CN115801286A - Calling method, device, equipment and storage medium of microservice - Google Patents
Calling method, device, equipment and storage medium of microservice Download PDFInfo
- Publication number
- CN115801286A CN115801286A CN202211659070.9A CN202211659070A CN115801286A CN 115801286 A CN115801286 A CN 115801286A CN 202211659070 A CN202211659070 A CN 202211659070A CN 115801286 A CN115801286 A CN 115801286A
- Authority
- CN
- China
- Prior art keywords
- key
- micro
- service
- plaintext
- service discovery
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a calling method, a calling device, equipment and a storage medium of micro-services. The method comprises the following steps: obtaining a first timestamp when a consumer initiates a service discovery request; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information; sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the identity authentication information passes the verification, returning a service discovery response result to the consumer; receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address. By the technical scheme of the invention, the safety of micro-service calling can be improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of micro services, in particular to a method, a device, equipment and a storage medium for calling a micro service.
Background
The point-to-point communication of the micro services refers to direct information exchange between the two micro services, and the request or response of the application does not need to pass through a gateway or other middle station systems. The micro service provider can register in the registration center, and the consumer system regularly accesses the registration center to perform service discovery so as to update the local provider address and directly connect the corresponding provider according to the service discovery result, thereby realizing point-to-point communication.
The existing mode registration center has simple identity verification mode for the service discovery request of the consumer, easily causes data leakage and has low safety.
Disclosure of Invention
The embodiment of the invention provides a calling method, a calling device, calling equipment and a storage medium of micro-services, which can improve the safety of micro-service calling.
According to an aspect of the present invention, there is provided a method for calling a microservice, including:
obtaining a first timestamp when a consumer initiates a service discovery request;
encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information;
sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the identity authentication information passes the verification, returning a service discovery response result to the consumer;
receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address.
Optionally, the plurality of keys include three keys, which are a first key, a second key, and a third key, respectively; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information, comprising:
decoding the ciphertext of the first secret key to obtain a plaintext of the first secret key;
acquiring a plaintext of the second key and a plaintext of the third key based on the plaintext of the first key;
combining the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer to obtain combined information;
and encrypting the combined information based on the plaintext of the third secret key to obtain identity authentication information.
Optionally, obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key includes:
decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key;
and decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.
Optionally, the verification manner of the identity authentication information by the registration center is as follows:
decrypting the identity authentication information according to the plaintext of the third key to obtain the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer;
acquiring a second time stamp during decryption;
verifying the legitimacy of the plaintext of the second key and the microservice identifier of the consumer;
and performing timeliness verification according to the second time stamp and the first time stamp.
Optionally, the service discovery response result further includes a provider interface and an access right switch state; invoking a micro-service instance of a provider according to the service discovery response result, comprising:
if the access authority switch state is an open state, acquiring an interface with access authority;
and establishing connection with the provider according to the provider address, and calling the micro service instance of the provider through an interface with access authority.
Optionally, the service discovery response result further includes a gray scale controller address and a gray scale switch state, and invoking a micro-service instance of a provider according to the service discovery response result includes:
if the gray switch state is an open state, acquiring gray version information from a gray controller according to the gray controller address;
and calling the micro service instance corresponding to the gray version information according to the service discovery response result.
Optionally, invoking a micro-service instance of a provider according to the service discovery response result includes:
and if the gray switch state is an off state and the micro service instance of the calling provider comprises two or more versions, calling the micro service instance of the two or more versions of the provider based on a load balancing principle.
According to another aspect of the present invention, there is provided a device for invoking a microservice, including:
the first timestamp acquisition module is used for acquiring a first timestamp when a consumer initiates a service discovery request;
the identity authentication information acquisition module is used for encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to acquire identity authentication information;
the information verification module is used for sending the identity authentication information and the service discovery request to a registration center so as to enable the registration center to verify the identity authentication information, and if the identity authentication information passes the verification, returning a service discovery response result to the consumer;
the micro-service instance calling module is used for receiving a service discovery response result returned by the registration center and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform a method of calling a microservice according to any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement a method for calling a microservice according to any one of the embodiments of the present invention when the computer instructions are executed.
The invention obtains the first time stamp when the consumer initiates the service discovery request; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to obtain identity authentication information; sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the verification is passed, returning a service discovery response result to the consumer; receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address. By the technical scheme of the invention, the safety of micro-service calling can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a flowchart of a method for invoking a microservice according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an example call flow of a micro-service instance provided in accordance with an embodiment of the present invention;
FIG. 3 is a flowchart of a method for invoking a microservice according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a calling apparatus for micro services according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a method for invoking a micro service according to an embodiment of the present invention, where the embodiment is applicable to a case of invoking a micro service instance, and the method can be executed by a device for transferring a micro service to Zhu Ge, and specifically includes the following steps:
step 110, a first timestamp is obtained when the consumer initiates the service discovery request.
Wherein the consumer may be understood as a party that needs to invoke the microservice instance. The consumer may initiate a service discovery request. A service discovery request may be understood as a request to invoke a microservice instance. The first timestamp may be understood as the time at which the service discovery request was initiated by the consumer. In this embodiment, time information when a consumer initiates a service discovery request may be obtained.
And 120, encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to obtain identity authentication information.
The plurality of keys may include three keys, which are a first key, a second key and a third key. The micro service identifier may be identification information of the micro service, for example, the micro service identifier may be micro service ID information, and may also be other identification information. It can be understood that, in this embodiment, when the user registers to apply for the micro service platform, information such as the micro service identifier and the provider interface authority may be applied. The encryption may be performed by an encryption algorithm or the like, or may be performed by other methods. The identity authentication information may be information for authenticating the identity of the consumer, and may be used to authenticate the identity of the consumer. The identity authentication information may be obtained by encrypting the first timestamp and the micro-service identifier of the consumer by a plurality of keys. In this embodiment, the first timestamp and the micro service label of the consumer may be encrypted based on a plurality of keys to obtain the authentication information.
In this embodiment, optionally, the plurality of keys include three keys, which are a first key, a second key and a third key, respectively; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information, comprising: decoding the ciphertext of the first secret key to obtain the plaintext of the first secret key; acquiring the plain text of the second key and the plain text of the third key based on the plain text of the first key; combining the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer to obtain combined information; and encrypting the combined information based on the plaintext of the third secret key to obtain identity authentication information.
The plurality of keys include three keys, which are a first key, a second key and a third key. Illustratively, the first secret key may be GK; the second secret key may be PK; the third key may be WK. Each key in this embodiment includes plaintext and ciphertext. The plaintext of the key may be obtained by decoding the ciphertext of the key. The plaintext of the first key may be obtained by decoding the ciphertext of the first key. In this embodiment, the plaintext of the second key and the plaintext of the third key may be obtained based on the plaintext of the first key. The combination information may be obtained by combining the plaintext of the second key, the first timestamp, and the microservice identifier of the consumer. In this embodiment, the identity authentication information obtained by encrypting the combination information based on the plaintext of the third key may be used.
Further, an example diagram of a micro-service instance calling flow in this embodiment is shown in fig. 2, in this embodiment, when a user accesses the micro-service platform for the first time, the user needs to apply for corresponding micro-service IDs of a consumer and a provider on the service administration platform as unique identifiers of the application, and then selects a corresponding access environment according to application attributes. In this embodiment, after the user determines the access environment, the user needs to log in the portal to apply for a plurality of keys, such as GK, PK and WK, for each microservice application, where the GK user is self-stored and configured in the configuration file or environment variable of the application, and the key PK and the key WK are issued to the corresponding registration center and configuration center by the portal. A portal may be understood as a page or server of the system. In the embodiment, the three-layer secret key symmetric encryption and decryption algorithm for generating the request identity information is relatively complex, PK and WK in the three-layer secret key encryption mode are maintained by the platform, a user does not feel PK and WK, only a GK secret key needs to be stored, the risk of secret key leakage is greatly reduced, and the identity verification safety is more reliable.
In this embodiment, the ciphertext of the first key may be decoded to obtain a plaintext of the first key, and the plaintext of the second key and the plaintext of the third key may be obtained based on the plaintext of the first key; combining the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer to obtain combined information; and encrypting the combined information based on the plaintext of the third key to obtain the identity authentication information. Through the setting, the identity authentication information can be obtained through symmetric encryption of the three-layer key system, and the security of the identity authentication information is further improved.
In this embodiment, optionally, the obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key includes: decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key; and decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.
The plaintext of the second key may be obtained by decoding the ciphertext of the second key according to the plaintext of the first key. The plaintext of the third key may be obtained by decoding the ciphertext of the third key from the plaintext of the second key. For example, in the present embodiment, the ciphertext of the key PK may be decoded according to the plaintext of the key GK to obtain the plaintext of the key PK; and decoding the ciphertext of the key WK according to the plaintext of the key PK to obtain the plaintext of the key WK.
In this embodiment, the ciphertext of the second key may be decoded according to the plaintext of the first key to obtain the plaintext of the second key; the ciphertext of the third key is then decoded from the plaintext of the second key to obtain the plaintext of the third key. Through the setting, the plaintext of the key can be obtained by decoding the ciphertext of the three layers of keys, so that the identity authentication information is obtained, and the identity authentication information can be conveniently verified subsequently.
In this embodiment, optionally, the verification manner of the identity authentication information by the registry is as follows: decrypting the identity authentication information according to the plaintext of the third key to obtain the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer; acquiring a second time stamp during decryption; verifying the legitimacy of the plaintext of the second key and the microservice identifier of the consumer; and performing timeliness verification according to the second time stamp and the first time stamp.
The decryption may be performed by a decryption algorithm, or may be performed in other manners. In this embodiment, the identity authentication information may be decrypted according to the plaintext of the third key, so as to obtain the plaintext of the second key, the first timestamp, and the microservice identifier of the consumer. The second time stamp may be understood as specific time information. In this embodiment, time information during decryption may be acquired. The verification of the validity can be understood as comparing and verifying whether an object needing verification is legal or not. In this embodiment, the validity of the plaintext of the second key and the microservice identifier of the consumer may be verified by comparing the plaintext of the second key with key information in the cache by the registration center to determine whether the validity exists, and determining that the validity exists if the comparison result between the plaintext of the second key and the key information in the cache is consistent; and if the comparison results are inconsistent, determining that the validity is not available. The registration center compares the micro-service identification of the consumer with the identification information in the cache to determine whether the micro-service identification of the consumer is legal or not; if the comparison result of the micro-service identification of the consumer and the identification information in the cache is consistent, determining that the micro-service identification is legal; if the comparison result is inconsistent, the validity is determined not to exist.
The timeliness verification can be understood as whether the obtained duration exceeds a preset threshold value or not, so that whether timeliness exists or not is judged. The preset threshold value can be preset and can be set according to actual requirements. Specifically, in this embodiment, the timeliness verification according to the second timestamp and the first timestamp may be performed by subtracting the first timestamp from the second timestamp to obtain a duration, comparing the duration with a preset threshold, and determining whether the duration exceeds the preset threshold, and if the duration exceeds the preset duration, the timeliness is not provided; if the duration does not exceed the preset duration, the method has timeliness.
In this embodiment, the identity authentication information may be decrypted according to a plaintext of the third key, the plaintext of the second key, the first timestamp, and the micro-service identifier of the consumer are obtained, the legitimacy of the plaintext of the second key and the micro-service identifier of the consumer is verified by obtaining the second timestamp during decryption, and the timeliness verification is performed according to the second timestamp and the first timestamp, so that the verification of the identity authentication information is completed. In the embodiment, the verification of the identity authentication information is finally completed through the validity verification and the timeliness verification, so that the safety of micro-service calling is further improved.
Wherein, the registration center can verify the identity authentication information. The service discovery response result may be result information returned by verifying the authentication information. In this embodiment, the identity authentication information and the service discovery request may be sent to the registry, so that the registry verifies the identity authentication information, and if the verification passes, a service discovery response result is returned to the consumer.
And step 140, receiving a service discovery response result returned by the registry, and calling a micro-service instance of a provider according to the service discovery response result.
Wherein the service discovery response result includes a provider address. The micro-service instances may have application version information, for example, each micro-service instance may include a plurality of version information, such as version one, version two, and version three. In this embodiment, the micro-service instance of the provider may be called according to the address of the provider. In this embodiment, the consumer may receive the service discovery response result returned by the registry, and invoke the micro-service instance of the provider according to the provider address of the service discovery response result.
The invention obtains the first time stamp when the consumer initiates the service discovery request; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to obtain identity authentication information; sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the verification is passed, returning a service discovery response result to the consumer; receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address. By the technical scheme of the invention, the safety of micro-service calling can be improved.
Example two
Fig. 3 is a flowchart of a method for invoking a microservice according to a second embodiment of the present invention, where the second embodiment is optimized based on the foregoing embodiments. The concrete optimization is as follows: the service discovery response result also comprises a provider interface and an access authority switch state; invoking a micro-service instance of a provider according to the service discovery response result, comprising: if the access authority switch state is an open state, acquiring an interface with access authority; and establishing connection with the provider according to the provider address, and calling the micro service instance of the provider through an interface with access authority. As shown in fig. 3, the method of this embodiment specifically includes the following steps:
step 310, obtain a first timestamp when the consumer initiates the service discovery request.
And step 320, encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to obtain identity authentication information.
Step 330, sending the identity authentication information and the service discovery request to a registry so that the registry verifies the identity authentication information, and if the verification is passed, returning a service discovery response result to the consumer.
And step 340, receiving a service discovery response result returned by the registration center.
Wherein the service discovery response result includes a provider address. The service discovery response result also includes the provider interface and access rights switch status. The provider interface may include a specific interface that may be invoked. Illustratively, if the returned service discovery response result includes the provider interfaces a and B, that is, the provider microservice instance can only be called through the interface a and the interface B having the access right. The access privileges switch state may comprise an open state and a closed state.
And 350, if the access authority switch is in an open state, acquiring an interface with access authority.
In this embodiment, if the access right switch is in an open state, the provider interface with the access right may be acquired. In this embodiment, if the access right switch is in the off state, it indicates that the user applies for access rights of all provider interfaces, and can access all provider interfaces.
Specifically, in this embodiment, before the consumer application is online, the consumer needs to apply for an interface call authority of a corresponding provider on the service administration platform, the configured interface call authority is issued to the registration center by the portal back end, the consumer obtains the provider interface and the access authority switch state from the service discovery response result, when the access authority switch state is an open state, the consumer can only call the provider interface configured with the call authority, otherwise, the call interface can not be limited.
And step 360, establishing connection with the provider according to the provider address, and calling the micro-service instance of the provider through an interface with access authority.
In this embodiment, a connection may be established with the provider according to the provider address in the returned service discovery response result, and the micro-service instance of the provider may be invoked through the interface having the access right.
For example, if only the interface a and the interface B have access rights, a connection may be established with the provider according to the provider address, and the microservice instance of the provider may be called through the interface a and the interface B. In the embodiment, the configuration of the calling authority of the interface calling level is supported, so that the interface of the provider can be selectively exposed to the consumer, and the privacy and the flexibility of the interface are improved.
In this embodiment, optionally, the service discovery response result further includes a grayscale controller address and a grayscale switch state, and invoking a micro-service instance of a provider according to the service discovery response result includes: if the gray switch state is an open state, acquiring gray version information from a gray controller according to the gray controller address; and calling the micro service instance corresponding to the gray version information according to the service discovery response result.
The service discovery response result in this embodiment may further include a gray scale controller address and a gray scale switch state. In this embodiment, the gray controller may be accessed according to the gray controller address. The gray scale switch states may include an on state and an off state. The grayscale controller may store therein a version of the microservice instance having a higher priority. The gray scale controller in this embodiment may be user-preconfigured. The grayscale version information may be understood as version information of the micro-service instance. In this embodiment, the corresponding micro-service instance may be determined according to the grayscale version information. For example, as shown in fig. 2, in the embodiment, if the provider application instance has two or more versions, version number information should be configured in the grayscale controller in advance, and corresponding grayscale information is written in the instance configuration file or the environment variable, so that the provider carries grayscale version information during registration, and the consumer acquires grayscale version information during service discovery, and can determine the micro-service instance of the corresponding version in the grayscale controller according to the acquired grayscale release information. In the embodiment, the gray scale controller is used as a provider and registered in a registry to share a consumer service for discovery, the gray scale version information configured by the user in the gray scale controller is updated in real time, and the flow distribution is more flexible and sensitive.
In this embodiment, if the state of the grayscale switch is an open state, it indicates that the version with higher priority is preferentially called, the grayscale version information is obtained from the grayscale controller according to the address of the grayscale controller, and then the micro-service instance corresponding to the grayscale version information can be called according to the service discovery response result; if the gray switch state is the off state, the micro-service instance can be called directly according to load balance without selecting according to gray version information.
Specifically, the gray controller is used as a public provider and registered in a registration center, all consumers can obtain the address of the gray controller and the gray switch state from the service discovery response result, and when the gray switch state is in an open state, the consumers access the gray controller to obtain gray version information, can obtain the version number of the provider and then perform load balancing on the provider instance with the specified version number, so that the gray release of the flow is realized; otherwise, load balancing is carried out on the provider full version example.
Through the setting, the gray version information, namely the micro-service example with priority calling, can be called preferentially for load balancing, so that the gray release of the flow is realized, and the method is more convenient and fast.
In this embodiment, optionally, the invoking a micro-service instance of a provider according to the service discovery response result includes: and if the gray switch state is an off state and the micro service instance of the calling provider comprises two or more versions, calling the micro service instance of the two or more versions of the provider based on a load balancing principle.
The load balancing principle can be understood as performing balancing call based on the resource state of each micro service instance. In this embodiment, if the grayscale switch state is an off state and the micro-service instance of the provider includes two or more versions, the micro-service instance of the two or more versions of the provider is invoked based on the load balancing principle. By means of the setting, when the gray switch state is the off state and the versions of the micro service instance are two or more than two, the micro service instance can be called by adopting the load balancing principle, so that the load balancing is more conveniently realized, and the gray distribution of the flow is realized.
The invention obtains the first time stamp when the consumer initiates the service discovery request; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information; sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the verification is passed, returning a service discovery response result to the consumer; receiving a service discovery response result returned by the registration center, and if the access authority switch is in an open state, acquiring an interface with access authority; and establishing connection with the provider according to the provider address, and calling the micro service instance of the provider through an interface with access authority. And the service discovery response result also comprises the states of a provider interface and an access authority switch. By the technical scheme of the invention, the safety of micro-service calling can be improved.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a device for calling a microservice according to a third embodiment of the present invention, where the device can execute a method for calling a microservice provided by any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 4, the apparatus includes:
a first timestamp obtaining module 410, configured to obtain a first timestamp when a consumer initiates a service discovery request;
the identity authentication information obtaining module 420 is configured to encrypt the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information;
the information verification module 430 is configured to send the identity authentication information and the service discovery request to a registration center, so that the registration center verifies the identity authentication information, and if the verification passes, returns a service discovery response result to the consumer;
a micro-service instance invoking module 440, configured to receive a service discovery response result returned by the registry, and invoke a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address.
Optionally, the plurality of keys include three keys, which are a first key, a second key and a third key, respectively; the identity authentication information obtaining module 420 includes:
a first plaintext acquisition unit, configured to decode the ciphertext of the first key to obtain a plaintext of the first key;
a second plaintext acquisition unit configured to acquire a plaintext of the second key and a plaintext of the third key based on the plaintext of the first key;
the combined information acquisition unit is used for combining the plaintext of the second secret key, the first timestamp and the micro-service identifier of the consumer to obtain combined information;
and the identity authentication information acquisition unit is used for encrypting the combined information based on the plaintext of the third secret key to acquire identity authentication information.
Optionally, the second plaintext obtaining unit is specifically configured to:
decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key;
and decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.
Optionally, the verification method of the identity authentication information by the registry is as follows:
decrypting the identity authentication information according to the plaintext of the third key to obtain the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer;
acquiring a second timestamp during decryption;
verifying the legitimacy of the plaintext of the second key and the microservice identifier of the consumer;
and performing timeliness verification according to the second time stamp and the first time stamp.
Optionally, the service discovery response result further includes a provider interface and an access right switch state; the microservice instance invoking module 440 is specifically configured to:
if the access authority switch state is an open state, acquiring an interface with access authority;
and establishing connection with the provider according to the provider address, and calling the micro service instance of the provider through an interface with access authority.
Optionally, the service discovery response result further includes a gray scale controller address and a gray scale switch state, and the micro-service instance invoking module 440 is specifically configured to:
if the gray switch state is an open state, acquiring gray version information from a gray controller according to the gray controller address;
and calling the micro service instance corresponding to the gray version information according to the service discovery response result.
Optionally, the micro-service instance invoking module 440 is specifically configured to:
and if the gray switch state is an off state and the micro service instance of the calling provider comprises two or more versions, calling the micro service instance of the two or more versions of the provider based on a load balancing principle.
The device can execute the methods provided by all the embodiments of the invention, and has corresponding functional modules and beneficial effects for executing the methods. For details not described in detail in this embodiment, reference may be made to the methods provided in all the foregoing embodiments of the present invention.
Example four
Fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. The electronic device 10 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 can also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 11 performs the various methods and processes described above, such as calling methods for microservices.
In some embodiments, the calling method of the microservice may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the calling method of the microservice described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to execute the calling method of the microservice by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for invoking a microservice, comprising:
obtaining a first timestamp when a consumer initiates a service discovery request;
encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information;
sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the verification is passed, returning a service discovery response result to the consumer;
receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address.
2. The method of claim 1, wherein the plurality of keys comprises three keys, a first key, a second key, and a third key; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information, comprising:
decoding the ciphertext of the first secret key to obtain the plaintext of the first secret key;
acquiring a plaintext of the second key and a plaintext of the third key based on the plaintext of the first key;
combining the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer to obtain combined information;
and encrypting the combined information based on the plaintext of the third secret key to obtain identity authentication information.
3. The method of claim 2, wherein obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key comprises:
decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key;
and decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.
4. The method of claim 2, wherein the registry verifies the identity authentication information in a manner that:
decrypting the identity authentication information according to the plaintext of the third key to obtain the plaintext of the second key, the first timestamp and the micro-service identifier of the consumer;
acquiring a second time stamp during decryption;
verifying the legitimacy of the plaintext of the second key and the microservice identifier of the consumer;
and performing timeliness verification according to the second timestamp and the first timestamp.
5. The method of claim 1, wherein the service discovery response result further comprises a provider interface and access rights switch status; invoking a micro-service instance of a provider according to the service discovery response result, comprising:
if the access authority switch state is an open state, acquiring an interface with access authority;
and establishing connection with the provider according to the provider address, and calling the micro service instance of the provider through an interface with access authority.
6. The method of claim 1 or 5, wherein the service discovery response result further comprises a gray scale controller address and a gray scale switch state, and invoking a micro-service instance of a provider according to the service discovery response result comprises:
if the gray switch state is an open state, acquiring gray version information from a gray controller according to the gray controller address;
and calling the micro service instance corresponding to the gray version information according to the service discovery response result.
7. The method of claim 6, wherein invoking a micro-service instance of a provider according to the service discovery response result comprises:
and if the gray switch state is an off state and the micro service instance of the calling provider comprises two or more versions, calling the micro service instance of the two or more versions of the provider based on a load balancing principle.
8. An apparatus for invoking a microservice, comprising:
the first timestamp acquisition module is used for acquiring a first timestamp when a consumer initiates a service discovery request;
the identity authentication information acquisition module is used for encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of secret keys to acquire identity authentication information;
the information verification module is used for sending the identity authentication information and the service discovery request to a registration center so as to enable the registration center to verify the identity authentication information, and if the identity authentication information passes the verification, returning a service discovery response result to the consumer;
the micro-service instance calling module is used for receiving a service discovery response result returned by the registration center and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of calling a microservice of any of claims 1-7.
10. A computer-readable storage medium storing computer instructions for causing a processor to implement the method of calling a microservice of any of claims 1-7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211659070.9A CN115801286A (en) | 2022-12-22 | 2022-12-22 | Calling method, device, equipment and storage medium of microservice |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211659070.9A CN115801286A (en) | 2022-12-22 | 2022-12-22 | Calling method, device, equipment and storage medium of microservice |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115801286A true CN115801286A (en) | 2023-03-14 |
Family
ID=85426417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211659070.9A Pending CN115801286A (en) | 2022-12-22 | 2022-12-22 | Calling method, device, equipment and storage medium of microservice |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801286A (en) |
-
2022
- 2022-12-22 CN CN202211659070.9A patent/CN115801286A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3484125B1 (en) | Method and device for scheduling interface of hybrid cloud | |
| CN107249004B (en) | Identity authentication method, device and client | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| EP4350556A1 (en) | Information verification method and apparatus | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN113674456A (en) | Unlocking method, unlocking device, electronic equipment and storage medium | |
| CN114513350A (en) | Identity verification method, system and storage medium | |
| CN114363088A (en) | Method and device for requesting data | |
| US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| CN102752308A (en) | Network-based digital certificate comprehensive service providing system and implementation method thereof | |
| CN109802927B (en) | Security service providing method and device | |
| CN115801286A (en) | Calling method, device, equipment and storage medium of microservice | |
| CN114117388A (en) | Device registration method, device registration apparatus, electronic device, and storage medium | |
| CN113626848A (en) | Sample data generation method and device, electronic equipment and computer readable medium | |
| CN113704723B (en) | Block chain-based digital identity verification method and device and storage medium | |
| CN112565156A (en) | Information registration method, device and system | |
| CN116112172B (en) | Android client gRPC interface security verification method and device | |
| CN114697956B (en) | Secure communication method and device based on double links | |
| CN116389168B (en) | Identity authentication method and device | |
| CN117670341A (en) | Authentication method, device, equipment and storage medium for payment terminal | |
| US20220191187A1 (en) | Method and system for near field communication authorization sharing | |
| CN116094835A (en) | Service data encryption method, service data decryption method, device and equipment | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN117370954A (en) | Password resource pool management method, device, equipment and storage medium | |
| CN115357919A (en) | Data processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |