CN116208379B - Method and system for checking MQTT theme publishing and subscribing permission of Internet of things equipment - Google Patents
Method and system for checking MQTT theme publishing and subscribing permission of Internet of things equipment Download PDFInfo
- Publication number
- CN116208379B CN116208379B CN202310006813.0A CN202310006813A CN116208379B CN 116208379 B CN116208379 B CN 116208379B CN 202310006813 A CN202310006813 A CN 202310006813A CN 116208379 B CN116208379 B CN 116208379B
- Authority
- CN
- China
- Prior art keywords
- user
- data
- theme
- authority
- mqtt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012795 verification Methods 0.000 claims abstract description 39
- 238000013500 data storage Methods 0.000 claims abstract description 6
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 5
- 230000006855 networking Effects 0.000 claims 1
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006854 communication Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for checking the MQTT theme publishing and subscribing permission of an Internet of things device, wherein all topics of the system are numbered, and the number corresponds to a permission bit subscript of user topic permission data; secondly, using byte [ ] to store user theme publishing and subscribing rights, converting the user theme publishing and subscribing rights into string data for caching, using a smaller space to record the publishing and subscribing rights of a user to topic, and breaking through the limitation that the rights bit verification by using a long type can only store 64 rights bits at most in the prior art; meanwhile, according to the characteristic that each device of the system only has a few users to have operation authorities, the authorized user ids are spliced and stored into the device user authority array with the device ids as subscript by taking the device as an index in the reverse direction, so that data storage is reduced, and authority verification is quickened.
Description
Technical Field
The invention relates to the technical field of IOT (Internet of things) platforms, in particular to a method and a system for checking MQTT theme publishing and subscribing permission of Internet of things equipment.
Background
MQTT (message queue telemetry transport) is a message protocol based on the publish/subscribe paradigm under the ISO standard (ISO/IEC PRF 20922). The method works on the TCP/IP protocol family and is a publish/subscribe message protocol designed for remote equipment with low hardware performance and under the condition of poor network condition; the biggest advantage of MQTT is that it can provide real-time reliable messaging services to connected remote devices with very little code and limited bandwidth. As an instant messaging protocol with low cost and low bandwidth occupation, the method has wider application in the aspects of Internet of things, small-sized equipment, mobile application and the like. In the communication process, three identities exist in the MQTT protocol: publishers (publishes), proxies (Broker/servers), subscribers (subscribers). Wherein, the publisher and subscriber of the message are clients and the message proxy is a server. In the workflow, one important flow is that a broker performs authority verification of publishing and subscribing on a publisher and a subscriber of a message; as is well known, the internet of things is a concept which extends and expands on the basis of the traditional internet, so that the authority verification of message publishers and subscribers inherits the traditional authority verification method of the internet, the authority points/authority rules are stored in a database, the database is queried when verification is needed, and then verification of publishing and subscribing authorities is carried out, so that whether a user has corresponding publishing and subscribing authorities on a specific topic or not is determined.
Along with the promotion of the interconnection of everything and the national strategy, the existing internet of things platform is connected with massive devices and users, and in a complex service environment, the number of the publishing and subscribing permission points of the devices to the device mqtttopic is very large; under the system environment, the traditional authority verification method can have the problems of overlarge delay and even crushing of a database. Caching the full-scale permission points in the redis database in a conventional manner also causes data storage problems due to the large data volume.
Disclosure of Invention
Therefore, the invention provides a method and a system for checking the MQTT theme publishing subscription permission of the Internet of things equipment, which are used for solving the problems that the space is wasted and the method and the system are not suitable for checking the permission of mass equipment and users in the traditional permission point checking.
In order to achieve the above object, the present invention provides the following technical solutions:
according to a first aspect of an embodiment of the present invention, a method for verifying MQTT theme publishing and subscribing rights of an internet of things device is provided, where the method includes:
creating an authority data cache structure and carrying out data initialization storage, wherein the data cache structure comprises an MQTT theme authority limit data area, a user theme authority limit array and a device user authority array, the MQTT theme authority limit data area is used for carrying out coding storage on a plurality of MQTT themes, the user theme authority limit array is used for storing publishing and subscribing authority identification data of the MQTT themes by a user, and the device user authority array is used for storing user ID data with device operation authority;
and acquiring MQTT subject publishing subscription authority data of the current user request from the cache data according to the user request, checking the MQTT subject publishing subscription authority data with the authority required by the user request, acquiring a user ID list with operation authority for the equipment ID of the current request after the verification is consistent, and judging whether the current user has the operation authority for the equipment of the request by matching the user ID of the current request with the acquired user ID list.
Further, in the data cache structure, the method specifically includes:
in the MQTT topic weight limit data area, data adopts hashmap structure, topic names are used as keys, topic numbers are used as values, and a plurality of MQTT topics are subjected to incremental coding from 0;
in the user theme right limit array, data adopts a list < string > structure, each position of the right point position array corresponds to the user publishing and subscribing right of the current theme number, each theme right is identified by two bits, 00 identifies that the user does not have the publishing and subscribing right of the theme, 01 identifies that the user has the publishing and subscribing right, 10 identifies that the user has the subscribing right, and 11 identifies that the user has the publishing and subscribing right;
in the device user authority array, the data adopts a list < string > structure and is used for storing user ID data with device operation authorities, a plurality of different users are spliced by commas, and the user ID data is stored in a position corresponding to the device ID.
Further, creating a permission data cache structure and performing data initialization storage, which specifically comprises the following steps:
reading an MQTT theme defined in the system, performing incremental coding on the MQTT theme from 0, and storing theme numbers corresponding to different theme names into an MQTT theme right limit data area;
initializing the publishing and subscribing rights owned by the user according to the authorization information, multiplying the topic number which is topic weight limit by 2 to determine the rights in the subscript position of the byte [ ] array, initializing the subscript position and the next position of the byte [ ] data according to the rights of the user to the topic, setting the default of the publishing and subscribing rights to be 00, setting the corresponding publishing and subscribing rights to be 01, setting the subscription rights to be 10, setting the publishing and subscribing rights to be 11, converting the byte [ ] array base64 into string character strings after the initialization is completed, and storing the string character strings in the subscript position corresponding to the user ID in the topic rights bit array of the user;
and acquiring the device ID of the user with the operation authority, splicing the user ID to the subscript position corresponding to the device ID in the device user authority array, and completing the authority data initialization.
Further, the MQTT theme publishing subscription authority data of the current user request is obtained from the cache data according to the user request, and verified with the authority required by the user request, after the verification is consistent, a user ID list having operation authority for the device ID of the current request is obtained, and the matching is performed between the user ID of the current request and the obtained user ID list to determine whether the current user has operation authority for the requested device, which specifically comprises:
acquiring authority bits corresponding to the topics, namely topic number information, from an MQTT topic authority limit data area according to the MQTT topic requested by the user;
acquiring a user theme right limit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
multiplying 2 by the topic number as a subscript according to the topic rights bit information, namely the topic number, obtaining data of a subscript corresponding to byte [ ] and data of a next bit, performing exclusive-or operation on the obtained two-bit data and rights identification data requested by the current user, if the exclusive-or result is 00, indicating that the operation request of the user on the topic is legal, performing the next step, if the operation request is not matched, returning no rights, and ending the verification;
and acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
Further, the method further comprises:
acquiring rights bit information of a theme, namely a theme number, from a cache according to the theme to be updated;
obtaining user theme authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], multiplying 2 by the theme number according to theme authority bit information, namely the theme number, as the subscript, and modifying the byte [ ] corresponding to the subscript and the data of the next bit to be 00; converting the modified data into string data of base64, and updating the string data to a corresponding subscript position of a user ID in a user MQTT theme right limit data area;
and according to the device ID which needs to be updated, acquiring user data corresponding to the device from a device user authority data cache, and according to the user ID which needs to be updated or deleted, processing the data which needs to be updated or deleted, and updating the processed user data into the device user authority data cache.
According to a second aspect of the embodiment of the present invention, an MQTT theme publishing and subscribing permission verification system of an internet of things device is provided, where the system includes:
the device comprises a right data initialization module, a right data cache structure and a device user right data storage module, wherein the right data initialization module is used for creating a right data cache structure and performing data initialization storage, the data cache structure comprises an MQTT theme right data area, a user theme right data array and a device user right data array, the MQTT theme right data area is used for carrying out coding storage on a plurality of MQTT themes, the user theme right data array is used for storing user publishing and subscribing right identification data of the MQTT themes, and the device user right data array is used for storing user ID data with device operation right;
and the permission verification module is used for acquiring the MQTT theme publishing subscription permission data of the current user request from the cache data according to the user request, verifying the MQTT theme publishing subscription permission data with the permission required by the user request, acquiring a user ID list with operation permission for the equipment ID of the current request after the verification is consistent, and judging whether the current user has the operation permission for the equipment of the request by matching the user ID of the current request with the acquired user ID list.
Further, the system further comprises:
the permission updating/deleting module is used for acquiring permission bit information of the theme, namely a theme number, from the cache according to the theme to be updated;
obtaining user theme authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], and modifying the byte [ ] corresponding to the subscript and the data of the following bit to be 00 according to theme authority bit information; converting the modified data into string of base64, and updating the string to the corresponding subscript position of the user ID in the user MQTT theme right limit data area;
and according to the device ID which needs to be updated, acquiring user data corresponding to the device from a device user authority data cache, and according to the user ID which needs to be updated or deleted, processing the data which needs to be updated or deleted, and updating the processed user data into the device user authority data cache.
Further, the rights data initializing module is specifically configured to:
reading an MQTT theme defined in the system, performing incremental coding on the MQTT theme from 0, and storing theme numbers corresponding to different theme names into an MQTT theme right limit data area;
initializing the publishing and subscribing rights owned by the user according to the authorization information, multiplying the topic number which is topic weight limit by 2 to determine the rights in the subscript position of the byte [ ] array, initializing the subscript position and the next position of the byte [ ] data according to the rights of the user to the topic, setting the default of the publishing and subscribing rights to be 00, setting the corresponding publishing and subscribing rights to be 01, setting the subscription rights to be 10, setting the publishing and subscribing rights to be 11, converting the byte [ ] array base64 into string character strings after the initialization is completed, and storing the string character strings in the subscript position corresponding to the user ID in the topic rights bit array of the user;
and acquiring the device ID of the user with the operation authority, splicing the user ID to the subscript position corresponding to the device ID in the device user authority array, and completing the authority data initialization.
Further, the permission verification module is specifically configured to:
acquiring authority bits corresponding to the topics, namely topic number information, from an MQTT topic authority limit data area according to the MQTT topic requested by the user;
acquiring a user theme right limit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
multiplying 2 by the topic number as a subscript according to the topic rights bit information, namely the topic number, obtaining data of a subscript corresponding to byte [ ] and data of a next bit, performing exclusive-or operation on the obtained two-bit data and rights identification data requested by the current user, if the exclusive-or result is 00, indicating that the operation request of the user on the topic is legal, performing the next step, if the operation request is not matched, returning no rights, and ending the verification;
and acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
According to a third aspect of an embodiment of the present invention, a computer storage medium is provided, where the computer storage medium contains one or more program instructions, where the one or more program instructions are configured to perform a method according to any one of the foregoing methods by an MQTT theme publishing subscription rights verification system of an internet of things device.
The invention has the following advantages:
according to the method and the system for verifying the MQTT theme publishing and subscribing permission of the Internet of things equipment, all topics of the system are numbered, and the numbers correspond to permission bit subscripts of user topic permission data; secondly, using byte [ ] to store user theme publishing and subscribing rights, converting the user theme publishing and subscribing rights into string data for caching, using a smaller space to record the publishing and subscribing rights of a user to topic, and breaking through the limitation that the rights bit verification by using a long type can only store 64 rights bits at most in the prior art; meanwhile, according to the characteristic that each device of the system only has a few users to have operation authorities, the authorized user ids are spliced and stored into the device user authority array with the device ids as subscript by taking the device as an index in the reverse direction, so that data storage is reduced, and authority verification is quickened.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent to those of ordinary skill in the art that the drawings in the following description are exemplary only and that other implementations can be obtained from the extensions of the drawings provided without inventive effort.
Fig. 1 is a flowchart of a method for checking MQTT theme publishing and subscribing rights of an internet of things device according to an embodiment of the present invention;
fig. 2 is a flowchart of authority initialization in an MQTT theme publishing and subscribing authority verification method of an internet of things device according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a rights data cache structure in a method for verifying MQTT theme publishing and subscribing rights of an internet of things device according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a relationship between publishing and subscribing rights of a user to a device MQTT topic in a method for verifying publishing and subscribing rights of MQTT topics of an internet of things device according to an embodiment of the present invention;
fig. 5 is a flow chart of rights verification in a method for verifying the MQTT theme publishing subscription rights of an internet of things device according to an embodiment of the present invention;
fig. 6 is a flowchart of rights deletion/update in a method for verifying the MQTT theme publishing subscription rights of an internet of things device according to an embodiment of the present invention.
Detailed Description
Other advantages and advantages of the present invention will become apparent to those skilled in the art from the following detailed description, which, by way of illustration, is to be read in connection with certain specific embodiments, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, the embodiment of the invention provides a method for verifying the MQTT theme publishing and subscribing permission of mass equipment and user-adapted internet of things equipment, which can save storage space and comprises the following steps:
s100, creating a permission data cache structure and carrying out data initialization storage, wherein the data cache structure comprises an MQTT theme right limit data area, a user theme right limit data array and a device user right array, the MQTT theme right limit data area is used for carrying out coding storage on a plurality of MQTT themes, the user theme right limit data array is used for storing publishing and subscribing permission identification data of a user on the MQTT themes, and the device user right array is used for storing user ID data with device operation permission;
s200, acquiring MQTT theme publishing subscription authority data of a current user request from cache data according to the user request, checking the data with the authority required by the user request, acquiring a user ID list with operation authority for the equipment ID of the current request after the data is checked to be consistent, and judging whether the current user has the operation authority for the equipment of the request by matching the user ID of the current request with the acquired user ID list.
The method for verifying the MQTT theme publishing subscription permission of the internet of things equipment can solve the defects that the space is wasted and the method cannot be suitable for verifying mass equipment and user permission in the traditional permission point verification. Aiming at the scenes of intelligent mass equipment and users, the invention provides the use of the topic authority limit, the user topic authority limit array, the equipment user authority array for data simplification and the improvement of the authority verification speed, thereby solving the defects of the prior proposal.
Specifically, the method for verifying the MQTT theme publishing and subscribing permission of the internet of things equipment can be divided into 3 core processes aiming at service classification; 1) Initializing the topic authority of the user equipment; 2) Checking the mqtttopic authority of the device by the user; 3) The user deletes the device mqtttopic authority. The scheme meets the requirements of quick and efficient verification of the user on the equipment and the equipment mqtttopic authority in the scene of the Internet of things.
Fig. 2 is a rights initialization flow chart of an embodiment of the present invention, and as shown in fig. 2, a method for initializing a subscription right of a user to a device mqtttopic according to an embodiment of the present invention includes the following steps:
(1) Creating a permission data cache structure and carrying out data initialization storage so as to adapt to the storage of permission points of mass equipment; in the present invention, the following data structure is created, as shown in fig. 3:
the MQTT theme weight limit data area adopts hashmap structure, theme name is used as key, theme number is used as value, and a plurality of MQTtpic are subjected to incremental coding from 0;
the method comprises the steps that a user topic right limit array is used, data adopts a list < string > structure, each position of a right point array corresponds to the publishing and subscribing right of a user to the current topic number, each topic right is identified by two bits, 00 identifies that the user does not have the publishing and subscribing right of the topic, 01 identifies that the user has the publishing and subscribing right, 10 identifies that the user has the subscribing right, and 11 identifies that the user has the publishing and subscribing right;
in the device user authority array, the data adopts a list < string > structure and is used for storing user ID data with device operation authorities, a plurality of different users are spliced by commas, and the user ID data is stored in a position corresponding to the device ID;
(2) Reading MQTtpic defined in the system, performing incremental coding on the MQTtpic from 0, and storing the topic numbers corresponding to different topic names into an MQTtpic right-limit data area;
(3) Initializing a publishing and subscribing authority owned by a user according to authorization information, multiplying a topic authority limit, namely a topic number, by 2 to determine that the authority is at the subscript position of a byte [ ] array, initializing the subscript position and the next position of byte [ ] data according to the authority of the topic by the user, setting the default of no publishing and subscribing authority as 00, setting the corresponding publishing and subscribing authority as 01, setting the subscribing authority as 10, setting the corresponding publishing and subscribing authority as 11 (for example, the topic number is 1, namely 1 times 2=2, setting the second position and the third position of the subscript of byte [ ] as 00, 01, 10 or 11), converting byte [ ] array base64 into string and storing the string of string in the subscript position corresponding to a user ID in the topic authority bit array of the user after the initialization is completed;
(4) Acquiring a device ID of a user with operation authority, and splicing the user ID to a subscript position corresponding to the device ID in a device user authority array; the relationship of the publishing and subscribing rights of the user to the device mqtttopic is shown in fig. 4;
(5) And the authority data initialization is completed.
Fig. 5 is a rights verification flow chart of an embodiment of the present invention, and as shown in fig. 5, a method for verifying a subscription rights issued by a user to a device mqtttopic according to an embodiment of the present invention includes the following steps:
(1) Acquiring a user topic right bit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
(2) Multiplying 2 by the acquired topic weight limit information, namely the topic number, as a subscript, acquiring data of byte corresponding to the subscript and data of a later bit, performing exclusive-OR operation on the acquired two-bit data and the right identification data requested by the current user, if the exclusive-OR result is 00, indicating that the operation request of the user on the topic is legal (for example, the user initiates subscription to one topic, namely, subscription right 01 is needed correspondingly, the queried two-bit right identification data is exclusive-OR with 01), and then performing the next step, if the two-bit right identification data are not matched, returning no right, and finishing the verification;
(3) And acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
Fig. 6 is a rights deletion/update flowchart of an embodiment of the present invention, and as shown in fig. 6, a method for a user to publish subscription rights update/deletion to a device mqtttopic according to an embodiment of the present invention includes the following steps:
(1) The method comprises the steps that according to the topic which needs to be updated, authority bit information of the topic, namely a topic number, is obtained from a cache;
(2) Obtaining user topic authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], and modifying the data corresponding to the subscript and the following bit of byte [ ] to be 00 according to the topic authority bit information, namely the topic number multiplied by 2 as the subscript; converting the modified data into string data of base64, and updating the string data to the corresponding subscript position of the user ID in the user MQTtpic right-limit data area;
(3) According to the device ID to be updated, user data corresponding to the device is obtained from a device user authority data cache, the data to be updated or deleted is processed according to the user ID to be updated or deleted, and the processed user data is updated into the device user authority data cache;
(4) And finishing the update of the authority data cache.
Corresponding to the above embodiment, the embodiment of the present invention provides a system for checking MQTTtopic publishing and subscribing rights of an internet of things device, where the system includes:
the device comprises a permission data initialization module, a permission data cache structure and a device user permission array, wherein the permission data initialization module is used for creating a permission data cache structure and performing data initialization storage, the data cache structure comprises an MQTtpic permission data area, a user tpic permission data array and the device user permission array, the MQTtpic permission data area is used for carrying out coding storage on a plurality of MQTtpic, the user tpic permission data array is used for storing the publishing and subscribing permission identification data of a user on the MQTtpic, and the device user permission array is used for storing user ID data with device operation permission;
and the permission verification module is used for acquiring the MQTtpic publishing subscription permission data of the current user request from the cache data according to the user request, verifying the MQTtpic publishing subscription permission data with the permission required by the user request, acquiring a user ID list with operation permission for the equipment ID of the current request after the verification is consistent, and judging whether the current user has the operation permission for the equipment of the request by matching the user ID of the current request with the obtained user ID list.
Further, the system further comprises:
the permission updating/deleting module is used for acquiring permission bit information of the topic, namely a topic number, from the cache according to the topic to be updated;
obtaining user topic authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], and modifying the corresponding subscript of byte [ ] and the data of the following bit to 00 according to the topic authority bit information; converting the modified data into string of base64, and updating the string to the corresponding subscript position of the user ID in the user MQTtpic right-limit data area;
and according to the device ID which needs to be updated, acquiring user data corresponding to the device from a device user authority data cache, and according to the user ID which needs to be updated or deleted, processing the data which needs to be updated or deleted, and updating the processed user data into the device user authority data cache.
Further, the rights data initializing module is specifically configured to:
reading MQTtpic defined in the system, performing incremental coding on the MQTtpic from 0, and storing the topic numbers corresponding to different topic names into an MQTtpic right-limit data area;
initializing a publishing and subscribing authority owned by a user according to authorization information, determining the authority to be at the subscript position of a byte [ ] array by multiplying a topic authority limit, namely a topic number, by 2, initializing the subscript position and the next position of byte [ ] data according to the authority of the topic by the user, setting the default of no publishing and subscribing authority to be 00, setting the corresponding publishing and subscribing authority to be 01, setting the subscription authority to be 10, setting the publishing and subscribing authority to be 11, converting byte [ ] array base64 into string character strings after the initialization is completed, and storing the string character strings into the subscript position corresponding to a user ID in the byte authority bit array of the user;
and acquiring the device ID of the user with the operation authority, splicing the user ID to the subscript position corresponding to the device ID in the device user authority array, and completing the authority data initialization.
Further, the permission verification module is specifically configured to:
acquiring authority bits corresponding to the topic, namely topic numbering information, from an MQTtpic authority bit data area according to the MQTtpic requested by the user;
acquiring a user topic right bit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
multiplying 2 by the obtained topic weight limit information, namely the topic number, as a subscript, obtaining data of byte [ ] corresponding to the subscript and data of a later bit, performing exclusive-OR operation on the obtained two-bit data and the right identification data requested by the current user, if the exclusive-OR result is 00, indicating that the operation request of the user to the topic is legal, performing the next step, if the operation request is not matched, returning no right, and finishing the verification;
and acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
According to the embodiment of the invention, the system mqtttopic is numbered, the numbered data is cached to the redis, and the numbered id is the subscript of the corresponding user topic right bit array, so that the verification of the user's mqtttopic publishing subscription right is accelerated; storing the authority point of the topic by using byte [ ] and identifying the publishing and subscribing authority of the topic by using two bits; and converted into string to be stored in a cache, and breaks through the limitation that the permission bit check can only store 64 permission points at most by using the Long type in the prior art. According to the characteristic that each device of the system only has a few users to have operation authorities, reversely taking the device as an index, splicing and storing the authority user id into a device user authority array with the device id as a subscript through a character string, reducing data storage and accelerating authority verification.
While the invention has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the invention and are intended to be within the scope of the invention as claimed.
Claims (10)
1. The method for checking the MQTT theme publishing and subscribing permission of the Internet of things equipment is characterized by comprising the following steps of:
creating an authority data cache structure and carrying out data initialization storage, wherein the data cache structure comprises an MQTT theme authority limit data area, a user theme authority limit array and a device user authority array, the MQTT theme authority limit data area is used for carrying out coding storage on a plurality of MQTT themes, the user theme authority limit array is used for storing publishing and subscribing authority identification data of the MQTT themes by a user, and the device user authority array is used for storing user ID data with device operation authority;
and acquiring MQTT subject publishing subscription authority data of the current user request from the cache data according to the user request, checking the MQTT subject publishing subscription authority data with the authority required by the user request, acquiring a user ID list with operation authority for the equipment ID of the current request after the verification is consistent, and judging whether the current user has the operation authority for the equipment of the request by matching the user ID of the current request with the acquired user ID list.
2. The method for verifying the MQTT theme publishing subscription authority of the internet of things device according to claim 1, wherein the data cache structure specifically comprises:
in the MQTT topic weight limit data area, data adopts hashmap structure, topic names are used as keys, topic numbers are used as values, and a plurality of MQTT topics are subjected to incremental coding from 0;
in the user theme right limit array, data adopts a list < string > structure, each position of the right point position array corresponds to the user publishing and subscribing right of the current theme number, each theme right is identified by two bits, 00 identifies that the user does not have the publishing and subscribing right of the theme, 01 identifies that the user has the publishing and subscribing right, 10 identifies that the user has the subscribing right, and 11 identifies that the user has the publishing and subscribing right;
in the device user authority array, the data adopts a list < string > structure and is used for storing user ID data with device operation authorities, a plurality of different users are spliced by commas, and the user ID data is stored in a position corresponding to the device ID.
3. The method for verifying the MQTT theme publishing and subscribing rights of the internet of things equipment according to claim 2, wherein the method for verifying the MQTT theme publishing and subscribing rights is characterized by creating a rights data cache structure and performing data initialization storage and specifically comprises the following steps:
reading an MQTT theme defined in the system, performing incremental coding on the MQTT theme from 0, and storing theme numbers corresponding to different theme names into an MQTT theme right limit data area;
initializing the publishing and subscribing rights owned by the user according to the authorization information, multiplying the topic number which is topic weight limit by 2 to determine the rights in the subscript position of the byte [ ] array, initializing the subscript position and the next position of the byte [ ] data according to the rights of the user to the topic, setting the default of the publishing and subscribing rights to be 00, setting the corresponding publishing and subscribing rights to be 01, setting the subscription rights to be 10, setting the publishing and subscribing rights to be 11, converting the byte [ ] array base64 into string character strings after the initialization is completed, and storing the string character strings in the subscript position corresponding to the user ID in the topic rights bit array of the user;
and acquiring the device ID of the user with the operation authority, splicing the user ID to the subscript position corresponding to the device ID in the device user authority array, and completing the authority data initialization.
4. The method for checking the MQTT theme publishing and subscribing permission of the internet of things device according to claim 3, wherein the method is characterized in that MQTT theme publishing and subscribing permission data of a current user request is obtained from cache data according to the user request, and is checked with permission required by the user request, a user ID list with operation permission for a device ID of the current request is obtained after the checking is consistent, and the matching is carried out between the user ID of the current request and the obtained user ID list to judge whether the current user has the operation permission for the requested device, and the method specifically comprises the steps of:
acquiring authority bits corresponding to the topics, namely topic number information, from an MQTT topic authority limit data area according to the MQTT topic requested by the user;
acquiring a user theme right limit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
multiplying 2 by the topic number as a subscript according to the topic rights bit information, namely the topic number, obtaining data of a subscript corresponding to byte [ ] and data of a next bit, performing exclusive-or operation on the obtained two-bit data and rights identification data requested by the current user, if the exclusive-or result is 00, indicating that the operation request of the user on the topic is legal, performing the next step, if the operation request is not matched, returning no rights, and ending the verification;
and acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
5. The method for verifying the MQTT theme publishing subscription authority of the internet of things device according to claim 1, further comprising:
acquiring rights bit information of a theme, namely a theme number, from a cache according to the theme to be updated;
obtaining user theme authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], multiplying 2 by the theme number according to theme authority bit information, namely the theme number, as the subscript, and modifying the byte [ ] corresponding to the subscript and the data of the next bit to be 00; converting the modified data into string data of base64, and updating the string data to a corresponding subscript position of a user ID in a user MQTT theme right limit data area;
and according to the device ID which needs to be updated, acquiring user data corresponding to the device from a device user authority data cache, and according to the user ID which needs to be updated or deleted, processing the data which needs to be updated or deleted, and updating the processed user data into the device user authority data cache.
6. The utility model provides a thing networking device MQTT theme publish subscription permission check-up system which characterized in that, the system includes:
the device comprises a right data initialization module, a right data cache structure and a device user right data storage module, wherein the right data initialization module is used for creating a right data cache structure and performing data initialization storage, the data cache structure comprises an MQTT theme right data area, a user theme right data array and a device user right data array, the MQTT theme right data area is used for carrying out coding storage on a plurality of MQTT themes, the user theme right data array is used for storing user publishing and subscribing right identification data of the MQTT themes, and the device user right data array is used for storing user ID data with device operation right;
and the permission verification module is used for acquiring the MQTT theme publishing subscription permission data of the current user request from the cache data according to the user request, verifying the MQTT theme publishing subscription permission data with the permission required by the user request, acquiring a user ID list with operation permission for the equipment ID of the current request after the verification is consistent, and judging whether the current user has the operation permission for the equipment of the request by matching the user ID of the current request with the acquired user ID list.
7. The system for verifying the MQTT theme publishing subscription rights of an internet of things device of claim 6, further comprising:
the permission updating/deleting module is used for acquiring permission bit information of the theme, namely a theme number, from the cache according to the theme to be updated;
obtaining user theme authority data corresponding to the subscript from the cache according to the user ID, converting string data into byte [ ], and modifying the byte [ ] corresponding to the subscript and the data of the following bit to be 00 according to theme authority bit information; converting the modified data into string of base64, and updating the string to the corresponding subscript position of the user ID in the user MQTT theme right limit data area;
and according to the device ID which needs to be updated, acquiring user data corresponding to the device from a device user authority data cache, and according to the user ID which needs to be updated or deleted, processing the data which needs to be updated or deleted, and updating the processed user data into the device user authority data cache.
8. The system for verifying the MQTT theme publishing and subscribing rights of the internet of things device according to claim 6, wherein the rights data initializing module is specifically configured to:
reading an MQTT theme defined in the system, performing incremental coding on the MQTT theme from 0, and storing theme numbers corresponding to different theme names into an MQTT theme right limit data area;
initializing the publishing and subscribing rights owned by the user according to the authorization information, multiplying the topic number which is topic weight limit by 2 to determine the rights in the subscript position of the byte [ ] array, initializing the subscript position and the next position of the byte [ ] data according to the rights of the user to the topic, setting the default of the publishing and subscribing rights to be 00, setting the corresponding publishing and subscribing rights to be 01, setting the subscription rights to be 10, setting the publishing and subscribing rights to be 11, converting the byte [ ] array base64 into string character strings after the initialization is completed, and storing the string character strings in the subscript position corresponding to the user ID in the topic rights bit array of the user;
and acquiring the device ID of the user with the operation authority, splicing the user ID to the subscript position corresponding to the device ID in the device user authority array, and completing the authority data initialization.
9. The system for verifying the MQTT theme publishing subscription authority of the internet of things device according to claim 6, wherein the authority verification module is specifically configured to:
acquiring authority bits corresponding to the topics, namely topic number information, from an MQTT topic authority limit data area according to the MQTT topic requested by the user;
acquiring a user theme right limit array corresponding to the subscript from the cache according to the requested user ID, and converting string data into byte [ ];
multiplying 2 by the topic number as a subscript according to the topic rights bit information, namely the topic number, obtaining data of a subscript corresponding to byte [ ] and data of a next bit, performing exclusive-or operation on the obtained two-bit data and rights identification data requested by the current user, if the exclusive-or result is 00, indicating that the operation request of the user on the topic is legal, performing the next step, if the operation request is not matched, returning no rights, and ending the verification;
and acquiring user data corresponding to the subscript from the device user authority array cache according to the requested device ID, matching by using the user ID of the current request, judging whether the current user has authority on the operation device, if so, returning to check successfully, otherwise, returning to no authority, and ending the check.
10. A computer storage medium, wherein one or more program instructions are included in the computer storage medium, the one or more program instructions being configured to be executed by a MQTT theme release subscription rights verification system of an internet of things device to perform the method of any one of claims 1-5.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2022117193970 | 2022-12-30 | ||
CN202211719397 | 2022-12-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116208379A CN116208379A (en) | 2023-06-02 |
CN116208379B true CN116208379B (en) | 2023-08-22 |
Family
ID=86508717
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310006813.0A Active CN116208379B (en) | 2022-12-30 | 2023-01-04 | Method and system for checking MQTT theme publishing and subscribing permission of Internet of things equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116208379B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105069035A (en) * | 2015-07-22 | 2015-11-18 | 成都市卓睿科技有限公司 | Method for realizing data access permission control |
CN107809489A (en) * | 2017-11-17 | 2018-03-16 | 南京感度信息技术有限责任公司 | A kind of message push system based on MQTT agreements |
CN110336736A (en) * | 2019-05-27 | 2019-10-15 | 四川长虹电器股份有限公司 | The shared method subscribed to is realized based on MQTT server cluster |
CN110365587A (en) * | 2018-03-26 | 2019-10-22 | 阿里巴巴集团控股有限公司 | Communication between devices method, apparatus, equipment and storage medium |
WO2020063048A1 (en) * | 2018-09-29 | 2020-04-02 | 深圳前海达闼云端智能科技有限公司 | Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server |
CN112492024A (en) * | 2020-11-26 | 2021-03-12 | 国网湖南省电力有限公司 | Real-time data sharing system for user electricity utilization information acquisition system |
CN113014584A (en) * | 2021-02-26 | 2021-06-22 | 北京金山云网络技术有限公司 | Internet of things communication method and device, electronic equipment and storage medium |
WO2021135255A1 (en) * | 2019-12-31 | 2021-07-08 | 深圳云天励飞技术股份有限公司 | Message queue-based method for managing row and column permissions, and related device |
CN114205112A (en) * | 2021-11-10 | 2022-03-18 | 深圳天地宽视信息科技有限公司 | Cloud MQTT access authority control method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10225219B2 (en) * | 2016-02-22 | 2019-03-05 | International Business Machines Corporation | Message delivery in a message system |
-
2023
- 2023-01-04 CN CN202310006813.0A patent/CN116208379B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105069035A (en) * | 2015-07-22 | 2015-11-18 | 成都市卓睿科技有限公司 | Method for realizing data access permission control |
CN107809489A (en) * | 2017-11-17 | 2018-03-16 | 南京感度信息技术有限责任公司 | A kind of message push system based on MQTT agreements |
CN110365587A (en) * | 2018-03-26 | 2019-10-22 | 阿里巴巴集团控股有限公司 | Communication between devices method, apparatus, equipment and storage medium |
WO2020063048A1 (en) * | 2018-09-29 | 2020-04-02 | 深圳前海达闼云端智能科技有限公司 | Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server |
CN110336736A (en) * | 2019-05-27 | 2019-10-15 | 四川长虹电器股份有限公司 | The shared method subscribed to is realized based on MQTT server cluster |
WO2021135255A1 (en) * | 2019-12-31 | 2021-07-08 | 深圳云天励飞技术股份有限公司 | Message queue-based method for managing row and column permissions, and related device |
CN112492024A (en) * | 2020-11-26 | 2021-03-12 | 国网湖南省电力有限公司 | Real-time data sharing system for user electricity utilization information acquisition system |
CN113014584A (en) * | 2021-02-26 | 2021-06-22 | 北京金山云网络技术有限公司 | Internet of things communication method and device, electronic equipment and storage medium |
CN114205112A (en) * | 2021-11-10 | 2022-03-18 | 深圳天地宽视信息科技有限公司 | Cloud MQTT access authority control method |
Non-Patent Citations (1)
Title |
---|
Dmitrii I. Dikii.Remote Access Control Model for MQTT Protocol.2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).2020,全文. * |
Also Published As
Publication number | Publication date |
---|---|
CN116208379A (en) | 2023-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA3051393C (en) | Method for providing recording and verification service for data received and transmitted by messenger service, and server using method | |
CN109246211B (en) | Resource uploading and resource requesting method in block chain | |
US8560841B2 (en) | Request authentication token | |
US20060112422A1 (en) | Data transfer using hyper-text transfer protocol (HTTP) query strings | |
CN105812351B (en) | Realize the shared method and system of session | |
US20080071857A1 (en) | Method, computer program, transcoding server and computer system for modifying a digital document | |
CN110413650B (en) | Method, device, equipment and storage medium for processing service data | |
CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
CN101473590A (en) | System and method for cacheing WEB files | |
CN106656919B (en) | A kind of session analytic method and system based on Telnet agreement | |
CN113242236A (en) | Method for constructing network entity threat map | |
US7974956B2 (en) | Authenticating a site while protecting against security holes by handling common web server configurations | |
CN113225320A (en) | Network message analysis method for keeping user configurable message format secret | |
CN111200637A (en) | Cache processing method and device | |
CN113285961B (en) | Electric power internal and external network information interaction method based on cache database | |
CN116208379B (en) | Method and system for checking MQTT theme publishing and subscribing permission of Internet of things equipment | |
CN111327680A (en) | Authentication data synchronization method, device, system, computer equipment and storage medium | |
CN113868613A (en) | Access control method, device, computer equipment and storage medium | |
CN116070191A (en) | Information processing method and device, storage medium, and program product | |
CN113472781A (en) | Service acquisition method, server and computer readable storage medium | |
CN116055554B (en) | Notification engine based on message mechanism and applied to digital service | |
CN117793172B (en) | Lightweight data acquisition method based on message queue | |
CN115114465B (en) | Image record association storage method, device, equipment and storage medium | |
CN116074097A (en) | Flow identification method and device | |
CN118337776A (en) | Three-dimensional simulation scene loading method and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |