition that the second license information is legal.
3. The container application authorization method according to claim 2,
the controlling registration of the container application of the client according to the registered client number and the authorized number includes:
performing survival detection on the registered clients under the condition that the number of the registered clients is greater than or equal to the authorized number;
deleting the non-live client in the database when detecting that the registered client comprises the non-live client;
and when the registered client number after the non-survival client is deleted is less than the authorized number, registering the container application of the client to the database.
4. The container application authorization method according to claim 3,
the detecting the survival of the registered client includes: and performing survival detection on the registered client according to the communication identifier of the registered client stored in the database, wherein the communication identifier is written into the database when the registered client is registered to the database.
5. The container application authorization method according to any of claims 1 to 4,
the controlling registration of the container application of the client includes:
storing, in the repository, a start time of a container application on the client when it is determined that the container application of the client is registered to the repository;
and the starting time is used for deleting the client from the registered clients in the database when the time length from the starting time reaches a preset time length threshold value, and returning to execute the step of acquiring the first permission information corresponding to the container application and the number of the registered clients from the database.
6. The container application authorization method according to any one of claims 1 to 4, characterized in that, before the obtaining of the first license information corresponding to the container application, the method further comprises:
and establishing communication connection with a database based on connection information in second permission information of the container application corresponding to the client, wherein the connection information comprises the IP address of the database.
7. The container application authorization method according to any of claims 1 to 4, characterized in that, before the obtaining of the first license information corresponding to the container application, the method further comprises:
and under the condition that the database does not have the first license information corresponding to the container application, acquiring the first license information from a software manufacturer and storing the first license information into the database.
8. A container application authorization apparatus, comprising:
a first acquisition module configured to acquire first license information corresponding to the container application, the first license information being software use license information stored to a repository by a software vendor;
the verifying module is configured to verify the validity of second license information, corresponding to the container application, of the client according to the first license information;
a control module configured to control registration of the container application of the client based on a case that the second license information is legal.
9. A non-transitory computer readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any one of claims 1-7.
CN202210827421.6A 2022-07-13 2022-07-13 Container application authorization method and device, readable storage medium and electronic equipment Pending CN115292673A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210827421.6A CN115292673A (en) 2022-07-13 2022-07-13 Container application authorization method and device, readable storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210827421.6A CN115292673A (en) 2022-07-13 2022-07-13 Container application authorization method and device, readable storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN115292673A true CN115292673A (en) 2022-11-04

Family

ID=83821433

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210827421.6A Pending CN115292673A (en) 2022-07-13 2022-07-13 Container application authorization method and device, readable storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115292673A (en)

Similar Documents

Publication Publication Date Title
US11882108B2 (en) Application user single sign-on
US10686768B2 (en) Apparatus and method for controlling profile data delivery
JP6719079B2 (en) Information equipment, data processing system, data processing method and computer program
US11057372B1 (en) System and method for authenticating a user to provide a web service
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
CN107145769B (en) Digital Rights Management (DRM) method, equipment and system
US11562052B2 (en) Computing system and method for verification of access permissions
CN110069909B (en) Method and device for login of third-party system without secret
US20140150055A1 (en) Data reference system and application authentication method
JP6311214B2 (en) Application authentication program, authentication server, terminal, and application authentication method
JP2007280393A (en) Device and method for controlling computer login
CA2951914A1 (en) Restricted code signing
CN111966422A (en) Localized plug-in service method and device, electronic equipment and storage medium
US20180039771A1 (en) Method of and server for authorizing execution of an application on an electronic device
US8819427B2 (en) Device specific secure licensing
CN111259368A (en) Method and equipment for logging in system
US10158623B2 (en) Data theft deterrence
CN112699404A (en) Method, device and equipment for verifying authority and storage medium
WO2016188231A1 (en) Verification method and apparatus
CN115292673A (en) Container application authorization method and device, readable storage medium and electronic equipment
JP7445017B2 (en) Mobile application forgery/alteration detection method using user identifier and signature collection, computer program, computer readable recording medium, and computer device
JP2015106236A (en) Information processing device and user authentication method
CN114239000A (en) Password processing method, device, computer equipment and storage medium
KR20150030047A (en) Method and system for application authentication
CN114417303A (en) Login authentication management method, device, processor and machine-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination