CN116166409A - Resource creation method and device, electronic equipment and storage medium - Google Patents
Resource creation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116166409A CN116166409A CN202111415947.5A CN202111415947A CN116166409A CN 116166409 A CN116166409 A CN 116166409A CN 202111415947 A CN202111415947 A CN 202111415947A CN 116166409 A CN116166409 A CN 116166409A
- Authority
- CN
- China
- Prior art keywords
- thread
- key
- request
- variable storage
- storage class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4488—Object-oriented
- G06F9/4492—Inheritance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/5018—Thread allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a resource creation method, a resource creation device, electronic equipment and a storage medium. The method comprises the following steps: receiving a first request of a terminal through a second thread, and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread; acquiring a first key from a variable storage class corresponding to a second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread; and sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for creating resources, an electronic device, and a storage medium.
Background
The multi-cloud management platform can provide one-stop cross-public cloud server resource management service, and in the process of requesting to create one cloud resource by a user, a plurality of different cloud server application program interfaces (APIs, application Programming Interface) need to be called, and when different cloud server APIs are called, a secret key needs to be used for authentication. In the related art, in the process of executing a resource creation task through a thread, there are problems of low key transfer efficiency and data interference.
Disclosure of Invention
In view of the foregoing, a primary object of the embodiments of the present application is to provide a method, an apparatus, an electronic device, and a storage medium for resource creation, so as to at least solve the problem of low key transmission efficiency in the process of executing a resource creation task by a thread in the related art.
In order to achieve the above purpose, the technical solution of the embodiments of the present application is implemented as follows:
the embodiment of the application provides a resource creation method, which comprises the following steps:
receiving a first request of a terminal through a second thread, and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread;
Acquiring a first key from a variable storage class corresponding to a second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread;
and sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
In the above scheme, the first request carries a first identifier, and the first identifier characterizes the identifier of the terminal that initiates the first request; in the case that the variable storage class corresponding to the second thread does not store the first key, the method includes:
acquiring a first key corresponding to the first identifier from a setting database by the second thread based on the first identifier;
and storing the first key to a variable storage class corresponding to the second thread.
In the above solution, when the first key is stored in the variable storage class corresponding to the second thread, the method includes:
Encrypting the first key through a public key encryption (RSA) algorithm to obtain an encrypted first key;
and storing the thread object information corresponding to the second thread and the encrypted first key into a variable storage class corresponding to the second thread in a key value pair mode.
In the above solution, after the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, the method further includes:
and storing the thread object information corresponding to the first thread and the first key into a variable storage class corresponding to the first thread in a key value pair mode.
In the above scheme, the method further comprises:
after obtaining a corresponding request result from the cloud server through the first thread, deleting a key value pair corresponding to a first key in a variable storage class corresponding to the first thread;
and deleting a key value pair corresponding to the first key in the variable storage class corresponding to the second thread after the request result is returned to the terminal through the second thread.
In the above solution, the obtaining, by the first thread, the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class includes:
Checking whether a first key stored in a variable storage class corresponding to the second thread is valid or not through the first thread to obtain a checking result;
and under the condition that the verification result indicates that the first key stored in the variable storage class corresponding to the second thread is effective, acquiring the first key from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class.
In the above solution, when the first thread checks whether the first key stored in the variable storage class corresponding to the second thread is valid, the method includes:
every set time, calling a set cloud server authentication API through the first key carried by the first thread, judging whether the set cloud server authentication API is successfully called, and obtaining a judging result;
under the condition that the judging result represents that the set cloud server authentication API is successfully called, determining that the first secret key is valid;
and under the condition that the judging result indicates that the set cloud server authentication API cannot be successfully called, determining that the first key is invalid.
The embodiment of the application also provides a resource creation device, which comprises:
The determining unit is used for receiving a first request of the terminal through the second thread and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread;
the obtaining unit is used for obtaining a first key from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread;
and the sending unit is used for sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
The embodiment of the application also provides electronic equipment, which comprises: a processor and a memory for storing a computer program capable of running on the processor, wherein,
the processor is configured to perform the steps of any of the methods described above when the computer program is run.
The present application also provides a storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the methods described above.
In the embodiment of the application, a first request of a terminal is received through a second thread, and the first thread is determined based on the first request, wherein the first request is used for requesting to create a first resource, the first thread is used for processing the first request, and the first thread is a child thread of the second thread. And acquiring, by the first thread, a first key from a variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to provide permission credentials when the first thread requests creation of the first resource from the cloud server. And sending the first request and the first key to the corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread. Therefore, when the resource creation request of the terminal is processed through the first thread, the first thread does not need to execute a series of initialization operations for acquiring the corresponding key, and based on the corresponding inheritable variable storage class, the corresponding key can be quickly acquired from the variable storage class of the father thread, so that the resource creation request can be quickly processed based on the acquired key, the quick transmission of the key is realized, the transmission efficiency of the key is improved, and the efficiency of processing the resource creation request is also improved. In addition, in the process of processing the resource creation request, the corresponding secret key does not need to be transferred layer by layer, so that the problem of code redundancy of the background is avoided.
Drawings
Fig. 1 is a schematic implementation flow chart of a resource creation method provided in an embodiment of the present application;
FIG. 2 is a flowchart of an implementation of a resource creation method provided by an embodiment of the application;
fig. 3 is a schematic diagram of a resource creating device provided in an embodiment of the present application;
fig. 4 is a schematic diagram of a hardware composition structure of an electronic device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system configurations, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical solutions described in the embodiments of the present application may be arbitrarily combined without any conflict.
In addition, in the embodiments of the present application, the terms "first," "second," etc. are used to distinguish similar objects and are not necessarily used to describe a particular order or precedence. The term "and/or" is merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
With the popularization of cloud concepts and the improvement of the convenience of cloud servers, so far, cloud servers have been developed as infrastructure of an enterprise internet technology architecture, and enterprises are not hesitant to need cloud servers anymore, but pay attention to which cloud server is used and whether the excellent characteristics of the cloud servers can be fully exerted. The mainstream public cloud servers in the current market have various characteristics, and the multi-cloud management platform can select proper public cloud servers according to different requirements and provide one-stop type cross-public cloud server resource management service. In the process of creating a cloud resource by a user, multiple APIs of different cloud servers need to be called, and when different APIs of cloud servers are called, authentication is needed by using a key, so that the transmission of the key in a back-end server is indispensable.
In the related art, the following key transmission realization modes in the multi-cloud management platform are mainly provided:
1. the key parameters are explicitly passed. Specifically, each method in communication with the multi-cloud management platform explicitly receives the key parameters, and the key parameters are transmitted layer by layer as the necessary parameters in the call link. The method is simple and effective, but in the implementation process, the background receiving parameters are complex in definition, and the code redundancy is high. Because the key parameters are visible in the transmission process, a great potential safety hazard exists.
2. The key cache identifies the delivery mode. Specifically, after the key is cached in the cloud server memory, a corresponding key cache identifier is obtained. The key cache identity is communicated within respective methods of communicating with the multi-cloud management platform. The security of the key is improved by the mode, but the key cache identifier is also required to be transmitted layer by layer as a parameter, so that the problems of complex definition of the background receiving parameter and higher code redundancy still exist in the implementation process.
3. Thread variable storage class storage key mode. Specifically, the Java development kit (JDK, java Development Kit) provides a variable storage class (ThreadLocal) for a thread, which is a storage class inside a thread. Data may be stored in a variable storage class corresponding to a given thread, after which only some particular threads may obtain the stored data from the given thread. After the identification of the terminal initiating the request is obtained, inquiring to obtain the corresponding key, and storing the key into the variable storage class corresponding to the current thread. Various methods of communicating with the multi-cloud management platform take keys from the current thread as needed. Because threads have the characteristic of independent operation, keys stored in different threads do not influence each other. The method can not only promote the security of the secret key, but also avoid the problem of background code redundancy. However, when an asynchronous processing resource creation request is required, the child thread cannot directly acquire the key stored in the variable storage class corresponding to the parent thread, so that the key transfer efficiency between the child and parent threads is low. And the threads are usually managed and reused by the thread pool, and the life cycle of the variable storage class corresponding to the threads is ended along with the destruction of the threads, so that after the execution of the task in the threads is ended, the secret key stored in the corresponding variable storage class is always reserved, and the hidden danger of data interference is caused to the execution of the next task of the threads.
That is, in the related art, there are problems in that user key transfer efficiency is low and data is disturbed in the process of executing a resource creation task through a thread.
Based on the foregoing, embodiments of the present application provide a method, an apparatus, an electronic device, and a storage medium for creating a resource, where a first request of a terminal is received by a second thread, and a first thread is determined based on the first request, where the first request is used to request to create the first resource, the first thread is used to process the first request, and the first thread is a child thread of the second thread. And acquiring, by the first thread, a first key from a variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to provide permission credentials when the first thread requests creation of the first resource from the cloud server. And sending the first request and the first key to the corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread. Therefore, when the resource creation request of the terminal is processed through the first thread, the first thread does not need to execute a series of initialization operations for acquiring the corresponding key, and based on the corresponding inheritable variable storage class, the corresponding key can be quickly acquired from the variable storage class of the father thread, so that the resource creation request can be quickly processed based on the acquired key, the quick transmission of the key is realized, the transmission efficiency of the key is improved, and the efficiency of processing the resource creation request is also improved. In addition, in the process of processing the resource creation request, the corresponding secret key does not need to be transferred layer by layer, so that the problem of code redundancy of the background is avoided.
The present application is described in further detail below with reference to the accompanying drawings and examples.
Fig. 1 is a schematic implementation flow chart of a resource creation method according to an embodiment of the present application. As shown in fig. 1, the method includes:
step 101: receiving a first request of a terminal through a second thread, and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child of the second thread.
Here, a first request of the terminal is received by the second thread, the first request being for requesting creation of the first resource. The second thread is a parent thread and the first thread is a child thread of the second thread. After the parent thread receives the first request, a child thread is assigned to process the first request. After determining that the first request is processed by the first thread, the second thread obtains thread object information of the first thread and returns the thread object information to the terminal. The thread object information includes at least a thread identification, a thread object priority, and a thread status.
Step 102: acquiring a first key from a variable storage class corresponding to a second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used to provide rights credentials when a request is made to the cloud server by the first thread to create a first resource.
Here, the first key is acquired from the variable storage class corresponding to the second thread based on the inheritable variable storage class (inheritable local) corresponding to the first thread. The first key is used to provide rights credentials when a request is made to the cloud server by the first thread to create the first resource.
In practical application, JDK provides inheritable variable storage class for the first thread, which is a subclass of the variable storage class and has the property of acquiring data from the variable storage class corresponding to the parent thread.
Under the condition that the first key is stored in the variable storage class of the second thread, the first key is acquired from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class.
In one embodiment, the obtaining, by the first thread, the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class includes:
checking whether a first key stored in a variable storage class corresponding to the second thread is valid or not through the first thread to obtain a checking result;
and under the condition that the verification result indicates that the first key stored in the variable storage class corresponding to the second thread is effective, acquiring the first key from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class.
Here, if the first key is stored in the variable storage class of the second thread, the first thread does not directly acquire the first key, but first checks whether the first key stored in the variable storage class corresponding to the second thread is valid. Only if the verification result indicates that the first key is valid, the first key is obtained from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class.
Under the condition that the first key is effective through verification, the first key is obtained from the variable storage class corresponding to the second thread, and the first key obtained by the first thread is ensured to be effective, so that the first request can be processed based on the effective first key in a long-time and long-serial processing process, the processing efficiency of the first request is improved, and the problem that the first request is failed to process due to the fact that the first thread processes the first request based on the invalid first key is avoided.
In an embodiment, when the first thread verifies whether the first key stored in the variable storage class corresponding to the second thread is valid, the method includes:
every set time, calling a set cloud server authentication API through the first key carried by the first thread, judging whether the set cloud server authentication API is successfully called, and obtaining a judging result;
Under the condition that the judging result represents that the set cloud server authentication API is successfully called, determining that the first secret key is valid;
and under the condition that the judging result indicates that the set cloud server authentication API cannot be successfully called, determining that the first key is invalid.
Here, checking whether the first key stored in the variable storage class corresponding to the second thread is valid is mainly performed by requesting to call a set cloud server authentication API through the first thread Cheng Xiedai for the first key every set period of time, and determining whether the first key is valid according to whether the set cloud server authentication API can be successfully called. The set cloud server authentication API is an API which is specially set and used for authenticating the secret key.
The first key not only can provide the authority certificate when requesting to create the first resource to the cloud server, but also can provide the authority certificate when requesting to call the set cloud server authentication API. Thus, if the first key is valid, the set cloud server authentication API may be successfully invoked based on the first key. If the first key is invalid, the set cloud server authentication API cannot be successfully called based on the invalid first key because the invalid first key cannot provide the permission credential.
In practical application, in some application scenarios, a timing detection task may be configured for the first thread, and a key verification tool class may be configured, where the first thread performs the timing detection task based on the key verification tool class, that is, the validity of the first key stored in the variable storage class corresponding to the second thread is verified every set duration. The starting of the timing detection task can increase the memory consumption of the system, so that the system can be flexibly started according to actual needs. The thread pool performs surrounding enhancement processing on the thread executing execution method, the execution method can record the thread currently executing the task, starts a timing detection task on the thread currently executing the task, and acquires the first secret key stored in the corresponding variable storage class at fixed time to check the validity.
If the first thread checks that the first key is invalid, the first thread notifies the second thread to re-acquire the first key and notifies the second thread to update the stored first key in the corresponding variable storage class.
In practical applications, in other application scenarios, a timing detection task may be configured for the second thread, and a key verification tool class may be configured. The second thread executes the timing detection task based on the key checking tool class, namely checking the validity of the keys stored in the variable storage class corresponding to the second thread every set time period, and checking the validity of the keys stored in the variable storage class corresponding to a plurality of sub-threads of the second thread, namely, checking the validity of the keys stored in each activated thread in the current thread pool by the second thread.
The cloud server authentication API carrying the first key request call setting is judged whether to be successful or not to judge whether the first key is valid or not, and the validity of the first key can be accurately judged. Because the validity of the first key is checked at regular time, under the condition that the first key is invalid, the second thread can reacquire the first key and complete the updating operation of the first key, so that the first key can be ensured to be valid in the current execution period.
In an embodiment, after obtaining, by the first thread, the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, the method further comprises:
and storing the thread object information corresponding to the first thread and the first key into a variable storage class corresponding to the first thread in a key value pair mode.
After the first Key is acquired from the variable storage class corresponding to the second thread, the thread object information corresponding to the first thread and the first Key are stored in the variable storage class corresponding to the first thread in the form of a Key-Value pair. Specifically, the thread identifier corresponding to the first thread may be used as a Key (Key), the first Key may be used as a Value (Value), and the first Key may be stored in the variable storage class corresponding to the first thread in the form of a Key-Value pair. Thus, if the first key is needed to be used, the thread identifier of the first thread can be carried in the request, and then the first key corresponding to the thread identifier of the first thread is obtained from the variable storage class corresponding to the first thread.
The first key stored in the variable storage class corresponding to the second thread is an encrypted first key, and thus the first thread obtains and stores the encrypted first key. The encrypted first key is transferred between the first thread and the second thread, so that the security of the first key is ensured.
By storing the corresponding thread object information and the first key in the form of key value pairs after the first thread Cheng Huoqu first key, when the first thread processes the first request, the corresponding first key can be quickly obtained from the corresponding variable storage class, so that the first request can be quickly processed, and the processing efficiency is improved.
Step 103: and sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
Here, after acquiring the first key, the first thread sends the first request and the first key to the corresponding cloud server, so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
In practical application, the background is configured with a cloud resource creation tool class, and the first thread calls the cloud resource creation tool class to create the first resource.
Specifically, under the condition that the Key-Value pair is stored in the variable storage class corresponding to the first thread, according to the obtained thread object information of the first thread, such as the thread identifier, a corresponding first Key is found from the Key-Value pair stored in the variable storage class corresponding to the first thread. After the first key is obtained, the encrypted first key is decrypted by utilizing an RSA algorithm, and the decrypted first key is obtained.
The first thread transmits the decrypted first key to the cloud resource creation tool class, and the cloud resource creation tool class carries the decrypted first key and the first request to request the corresponding cloud server. After the cloud server completes the related authentication by using the decrypted first key, returning a request result corresponding to the first request to the cloud resource creation tool class, returning the corresponding request result to the first thread by the cloud resource creation tool class, returning the corresponding request result to the second thread after the first thread receives the corresponding request result to perform necessary warehousing processing operation, and finally returning the corresponding request result to the terminal by the second thread.
If the Key-Value pair is not stored in the variable storage class corresponding to the first thread, returning a null Value 'null', and acquiring a first Key from the variable storage class corresponding to the second thread by the inheritable variable storage class corresponding to the first thread.
It should be noted that, before the first request is processed, the variable storage class corresponding to the first thread does not store other keys, and after the first request is started to be processed, the first thread obtains the first Key from the variable storage class corresponding to the second thread and stores the first Key, that is, the Key-Value pair stored in the variable storage class corresponding to the first thread is the Key-Value pair related to only the first Key. Therefore, when the Key is searched from the stored Key-Value pair according to the thread object information of the first thread, such as the thread identification, no other Key is searched, and only the first Key is searched.
In an embodiment, the first request carries a first identifier, and the first identifier characterizes an identifier of a terminal initiating the first request; in the case that the variable storage class corresponding to the second thread does not store the first key, the method includes:
acquiring a first key corresponding to the first identifier from a setting database by the second thread based on the first identifier;
And storing the first key to a variable storage class corresponding to the second thread.
Here, the first request carries a first identifier, where the first identifier characterizes an identifier of a terminal that initiates the first request. In practical applications, the first request may be a hypertext transfer protocol (HTTP, hyper Text Transfer Protocol) request, where the HTTP request carries a terminal identifier.
If the variable storage class corresponding to the second thread stores the first key, the first thread may obtain the first key from the second thread. If the variable storage class corresponding to the second thread does not store the first key, the second thread needs to execute an operation of acquiring the first key, specifically, the second thread acquires the first key corresponding to the first identifier from the set database based on the first identifier carried by the first request, and then stores the acquired first key to the variable storage class corresponding to the second thread. The set database stores keys corresponding to various terminal identifiers in advance.
By acquiring and storing the corresponding first key from the setting database based on the first identifier, the first key matched with the first request can be accurately acquired, and the first thread can quickly acquire the first key from the variable storage class corresponding to the second thread.
In an embodiment, when the first key is stored in the variable storage class corresponding to the second thread, the method includes:
encrypting the first key through an RSA algorithm to obtain an encrypted first key;
and storing the thread object information corresponding to the second thread and the encrypted first key into a variable storage class corresponding to the second thread in a key value pair mode.
Here, after the second thread obtains the first key from the setting database, the first key is encrypted by the RSA algorithm to obtain the encrypted first key. The public key and the private key in the RSA algorithm are generated after the variable storage class corresponding to the second thread obtains the key by default.
And storing the thread object information corresponding to the second thread and the encrypted first Key into a variable storage class corresponding to the second thread in a Key-Value pair mode. Specifically, the thread identifier corresponding to the second thread may be used as a Key, the encrypted first Key may be used as a Value, and the encrypted first Key may be stored in a variable storage class corresponding to the second thread in the form of a Key-Value pair. Thus, if the encrypted first key needs to be obtained, the request may carry the thread identifier of the second thread, and then the encrypted first key corresponding to the thread identifier of the second thread is obtained from the variable storage class corresponding to the second thread.
By storing the encrypted first key in the variable storage class corresponding to the second thread, the security of the stored first key is improved.
In an embodiment, the method further comprises:
after obtaining a corresponding request result from the cloud server through the first thread, deleting a key value pair corresponding to a first key in a variable storage class corresponding to the first thread;
and deleting a key value pair corresponding to the first key in the variable storage class corresponding to the second thread after the request result is returned to the terminal through the second thread.
Here, after the corresponding request result is obtained from the cloud server by the first thread, the first thread performs necessary binning processing operation on the request result, and transfers the request result to the second thread, and then the processing procedure of the first thread on the first request is completed, in this case, according to the thread object information corresponding to the first thread, the key value pair corresponding to the first key in the variable storage class corresponding to the first thread is deleted.
After the request result is returned to the terminal through the second thread, the task of the second thread is already executed, and in this case, the key value pair corresponding to the first key in the variable storage class corresponding to the second thread is deleted according to the thread object information corresponding to the second thread.
In practical application, the task execution class (task executor) of the thread pool can be used for clearing the key value pair corresponding to the first key stored in the corresponding variable storage class after the task corresponding to each thread is executed.
After the first thread and the second thread execute the corresponding tasks, deleting the key value pairs corresponding to the first keys in the corresponding variable storage classes, so that data interference caused to subsequent task execution of the first thread and the second thread can be avoided, an operation and maintenance person is not required to manually clear the key value pairs corresponding to the first keys after the task execution of the threads is finished, and the efficiency of resource creation requests is improved.
Fig. 2 is a flowchart of an implementation of a resource creation method provided by an application embodiment of the present application, as shown in fig. 2:
after the terminal initiates the first request for creating the first resource, the second thread, i.e. the parent thread, allocates a first thread to process the first request initiated by the terminal. And the second thread acquires thread object information corresponding to the first thread and returns the thread object information to the terminal.
A timing detection task may be configured for the second thread, and validity of keys stored in variable storage classes corresponding to each thread in the thread pool is detected by the second thread.
And under the condition that the first key is stored in the variable storage class corresponding to the second thread, the first key is acquired from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class. Under the condition that the first key is not stored in the variable storage class corresponding to the second thread, the operation of acquiring the first key is executed through the second thread, namely, the first key corresponding to the first identifier is acquired from a set database based on the first identifier carried in the first request, the first key is encrypted through an RSA algorithm, and the thread object information corresponding to the second thread and the encrypted first key are stored in the variable storage class corresponding to the second thread in a key value pair mode. At this time, the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class.
After the first line Cheng Huoqu first key, the method is called to create the first resource, specifically, the cloud resource creation tool class is called, the encrypted first key is obtained from the variable storage class corresponding to the first line, after the encrypted first key is obtained, the encrypted first key is decrypted, and the decrypted first key is transferred to the cloud resource creation tool class.
The cloud resource creation tool class carries the first request and the decrypted first key and requests a corresponding cloud server.
And after finishing the related authentication by using the decrypted first key, the cloud server returns a request result corresponding to the first request to the cloud resource creation tool class.
And the cloud resource creation tool class returns the corresponding request result to the first thread. After the first thread receives the corresponding request result and performs necessary warehousing processing operation, the corresponding request result is returned to the second thread. After the first thread returns the corresponding request result to the second thread, the key value pair corresponding to the first key stored in the variable storage class corresponding to the first thread is cleared.
And the second thread returns the corresponding request result to the terminal. And after the second thread returns the corresponding request result to the terminal, clearing the key value pair corresponding to the first key stored in the variable storage class corresponding to the second thread.
In one application embodiment of the present application, in the context of JDK, a thread pool is first configured. Setting parameters such as thread number, queue number and the like, and generating a fixed-length thread pool. If the number of threads can be set to 2, a thread pool is generated that contains 2 threads.
And distributing a resource creation request initiated by the thread processing terminal from the thread pool according to the set thread pool.
The storage position of the key is set, and the key can be stored in a variable storage class corresponding to the father thread. Any data can be stored in the variable storage class corresponding to each thread, and the type of the data stored in the variable storage class corresponding to each thread can be set to be universal.
Setting the acquisition mode of the key. And if the corresponding key is stored in the variable storage class corresponding to the parent thread of the current thread requested by the processing terminal, acquiring the corresponding key from the variable storage class corresponding to the parent thread. If the corresponding key is not stored in the variable storage class corresponding to the parent thread of the current thread, the parent thread executes related operation of acquiring the corresponding key, namely, acquires the terminal identifier carried in the request initiated by the terminal, and acquires the corresponding key in the setting database based on the terminal identifier. After the corresponding key is stored in the variable storage class corresponding to the parent thread, the current thread acquires the corresponding key from the variable storage class corresponding to the parent thread based on the corresponding inheritable variable storage class.
And setting a verification mode of the validity of the key. When checking the key stored in the variable storage class corresponding to the thread, carrying the key request to call a set cloud server authentication API, and determining whether the key is effective according to whether the set cloud server authentication API can be successfully called.
In the embodiment of the application, a first request of a terminal is received through a second thread, and the first thread is determined based on the first request, wherein the first request is used for requesting to create a first resource, the first thread is used for processing the first request, and the first thread is a child thread of the second thread. And acquiring, by the first thread, a first key from a variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to provide permission credentials when the first thread requests creation of the first resource from the cloud server. And sending the first request and the first key to the corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread. Therefore, when the resource creation request of the terminal is processed through the first thread, the first thread does not need to execute a series of initialization operations for acquiring the corresponding key, and based on the corresponding inheritable variable storage class, the corresponding key can be quickly acquired from the variable storage class of the father thread, so that the resource creation request can be quickly processed based on the acquired key, the quick transmission of the key is realized, the transmission efficiency of the key is improved, and the efficiency of processing the resource creation request is also improved. In addition, in the process of processing the resource creation request, the corresponding secret key does not need to be transferred layer by layer, so that the problem of code redundancy of the background is avoided.
In order to implement the method of the embodiment of the present application, the embodiment of the present application further provides a resource creation device, and fig. 3 is a schematic diagram of the resource creation device provided in the embodiment of the present application, as shown in fig. 3, where the device includes:
a determining unit 301, configured to receive, by a second thread, a first request of a terminal, and determine the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child of the second thread.
An obtaining unit 302, configured to obtain, by the first thread, a first key from a variable storage class corresponding to the second thread, based on a corresponding inheritable variable storage class; the first key is used to provide rights credentials when a request is made to the cloud server by the first thread to create a first resource.
And the sending unit 303 is configured to send the first request and the first key to a corresponding cloud server through the first thread, so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
In an embodiment, the first request carries a first identifier, and the first identifier characterizes an identifier of a terminal initiating the first request; the apparatus further comprises: the storage unit is used for acquiring a first key corresponding to the first identifier from a setting database based on the first identifier through the second thread;
And storing the first key to a variable storage class corresponding to the second thread.
In an embodiment, the storage unit is further configured to encrypt the first key through an RSA algorithm to obtain an encrypted first key;
and storing the thread object information corresponding to the second thread and the encrypted first key into a variable storage class corresponding to the second thread in a key value pair mode.
In an embodiment, the storage unit is further configured to store the thread object information corresponding to the first thread and the first key to a variable storage class corresponding to the first thread in a key value pair form.
In an embodiment, the device further comprises: a deleting unit, configured to delete a key value pair corresponding to a first key in a variable storage class corresponding to the first thread after obtaining a corresponding request result from the cloud server through the first thread;
and deleting a key value pair corresponding to the first key in the variable storage class corresponding to the second thread after the request result is returned to the terminal through the second thread.
In an embodiment, the obtaining unit 302 is further configured to verify, by using the first thread, whether a first key stored in a variable storage class corresponding to the second thread is valid, to obtain a verification result;
And under the condition that the verification result indicates that the first key stored in the variable storage class corresponding to the second thread is effective, acquiring the first key from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class.
In an embodiment, the device further comprises: the judging unit is used for judging whether the set cloud server authentication API is successfully called or not through the first thread carrying the first key request calling the set cloud server authentication API every a set time length, and obtaining a judging result;
under the condition that the judging result represents that the set cloud server authentication API is successfully called, determining that the first secret key is valid;
and under the condition that the judging result indicates that the set cloud server authentication API cannot be successfully called, determining that the first key is invalid.
In practical applications, the determining unit 301, the acquiring unit 302, the transmitting unit 303, the storing unit, the deleting unit, the judging unit may be implemented by a processor in a terminal, such as a central processing unit (CPU, central Processing Unit), a digital signal processor (DSP, digital Signal Processor), a micro control unit (MCU, microcontroller Unit), a programmable gate array (FPGA, field-Programmable Gate Array), or the like.
It should be noted that: in the resource creation device provided in the above embodiment, only the division of each program module is used for illustration when information is displayed, and in practical application, the above processing allocation may be performed by different program modules according to needs, that is, the internal structure of the device is divided into different program modules, so as to complete all or part of the processing described above. In addition, the resource creating device and the resource creating method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the resource creating device and the resource creating method are detailed in the method embodiments, which are not described herein again.
Based on the hardware implementation of the program modules, and in order to implement the method of the embodiment of the application, the embodiment of the application also provides an electronic device. Fig. 4 is a schematic diagram of a hardware composition structure of an electronic device according to an embodiment of the present application, where, as shown in fig. 4, the electronic device includes:
a communication interface 401 capable of information interaction with other devices such as a network device and the like;
and the processor 402 is connected with the communication interface 401 to realize information interaction with other devices, and is used for executing the method provided by one or more technical schemes on the terminal side when running the computer program. And the computer program is stored on the memory 403.
Specifically, the processor 402 is configured to receive, by a second thread, a first request of a terminal, and determine, based on the first request, a first thread; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread;
acquiring a first key from a variable storage class corresponding to a second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread;
and sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
In an embodiment, the first request carries a first identifier, and the first identifier characterizes an identifier of a terminal initiating the first request; the processor 402 is further configured to obtain, by the second thread, based on the first identifier, a first key corresponding to the first identifier from a setting database, where the first key is not stored in a variable storage class corresponding to the second thread;
And storing the first key to a variable storage class corresponding to the second thread.
In an embodiment, when the first key is stored in the variable storage class corresponding to the second thread, the processor 402 is further configured to encrypt the first key by an RSA algorithm to obtain an encrypted first key;
and storing the thread object information corresponding to the second thread and the encrypted first key into a variable storage class corresponding to the second thread in a key value pair mode.
In an embodiment, after the first key is obtained from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class, the processor 402 is further configured to store the thread object information corresponding to the first thread and the first key in a key value pair to the variable storage class corresponding to the first thread.
In an embodiment, the processor 402 is further configured to delete a key value pair corresponding to a first key in a variable storage class corresponding to the first thread after obtaining, by the first thread, a corresponding request result from the cloud server;
and deleting a key value pair corresponding to the first key in the variable storage class corresponding to the second thread after the request result is returned to the terminal through the second thread.
In an embodiment, the processor 402 is further configured to verify, by using the first thread, whether a first key stored in a variable storage class corresponding to the second thread is valid, to obtain a verification result;
and under the condition that the verification result indicates that the first key stored in the variable storage class corresponding to the second thread is effective, acquiring the first key from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class.
In an embodiment, when the first thread verifies whether the first key stored in the variable storage class corresponding to the second thread is valid, the processor 402 is further configured to determine, by using the first thread carrying the first key, whether to call a set cloud server authentication API, and obtain a determination result, by requesting, by the first thread, to call the set cloud server authentication API every set time period;
under the condition that the judging result represents that the set cloud server authentication API is successfully called, determining that the first secret key is valid;
and under the condition that the judging result indicates that the set cloud server authentication API cannot be successfully called, determining that the first key is invalid.
Of course, in actual practice, the various components in the electronic device would be coupled together via bus system 404. It is appreciated that the bus system 404 serves to facilitate connected communications between these components. The bus system 404 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration the various buses are labeled as bus system 404 in fig. 4.
The memory 403 in the present embodiment is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program for operating on an electronic device.
It will be appreciated that memory 403 may be volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. Wherein the nonvolatile Memory may be Read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable Read Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory 403 described in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The methods disclosed in the embodiments of the present application may be applied to the processor 402 or implemented by the processor 402. The processor 402 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the methods described above may be performed by integrated logic circuitry in hardware or instructions in software in processor 402. The processor 402 may be a general purpose processor, DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 402 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied in a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium in memory 403 and the processor 402 reads the program in memory 403 to perform the steps of the method described above in connection with its hardware.
The processor 402, when executing the programs, implements the corresponding flows in the various methods of the embodiments of the application.
In an exemplary embodiment, the present application also provides a storage medium, i.e. a computer storage medium, in particular a computer readable storage medium, for example comprising a memory 403 storing a computer program executable by the processor 402 for performing the steps of the method described above. The computer readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, terminal and method may be implemented in other manners. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
Alternatively, the integrated units described above may be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partly contributing to the prior art, and the computer software product may be stored in a storage medium, and include several instructions to cause an electronic device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of resource creation, the method comprising:
receiving a first request of a terminal through a second thread, and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread;
acquiring a first key from a variable storage class corresponding to a second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread;
and sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
2. The resource creation method according to claim 1, wherein the first request carries a first identifier, and the first identifier characterizes an identifier of a terminal that initiates the first request; in the case that the variable storage class corresponding to the second thread does not store the first key, the method includes:
Acquiring a first key corresponding to the first identifier from a setting database by the second thread based on the first identifier;
and storing the first key to a variable storage class corresponding to the second thread.
3. The resource creation method according to claim 2, wherein when the first key is stored in the variable storage class corresponding to the second thread, the method includes:
encrypting the first key through a public key encryption RSA algorithm to obtain an encrypted first key;
and storing the thread object information corresponding to the second thread and the encrypted first key into a variable storage class corresponding to the second thread in a key value pair mode.
4. The resource creation method of claim 1, wherein after obtaining, by the first thread, the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, the method further comprises:
and storing the thread object information corresponding to the first thread and the first key into a variable storage class corresponding to the first thread in a key value pair mode.
5. The resource creation method of claim 4, further comprising:
After obtaining a corresponding request result from the cloud server through the first thread, deleting a key value pair corresponding to a first key in a variable storage class corresponding to the first thread;
and deleting a key value pair corresponding to the first key in the variable storage class corresponding to the second thread after the request result is returned to the terminal through the second thread.
6. The resource creation method of claim 1, wherein said obtaining, by the first thread, the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, comprises:
checking whether a first key stored in a variable storage class corresponding to the second thread is valid or not through the first thread to obtain a checking result;
and under the condition that the verification result indicates that the first key stored in the variable storage class corresponding to the second thread is effective, acquiring the first key from the variable storage class corresponding to the second thread by the first thread based on the corresponding inheritable variable storage class.
7. The method for creating a resource according to claim 6, wherein when the first thread checks whether the first key stored in the variable storage class corresponding to the second thread is valid, the method comprises:
Every set time, calling a set cloud server authentication application program interface API through the first key carried by the first thread, judging whether the set cloud server authentication API is successfully called, and obtaining a judging result;
under the condition that the judging result represents that the set cloud server authentication API is successfully called, determining that the first secret key is valid;
and under the condition that the judging result indicates that the set cloud server authentication API cannot be successfully called, determining that the first key is invalid.
8. A resource creation apparatus, the apparatus comprising:
the determining unit is used for receiving a first request of the terminal through the second thread and determining the first thread based on the first request; the first request is used for requesting to create a first resource; the first thread is to process the first request; the first thread is a child thread of the second thread;
the obtaining unit is used for obtaining a first key from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class; the first key is used for providing authority credentials when a first resource is requested to be created to a cloud server through the first thread;
And the sending unit is used for sending the first request and the first key to a corresponding cloud server through the first thread so as to obtain a corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
9. An electronic device, comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein,
the processor being adapted to perform the steps of the method of any of claims 1-7 when the computer program is run.
10. A storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the method according to any of claims 1-7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111415947.5A CN116166409A (en) | 2021-11-25 | 2021-11-25 | Resource creation method and device, electronic equipment and storage medium |
| PCT/CN2022/112745 WO2023093139A1 (en) | 2021-11-25 | 2022-08-16 | Resource creation method and apparatus, and electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111415947.5A CN116166409A (en) | 2021-11-25 | 2021-11-25 | Resource creation method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116166409A true CN116166409A (en) | 2023-05-26 |
Family
ID=86418767
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111415947.5A Pending CN116166409A (en) | 2021-11-25 | 2021-11-25 | Resource creation method and device, electronic equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116166409A (en) |
| WO (1) | WO2023093139A1 (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080147915A1 (en) * | 2006-09-29 | 2008-06-19 | Alexander Kleymenov | Management of memory buffers for computer programs |
| CN104301102B (en) * | 2013-07-19 | 2019-03-15 | 中国移动通信集团北京有限公司 | Widget communication means, apparatus and system |
| CN112015663B (en) * | 2020-09-15 | 2024-03-15 | 平安银行股份有限公司 | Test data recording method, device, equipment and medium |
| CN113296798B (en) * | 2021-05-31 | 2022-04-15 | 腾讯科技(深圳)有限公司 | Service deployment method, device and readable storage medium |
-
2021
- 2021-11-25 CN CN202111415947.5A patent/CN116166409A/en active Pending
-
2022
- 2022-08-16 WO PCT/CN2022/112745 patent/WO2023093139A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023093139A1 (en) | 2023-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240048560A1 (en) | Systems and methods for endpoint management | |
| JP5635978B2 (en) | Authenticated database connection for applications without human intervention | |
| CN110086768B (en) | Service processing method and device | |
| US10536271B1 (en) | Silicon key attestation | |
| US9521032B1 (en) | Server for authentication, authorization, and accounting | |
| WO2021219086A1 (en) | Data transmission method and system based on blockchain | |
| US10404689B2 (en) | Password security | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| CN109831435B (en) | Database operation method, system, proxy server and storage medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN109474600B (en) | Account binding method, system, device and equipment | |
| CN111669351B (en) | Authentication method, service server, client and computer readable storage medium | |
| US10579830B1 (en) | Just-in-time and secure activation of software | |
| US20220029808A1 (en) | System, Product and Method for Providing Secured Access to Data | |
| WO2023093500A1 (en) | Access verification method and apparatus | |
| CN116192483A (en) | Authentication method, device, equipment and medium | |
| CN109842616B (en) | Account binding method and device and server | |
| EP3048553A1 (en) | Method for distributing applets, and entities for distributing applets | |
| CN111414640A (en) | Key access control method and device | |
| CN113591121A (en) | Resource access authority configuration method, device, equipment and storage medium | |
| WO2016045042A1 (en) | Method and device for managing content in secure element | |
| CN112637167A (en) | System login method and device, computer equipment and storage medium | |
| CN109802927B (en) | Security service providing method and device | |
| CN114584313B (en) | Equipment physical identity authentication method, system, device and first platform | |
| US20220353081A1 (en) | User authentication techniques across applications on a user device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |