CN115329311A - Multi-system-based data operation method, terminal equipment and storage medium - Google Patents

Multi-system-based data operation method, terminal equipment and storage medium Download PDF

Info

Publication number
CN115329311A
CN115329311A CN202210791710.5A CN202210791710A CN115329311A CN 115329311 A CN115329311 A CN 115329311A CN 202210791710 A CN202210791710 A CN 202210791710A CN 115329311 A CN115329311 A CN 115329311A
Authority
CN
China
Prior art keywords
data operation
data
database
operation request
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210791710.5A
Other languages
Chinese (zh)
Inventor
徐雄辉
陈奋
陈荣有
李伟彬
薛世平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Fuyun Information Technology Co ltd
Original Assignee
Xiamen Fuyun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Fuyun Information Technology Co ltd filed Critical Xiamen Fuyun Information Technology Co ltd
Priority to CN202210791710.5A priority Critical patent/CN115329311A/en
Publication of CN115329311A publication Critical patent/CN115329311A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/505Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a data operation method, terminal equipment and a storage medium based on multiple systems, wherein the method comprises the following steps: initializing configuration information of a database corresponding to each system; when a user logs in, a token is generated according to the encrypted user information; encrypting the token to generate a temporary key, and distributing the temporary key to each system for storage; when a data operation request sent by a system is received, distributing the data operation request to the system by adopting load balancing; and the system verifies the key in the data operation request, performs data operation from the corresponding database according to the data operation request when the verification is passed, assembles the data obtained after the data operation according to a returned data format, and returns the data operation request to the system which initiates the request corresponding to the data operation request. The invention can improve the high efficiency, safety and stability of data operation between service systems.

Description

Multi-system-based data operation method, terminal equipment and storage medium
Technical Field
The present invention relates to the field of data processing, and in particular, to a data operation method based on multiple systems, a terminal device, and a storage medium.
Background
With the rapid development of information technology, the information technology has become an important driving force for promoting the development of economic structure to diversification. While the information technology brings huge economic and social benefits, the enterprise faces increasing threats, and new challenges are provided for data security and privacy protection. At present, enterprise service private cloud, public cloud and the like are diversified. The system architecture is increasingly complex, services among systems in the private cloud architecture are continuously overlapped and interacted, systems in different service forms have respective data processing modes, the data processing modes are diversified, the management is difficult, the maintenance is difficult, and the risk of data security threat among the systems is high. The data processing modes of different business forms are incompatible with different data sources and are difficult to call data among systems. Therefore, it is of great significance to establish a safe, efficient and convenient unified data gateway system to meet the requirements of different business forms.
At present, systems of a plurality of products in an enterprise have respective data storage and processing modes, and call data and response between the systems have huge requirements. The traditional calling mode is called by checking user information of respective systems or an http mode without check, the security is extremely low, the enterprise production security and loss are easily caused by attack, no uniform data format exists among the systems, the butt joint mode is low in efficiency and difficult, and the compatibility is poor. The specific disadvantages are as follows:
1) Data requirements are low in development efficiency, and each requirement needs to develop a corresponding function. A large amount of labor cost is wasted.
2) Lack of uniform request distribution easily causes service rushing.
3) The requirement of large amount of data of different scenes cannot be met.
4) The security is low and the masquerading request attack is easy to happen.
5) The system without the uniform data format is difficult to be butted, so that the later maintenance cost is higher.
6) Invoking data and responses is inflexible and inefficient.
Disclosure of Invention
In order to solve the above problems, the present invention provides a data operation method, a terminal device and a storage medium based on multiple systems.
The specific scheme is as follows:
a data operation method based on multiple systems comprises the following steps:
s1: initializing configuration information of a database corresponding to each system;
s2: after the user logs in, encrypting the user information during the user login according to a first encryption rule, matching the encrypted user information with authorized user information stored in an authentication authorization database to judge whether the user information is valid, and if so, generating a token according to the encrypted user information;
s3: encrypting the token through a second encryption rule to generate a temporary key, and distributing the temporary key to each system for storage;
s4: when a data operation request sent by a system is received, judging whether a user corresponding to the data operation request is an authorized user or not according to a key in the data operation request, if so, issuing a calling authority of the system requesting operation corresponding to the data operation request, setting an access limit of the user to the system, judging whether the request times exceed the access limit or not when the data operation request of the user to the system is received each time, and if so, stopping receiving the data operation request of the user to the system; otherwise, distributing the data operation request to a request operation system corresponding to the data operation request by adopting Haproxy load balancing;
s5: when the system receives the data operation request, parameter analysis is carried out on the data operation request to obtain a key in the data operation request, the key and a temporary key stored in the system are verified, when the key passes the verification, data operation is carried out from a corresponding database according to the data operation request, data obtained after the data operation are assembled according to a returned data format, and then the data are returned to the system which initiates the request corresponding to the data operation request.
Further, the database corresponding to the system comprises: hbase, mysql, elasticsearch, hive, clickhouse, and hadoop.
Further, the configuration information of the database includes: system name, ip, port, username, login password, database link, database version number, packet path information, and return data format.
Further, the content of the data operation request includes: key, operation option required to be performed, operation statement optiValue, system name system for requesting operation, type databaseType of database for requesting operation, data required to be operated and version number version.
Further, the access limit is the maximum number of times that the user can access the system every day.
Further, the method for performing data operation from the corresponding database according to the data operation request comprises the following steps:
s501: analyzing the data operation request, and acquiring contents corresponding to six fields, namely databaseType, option value, data, system and version;
s502: acquiring a database of a corresponding version according to the system, the database type and the version field, and acquiring connection information of the database from configuration information corresponding to the database;
s503: selecting jar packages of the database of the corresponding version and a connection method required under the jar packages according to the system, the database type and the version fields;
s504: establishing connection with the database based on the connection information, jar packet and connection method of the database;
s505: and operating the database based on the data field according to the option and option value fields.
A multisystem-based data operation terminal device comprises a processor, a memory and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the method of the embodiment of the invention.
A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method as described above for an embodiment of the invention.
The invention adopts the technical scheme and has the beneficial effects that:
(1) The multi-service system provides a unified data verification gateway service based on a unified identity authentication mode under single-point logging, and improves the high efficiency, safety and stability of data among the service systems.
(2) The unified load balancing scheduling mode provides stability for data flow among all service systems, carries out peak clipping in the service peak period and improves the speed and the stability of the data flow among the systems.
(3) The method supports the operation, parameter configuration and return data format customization of various multi-version mainstream database custom databases, greatly increases the flexibility and the manual secondary development cost, can meet the requirements of a large amount of data in different scenes, and improves the enterprise efficiency.
(4) The method has the advantages of uniform technology and codes in maintenance, greatly reduced maintenance cost, capability of rapidly meeting the requirements of different services, high safety, stable data, high concurrency and flexible dynamic configuration.
Drawings
Fig. 1 is a flowchart of a first embodiment of the invention.
Fig. 2 is a schematic diagram illustrating a Mysql query request according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a Mysql insert request according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a Mysql update request according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a Mysql delete request according to an embodiment of the present invention.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. With these references, one of ordinary skill in the art will appreciate other possible embodiments and advantages of the present invention.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
an embodiment of the present invention provides a data operation method based on multiple systems, as shown in fig. 1, the method includes the following steps:
s1: and initializing configuration information of a database corresponding to each system.
The method is used for operating a plurality of systems (such as WeChat, QQ and the like), and each system corresponds to one or more databases.
The database types in this embodiment include: the database configuration information comprises the following configuration information, wherein the configuration information comprises hbase, mysql, elastic search, hive, clickhouse and hadoop: the system name system, ip, port, user name username, login password passport, database link url, database version number version, package path information jarPath and return data format dataType.
S2: after the user logs in, the user information during the user login is encrypted according to a first encryption rule, the encrypted user information is matched with authorized user information stored in an authentication authorization database to judge whether the user information is valid, and if the user information is valid, a token (token) is generated according to the encrypted user information.
In the embodiment, the user logs in from the constructed unified user login interface.
The first encryption rule may adopt a common data encryption rule, and is not limited herein.
The authentication and authorization database is used for storing encrypted user information of authorized users.
And when the matching is consistent, judging that the user information is effective. If not, the flow ends.
S3: and encrypting the token through a second encryption rule to generate a temporary key (secret key), and distributing the temporary key to each system for storage.
In the embodiment, the second encryption rule adopts an AES-CBC algorithm.
The temporary key can cache an encrypted token with the user name as the key for the user, and can be used for login-free verification during jumping between systems. After the temporary key is verified, the login and skipping of each application system can be avoided.
S4: when a data operation request sent by a system is received, judging whether a user corresponding to the data operation request is an authorized user according to a key in the data operation request, if so, issuing the calling authority of the system requesting the operation corresponding to the data operation request, setting the access limit of the user to the system, judging whether the request times exceed the access limit when receiving the data operation request of the user to the system every time, and if so, stopping receiving the data operation request of the user to the system; otherwise, distributing the data operation request to a request operation system corresponding to the data operation request by adopting Haproxy load balancing.
And stopping the data operation request when the data operation request is judged not to be the authorized user, and waiting for receiving the next data operation request.
In this embodiment, the data operation request is a character string in JSON format, as shown in fig. 2 to 5, and the content of the data operation request includes: key (temporary key generated in step S3 above), option of operation to be performed (such as adding, deleting, modifying, searching, etc.), operation statement optionValue, system name system of the requested operation, type databaseType of database of the requested operation, data and version number of the operation to be performed.
The access limit is used to limit the number of accesses requested within a fixed period of time, such as the maximum number of accesses that can be made per day. By limiting the access limit, the pressure of the system server can be relieved, meanwhile, the malicious attack of hackers is prevented, and the stability of an application system is improved.
By distributing the requests through Haproxy load balancing, the pressure and the flow of each system can be reduced.
S5: when the system receives the data operation request, parameter analysis is carried out on the data operation request to obtain a key in the data operation request, the key and a temporary key stored in the system are verified, when the key passes the verification, data operation is carried out from a corresponding database according to the data operation request, and after the data obtained after the data operation is assembled according to a data format recorded by the data operation request, the data are returned to the system which initiates the request corresponding to the data operation request.
The method for performing data operation from the corresponding database according to the data operation request in the embodiment comprises the following steps:
s501: and analyzing the data operation request, and acquiring the contents corresponding to the six fields of the databaseType, the option value, the data, the system and the version.
As shown in fig. 2, the contents corresponding to the six fields obtained by parsing are: mysql, select username from user _ info where id =1, cloudApi, data, 5.7.1.
S502: and acquiring the database of the corresponding version according to the system, the database type and the version field, and acquiring the connection information of the database from the configuration information corresponding to the database.
The connection information includes: ip, port, username, password passport, database link url, etc.
S503: and selecting jar packages (each version corresponds to different jar packages) of the database of the corresponding version according to the fields of system, database type and version, and connecting methods required under the jar packages.
S504: and establishing connection with the database based on the connection information, jar packet and connection method of the database.
S505: and operating the database based on the data field according to the option and the option value field.
The operation statement as done by the optional value is "insert inter userInfo (column 1, column 2.) VALUES ()". The VALUES () requires new data to be assembled according to data "{ VALUES1, VALUES2,. }" data, and "insert into new syntax" standard SQL "for" insert into value 1, VALUES2, } "VALUES is assembled.
Different database types databaseType (e.g., hbase, hadoop, elastic search, hive). The syntax corresponding to the operation statement optiValue and the data field is different.
The dataType of the return data format is obtained from the configuration information of the database.
The method of the embodiment of the invention can realize the following technical effects:
(1) Systems in different business forms in enterprises have unified authentication authority login and single-point systems.
(2) The token authentication based on the single point is used for data calling between different business form systems.
(3) The unified data processing mode is adopted, and scenes of diversified data processing modes, difficult management and difficult maintenance among systems are changed.
(4) The safety and the stability of data between systems are improved.
(5) Configurable datamation can greatly reduce the secondary business development of developers and the enterprise cost.
(6) Multiple data sources and versions solve the compatibility of data between systems.
The second embodiment:
the invention also provides data operation terminal equipment based on multiple systems, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the steps in the method embodiment of the first embodiment of the invention are realized when the processor executes the computer program.
Further, as an executable scheme, the data operation terminal device based on multiple systems may be a computing device such as a desktop computer, a notebook, a mobile phone, and a palm computer. The multisystem-based data operation terminal device can comprise, but is not limited to, a processor and a memory. It is understood by those skilled in the art that the above-mentioned structure of the terminal device for data operation based on multiple systems is only an example of the terminal device for data operation based on multiple systems, and does not constitute a limitation of the terminal device for data operation based on multiple systems, and may include more or less components than the above, or combine some components, or different components, for example, the terminal device for data operation based on multiple systems may further include an input/output device, a network access device, a bus, etc., which is not limited in this embodiment of the present invention.
Further, as an executable solution, the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general-purpose processor may be a microprocessor or the processor may be any conventional processor, and the processor is a control center of the multisystem-based data operation terminal device, and various interfaces and lines are used to connect various parts of the entire multisystem-based data operation terminal device.
The memory can be used for storing the computer program and/or the module, and the processor realizes various functions of the multi-system-based data operation terminal equipment by running or executing the computer program and/or the module stored in the memory and calling the data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
The modules/units integrated on the multisystem-based data operation terminal device can be stored in a computer-readable storage medium if the modules/units are implemented in the form of software functional units and sold or used as independent products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), software distribution medium, and the like.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. A multisystem-based data operation method is characterized by comprising the following steps:
s1: initializing configuration information of a database corresponding to each system;
s2: after the user logs in, encrypting the user information during the user login according to a first encryption rule, matching the encrypted user information with authorized user information stored in an authentication authorization database to judge whether the user information is valid, and if so, generating a token according to the encrypted user information;
s3: encrypting the token through a second encryption rule to generate a temporary key, and distributing the temporary key to each system for storage;
s4: when a data operation request sent by a system is received, judging whether a user corresponding to the data operation request is an authorized user according to a key in the data operation request, if so, issuing the calling authority of the system requesting the operation corresponding to the data operation request, setting the access limit of the user to the system, judging whether the request times exceed the access limit when receiving the data operation request of the user to the system every time, and if so, stopping receiving the data operation request of the user to the system; otherwise, distributing the data operation request to a request operation system corresponding to the data operation request by adopting Haproxy load balancing;
s5: when the system receives the data operation request, parameter analysis is carried out on the data operation request to obtain a key in the data operation request, the key and a temporary key stored in the system are verified, when the key passes the verification, data operation is carried out from a corresponding database according to the data operation request, data obtained after the data operation is assembled according to a returned data format, and then the data are returned to the system which initiates the request corresponding to the data operation request.
2. The multi-system based data manipulation method of claim 1, wherein: the corresponding database of the system comprises: hbase, mysql, elasticsearch, hive, clickhouse, and hadoop.
3. The multi-system based data manipulation method of claim 1, wherein: the configuration information of the database includes: system name, ip, port, user name, login password, database link, database version number, packet path information, and return data format.
4. The multi-system based data manipulation method of claim 1, wherein: the content of the data operation request comprises: key, operation option required to be performed, operation statement optiValue, system name system for requesting operation, type databaseType of database for requesting operation, data required to be operated and version number version.
5. The multi-system based data manipulation method of claim 1, wherein: the access limit is the maximum number of times that the user can access the system daily.
6. The multisystem-based data manipulation method of claim 4, wherein: the method for performing data operation from the corresponding database according to the data operation request comprises the following steps:
s501: analyzing the data operation request, and acquiring contents corresponding to six fields of databaseType, option value, data, system and version;
s502: acquiring a database of a corresponding version according to the system, the database type and the version field, and acquiring connection information of the database from configuration information corresponding to the database;
s503: selecting jar packages of the database of the corresponding version and a connection method required under the jar packages according to the system, the database type and the version fields;
s504: establishing connection with the database based on the connection information, jar packet and connection method of the database;
s505: and operating the database based on the data field according to the option and the option value field.
7. A data operation terminal equipment based on multisystem, its characterized in that: comprising a processor, a memory and a computer program stored in said memory and running on said processor, said processor implementing the steps of the method according to any one of claims 1 to 6 when executing said computer program.
8. A computer-readable storage medium storing a computer program, characterized in that: the computer program realizing the steps of the method as claimed in any one of claims 1 to 6 when executed by a processor.
CN202210791710.5A 2022-07-07 2022-07-07 Multi-system-based data operation method, terminal equipment and storage medium Pending CN115329311A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210791710.5A CN115329311A (en) 2022-07-07 2022-07-07 Multi-system-based data operation method, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210791710.5A CN115329311A (en) 2022-07-07 2022-07-07 Multi-system-based data operation method, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115329311A true CN115329311A (en) 2022-11-11

Family

ID=83917347

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210791710.5A Pending CN115329311A (en) 2022-07-07 2022-07-07 Multi-system-based data operation method, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115329311A (en)

Similar Documents

Publication Publication Date Title
CN112154639B (en) Multi-factor authentication without user footprint
US10880292B2 (en) Seamless transition between WEB and API resource access
CN112088373B (en) Declarative third party identity provider integration for multi-tenant identity cloud services
CN107852417B (en) Multi-tenant identity and data security management cloud service
CN112913203B (en) Architecture with protective layer at data source
US20220329422A1 (en) Data processing method, apparatus, computer program, and storage medium
CN112913208B (en) Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability
US9503447B2 (en) Secure communication between processes in cloud
US9003498B2 (en) Method and apparatus for routing application programming interface (API) calls
US8745088B2 (en) System and method of performing risk analysis using a portal
CN110521182B (en) Method and system for protocol level identity mapping
US20190273732A1 (en) Custom authenticator for enterprise web application
CN113347206A (en) Network access method and device
US11658957B2 (en) Methods and apparatuses for temporary session authentication and governor limits management
US20200259836A1 (en) Providing control to tenants over user access of content hosted in cloud infrastructures
US10678906B1 (en) Multi-service and multi-protocol credential provider
CN111259448A (en) Data sharing method and device
CN113422733A (en) Service processing method and device of block chain, computer equipment and storage medium
CN114338682A (en) Flow identity mark transmission method and device, electronic equipment and storage medium
US10326833B1 (en) Systems and method for processing request for network resources
US11683166B2 (en) Secure file modification with supervision
US20100030805A1 (en) Propagating information from a trust chain processing
WO2020257123A1 (en) Systems and methods for blockchain-based authentication
CN114428661A (en) Mirror image management method and device
WO2022193494A1 (en) Permission control method, server, terminal, storage medium, and computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination