CN116663066A - Data access method, device and storage medium - Google Patents
Data access method, device and storage medium Download PDFInfo
- Publication number
- CN116663066A CN116663066A CN202310935652.3A CN202310935652A CN116663066A CN 116663066 A CN116663066 A CN 116663066A CN 202310935652 A CN202310935652 A CN 202310935652A CN 116663066 A CN116663066 A CN 116663066A
- Authority
- CN
- China
- Prior art keywords
- storage space
- user
- authentication token
- access
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000004044 response Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 6
- 238000012827 research and development Methods 0.000 abstract description 33
- 238000002955 isolation Methods 0.000 abstract description 6
- 238000007726 management method Methods 0.000 description 50
- 238000011161 development Methods 0.000 description 11
- 230000018109 developmental process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000000295 complement effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000002035 prolonged effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application discloses a data access method, equipment and a storage medium, wherein the method performs data access in the form of an authentication token, so that the problem of unsafe data access existing in off-line borrowing can be relieved, meanwhile, the concept of a storage space is introduced into a document library management system, and the isolation between data in different storage spaces can be further realized on the basis of relieving the problem of unsafe data access, so that when the document library management system is applied to a project research and development part, research and development data of different teams can be respectively stored in different storage spaces in the document library management system, and the data access in the storage spaces can be limited by different research and development staff in the form of the authentication token, so that the relevance of the content between departments and teams can be greatly reduced, the similarity of the data content in the space can be improved, and the safety of the data access can be improved.
Description
Technical Field
The present application relates to the field of computers, and in particular, to a data access method, apparatus, and storage medium.
Background
The project research and development department for researching and developing projects often comprises a plurality of research and development teams, different research and development teams are responsible for different parts of the research and development projects, each research and development team usually comprises a plurality of research and development staff, the research and development staff can generate a lot of data related to the projects in the process of participating in the research and development of the projects, and the research and development staff realize data sharing through off-line borrowing, so that the unsafe problem exists in the data sharing mode.
The statements made above merely serve to provide background information related to the present disclosure and may not necessarily constitute prior art.
Disclosure of Invention
In view of the above problems, embodiments of the present application provide a data access method, device, and storage medium, which can alleviate the unsafe problem of sharing data by offline borrowing among research and development personnel.
In a first aspect, the present application provides a data access method, including:
in response to a user accessing a first storage space in a document library management system, generating a first authentication token in the case that the user has access to the first storage space is detected, wherein the first authentication token is used for indicating that the user has access to the first storage space;
accessing the first storage space using the first authentication token.
In the scheme provided by the embodiment, data access is performed in the document library management system by taking the storage space as a unit, and meanwhile, when data access is performed on the first storage space, a first authentication token is generated and is used for accessing the first storage space. The data access is carried out in the form of the authentication token, the problem of unsafe data access existing in off-line borrowing can be relieved, meanwhile, the concept of the storage space is introduced into the document library management system, and isolation between data in different storage spaces can be further realized on the basis of relieving the problem of unsafe data access, so that when the document library management system is applied to a project research and development part, research and development data of different teams can be respectively stored in different storage spaces in the document library management system, and access to the data in the storage spaces by different research and development staff is limited in the form of the authentication token, so that the relevance of departments and teams can be greatly reduced, the similarity of data content in the space is improved, and the safety of data access is improved.
In some embodiments, accessing the first storage space with the first authentication token includes:
and marking the first authentication token as a failure token in response to the fact that the access operation of the user to the first storage space is not detected within the token valid duration.
In the scheme provided by the embodiment, the access operation of the user to the first storage space in the effective time of the token is used for determining whether the first authentication token is marked as the invalid token, so that the occupation of the first authentication token to the storage space when the user does not access the first storage space for a long time can be reduced.
In some embodiments, accessing the first storage space with the first authentication token includes:
and in response to detecting the operation of the user on the first storage space in the monitoring duration, prolonging the token effective duration of the first authentication token, wherein the monitoring duration is a duration difference between the token effective duration and the generated duration of the first authentication token.
In the scheme provided by the embodiment, under the condition that the generated time length of the first authentication token is about to be equal to the effective time length of the token, if the access operation of the user to the first storage space can still be detected, the effective time length of the token is prolonged, so that the condition that the access of the user to the first storage space is interrupted due to the failure of the first authentication token when the user is accessing the first storage space can be reduced, and the user experience is improved.
In some embodiments, accessing the first storage space with the first authentication token includes:
acquiring a current valid token corresponding to the user in response to detecting a data access operation of the user to target data in the first storage space;
and processing the target data based on the data access operation in the case that the currently valid token is the first authentication token.
In the scheme provided by the embodiment, for each access of the user to the first storage space, the first authentication token is adopted to authenticate and authenticate the user, so that the security of data access can be further improved.
In some embodiments, the method further comprises:
generating a second authentication token in response to detecting that the user accesses a second storage space in the document library management system and that the user has access to the second storage space, the second authentication token being used to indicate that the user has access to the second storage space;
and covering the first authentication token with the second authentication token.
In the scheme provided by the embodiment, when the storage space accessed by the user is switched, namely, the first storage space is switched to the second storage space, in order to improve the security of data access, the second authentication token generated based on the second storage space is adopted to cover the first authentication token, so that the fact that the user can only access one storage space in the document library management system at the same time can be realized, the authentication of the user is facilitated, and meanwhile, the security of data access can be improved.
In some embodiments, in the event that the user is detected to have access to the first storage space, comprising:
under the condition that the first storage space is included in the storage space list corresponding to the user is detected; the storage space list comprises all storage spaces of which the user has access rights.
In the scheme provided by the embodiment, the access authority of the user to the first storage space is verified through the storage space list, so that the method is simple and easy to realize.
In some embodiments, the method further comprises:
in the case of generating the first authentication token, the first authentication token is stored in a cache.
In the scheme provided by the embodiment of the application, the first authentication token is stored in the cache, so that the reading and writing speed of the first authentication token can be improved, and the data access speed is improved.
In a second aspect, the present application provides a data access apparatus comprising:
the generation module is used for responding to the access operation of a user to a first storage space in the document library management system, and generating a first authentication token when the user is detected to have the access right to the first storage space, wherein the first authentication token is used for indicating that the user has the access right to the first storage space;
and the access module is used for accessing the first storage space by using the first authentication token.
In a third aspect, the present application provides an electronic device, comprising: a processor and a memory;
the memory is used for storing a computer program;
the processor is configured to execute the program stored in the memory, and implement the data access method according to the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a processor implements the data access method of the first aspect.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures.
FIG. 1 is a flow chart of a method for accessing data according to some embodiments of the present application;
FIG. 2 is a schematic diagram illustrating a front-end architecture of a document library management system according to some embodiments of the present application;
FIG. 3 is a schematic diagram of a back-end architecture of a document library management system according to some embodiments of the present application;
FIG. 4 is a schematic diagram illustrating a data access apparatus according to some embodiments of the present application;
FIG. 5 is a schematic diagram of an electronic device according to some embodiments of the application;
fig. 6 is a schematic diagram of a computer-readable storage medium according to some embodiments of the application.
Detailed Description
Embodiments of the technical scheme of the present application will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and thus are merely examples, and are not intended to limit the scope of the present application.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion.
In the description of embodiments of the present application, the technical terms "first," "second," and the like are used merely to distinguish between different objects and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated, a particular order or a primary or secondary relationship. In the description of the embodiments of the present application, the meaning of "plurality" is two or more unless explicitly defined otherwise.
The project research and development department for researching and developing projects often comprises a plurality of research and development teams, different research and development teams are responsible for different parts of the research and development projects, each research and development team usually comprises a plurality of research and development staff, the research and development staff can generate a lot of data related to the projects in the process of participating in the research and development of the projects, and the research and development staff realize data sharing through off-line borrowing, so that the unsafe problem exists in the data sharing mode.
In order to alleviate the unsafe problem of the data sharing mode in the related art, the embodiment of the application provides a data access method, which is used for performing data access in a document library management system by taking a storage space as a unit, generating a first authentication token when performing data access on a first storage space, and accessing the first storage space by using the first authentication token. The data access is carried out in the form of the authentication token, the problem of unsafe data access existing in off-line borrowing can be relieved, meanwhile, the concept of the storage space is introduced into the document library management system, and isolation between data in different storage spaces can be further realized on the basis of relieving the problem of unsafe data access, so that when the document library management system is applied to a project research and development part, research and development data of different teams can be respectively stored in different storage spaces in the document library management system, and access to the data in the storage spaces by different research and development staff is limited in the form of the authentication token, so that the relevance of departments and teams can be greatly reduced, the similarity of data content in the space is improved, and the safety of data access is improved.
The data access method in the embodiment of the application can be applied to the electronic equipment, and the electronic equipment can comprise terminal equipment or a server. The terminal device may be a mobile terminal such as a mobile phone, tablet computer, notebook computer, palm computer, PAD (Personal Digital Assistant ), etc., a fixed terminal such as a digital TV, desktop computer, etc. Servers include, but are not limited to, cluster servers, cloud servers, and the like.
Referring to fig. 1, fig. 1 is a data access method according to an embodiment of the present application, which may include the following steps:
101. responding to the access operation of a user to a first storage space in a document library management system, and generating a first authentication token under the condition that the user has the access right to the first storage space, wherein the first authentication token is used for indicating that the user has the access right to the first storage space;
102. the first memory space is accessed using a first authentication token.
In this embodiment, data of the same project in different development stages may be stored in different storage spaces in the document library management system, for example, one development project is responsible for different development teams in the project development department, so that different storage spaces in the document library management system may store development data of different development teams, for example, a first storage space in the document library management system stores development data of a first development team, and a second storage space stores development data of a second development team. The method can realize the spatial isolation of the research and development data of different research and development teams through the concept of the storage space, thereby reducing the relevance of the content between departments and teams and improving the similarity of the data content in space.
In this embodiment, the user access operation to the first storage space includes, but is not limited to, a single click operation, a double click operation, a login operation, a touch operation, a sliding operation, or the like of the user to the first storage space.
In this embodiment, the first authentication token (token) may be made to carry the user information of the user and the identifier of the first storage space, so that the first authentication token indicates that the user has access rights to the first storage space. It is of course also possible to bind the first authentication token with the user information and the first storage space, so that the first authentication token indicates that the user has access to the first storage space.
In this embodiment, the user information includes, but is not limited to, an identification card number of the user, a combination of a user name and a login password, a job number of the user, and the like.
In this embodiment, authentication and authentication of the user's access rights to the first storage space by a background staff member of the document library management system is included, but not limited to.
In this embodiment, in order to improve security of data access, in a process of accessing the first storage space by using the first authentication token, each time the user accesses the first storage space, access rights of the user may be authenticated by the first authentication token.
The document library management system in this embodiment includes two parts, a front-end architecture as shown in fig. 2 and a back-end architecture as shown in fig. 3. The front-end architecture of each storage space includes a function module navigation (i.e., home page), a blog module, a file module, a thematic module, a personal management module, and a global search module as shown in fig. 2. It should be appreciated that while different memory spaces include substantially the same functional modules, the same functional module stores different data in different memory spaces.
Wherein:
the function module navigation comprises hot article navigation, tag word cloud navigation, recommended article navigation and sharing ranking navigation.
The blog module is used for displaying the articles released in the current space, and the user can select the classification labels to filter the displayed article data. Clicking on a chapter may enter the article details including the article author, title, content, label associated with the article, number of browses, posting time, and comments, praise, and collection of the article.
The file module is used for displaying the published files in the current space. Unlike an article, the details include a file size format. The file provides the download and online preview functions.
The thematic module is used for displaying articles and files issued to the themes in the current space. The administrator under the space defines the thematic type for the user under the current space to issue.
The personal management module is used for providing user account setting, content management, historical footprint and my collection functions. Setting an account: the user can modify the nickname, head portrait and other user information; content management: the user modifies, edits, deletes and the like the articles and files released by the user; historical footprint: viewing a browsing record of a user in a current space; my collection: checking the searching and hiding condition of the user in the current space;
the global search module employs an autocompletion search of elastosearch. The search gives a full complement prompt function, and the data conforming to the database can be searched for and given an automatic full complement prompt according to the content input by the user. The prompt filters out as much content as the user wants to search. The automatic complement adopts a pinyin word segmentation device, for example, a chapter title in a database is provided with two vocabularies of pinguo and apple, and when p is input, the pinguo and the apple can give prompts for users to select.
As shown in fig. 3, the back-end architecture of the document library management system includes five modules of space management, user management, category management, content management, and topic management. The back-end architecture of the document library management system may be available to administrators.
The space management is used for managing the space or team where the user is located and adding, deleting and checking the space and/or team. A user may be moved in and out of a space or team. A system space or team may be added. An overall control is performed over the space and team of the system and the associated personnel.
Wherein user management is used to synchronize corporate users to users of the present system. And setting role authority and the like for the user.
The classification management is used for managing the primary classification and the secondary classification of the system. And adding, deleting and checking the system classification.
The content management is used for managing articles and files issued by the user. And viewing all the articles or files released under the space according to the space, changing the space where the articles or files are located, and deleting the articles or files.
The topic management is used for classifying topics and managing articles or files under classification. Classification, deletion and examination of topics. And inquiring the articles or files released under the thematic classification, changing the release space of the articles or files, and deleting the articles or files.
In this embodiment, in order to support the front-end architecture and the back-end architecture of the document library management system, the following architecture of the document library management system is also provided:
the system designs 5 micro services. User service, blog service, search service, collection praise evaluation service, file preview service. The modular development achieves the operation of the system through the mutual calling among the services, and is easy to expand and develop and maintain the functional modules. The file preview service uses the kFileView of the open source to conduct a quick online preview of various types of files.
And managing the authority of the user by adopting an RBAC model. Specifically, the RBAC model is adopted to create a document library role, and when a user logs in the document library management system, multiple authentication is performed on the user based on the document library role, so that different access effects are achieved for different users.
And (3) data storage: mysql stores all information of the system. The redis stores the user token, as well as the user information. And packaging articles or files released by the user, the publisher and the space information, and storing the packaged data objects in an elastic search for quick and intelligent retrieval.
Articles and file attributes are abstracted, the abstracted objects are packaged, and finally, the abstracted objects are persisted into a database for retrieval and analysis.
The department team space is isolated, the foreground switches the space and requests the back end to issue a token in the current space, and the space access right information corresponding to the token is stored in Redis. And then the interface accessed in the current space can access the details of the page, the article or the file resource only by carrying the token to check the access authority. And re-issuing token tokens in each switching space, ensuring that the token tokens of the users only take effect in the current space and have permission to access resources in the current space, thereby ensuring the isolation of the spaces. Data similarity among teams of departments is guaranteed.
In the scheme provided by the embodiment, data access is performed in the document library management system by taking the storage space as a unit, and meanwhile, when data access is performed on the first storage space, a first authentication token is generated and is used for accessing the first storage space. The data access is carried out in the form of the authentication token, the problem of unsafe data access existing in off-line borrowing can be relieved, meanwhile, the concept of the storage space is introduced into the document library management system, and isolation between data in different storage spaces can be further realized on the basis of relieving the problem of unsafe data access, so that when the document library management system is applied to a project research and development part, research and development data of different teams can be respectively stored in different storage spaces in the document library management system, and access to the data in the storage spaces by different research and development staff is limited in the form of the authentication token, so that the relevance of departments and teams can be greatly reduced, the similarity of data content in the space is improved, and the safety of data access is improved.
In one or more embodiments of the application, accessing a first storage space with a first authentication token includes:
and in response to not detecting the access operation of the user to the first storage space within the token valid duration, marking the first authentication token as a failure token.
In this embodiment, the first authentication token may be marked as a stale token by changing the marking status of the first authentication token. For example by updating the token state of the first authentication token from a valid state to a disabled state. Marking the first authentication token as a stale token may of course also be achieved by deleting the first authentication token.
It should be appreciated that the first authentication token, after being marked as a stale token, can no longer be used to enable access to the first memory space.
It should be appreciated that the first authentication token is a valid token during the token validity period, so that the user's access operation to the first storage space during the token validity period can be authenticated by the first authentication token to the user's access right. In application, the effective duration of the token can be considered to be preset based on experience, such as setting the effective duration of the token to 30 minutes.
In the scheme provided by the embodiment, the access operation of the user to the first storage space in the effective time of the token is used for determining whether the first authentication token is marked as the invalid token, so that the occupation of the first authentication token to the storage space when the user does not access the first storage space for a long time can be reduced.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In one or more embodiments of the application, accessing a first storage space with a first authentication token includes:
and in response to detecting the operation of the user on the first storage space in the monitoring duration, prolonging the token effective duration of the first authentication token, wherein the monitoring duration is the duration difference between the token effective duration and the generated duration of the first authentication token.
In the application, the time length for prolonging the effective time length of the token can be set manually based on experience or according to actual requirements, for example, the time length for prolonging the effective time length of the token can be set to be 30 minutes.
In the application, the detection duration may be set manually based on experience or according to actual requirements, for example, the monitoring duration may be set to be 10 minutes, that is, if the operation of the user on the first storage space can still be detected in the last 10 minutes of the token valid duration, the token valid duration of the first authentication token is prolonged.
In the scheme provided by the embodiment, under the condition that the generated time length of the first authentication token is about to be equal to the effective time length of the token, if the access operation of the user to the first storage space can still be detected, the effective time length of the token is prolonged, so that the condition that the access of the user to the first storage space is interrupted due to the failure of the first authentication token when the user is accessing the first storage space can be reduced, and the user experience is improved.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In one or more embodiments of the application, accessing a first storage space with a first authentication token includes:
responding to the detection of the data access operation of the user to the target data in the first storage space, and acquiring a current valid token corresponding to the user;
in the case where the currently valid token is the first authentication token, the target data is processed based on the data access operation.
In the scheme provided by the embodiment, for each access of the user to the first storage space, the first authentication token is adopted to authenticate and authenticate the user, so that the security of data access can be further improved.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In one or more embodiments of the application, the method further comprises:
in response to detecting that the user accesses a second storage space in the document library management system and that the user has access to the second storage space, generating a second authentication token for indicating that the user has access to the second storage space under the condition of generating the first authentication token;
the first authentication token is overridden with the second authentication token.
In the scheme provided by the embodiment, when the storage space accessed by the user is switched, namely, the first storage space is switched to the second storage space, in order to improve the security of data access, the second authentication token generated based on the second storage space is adopted to cover the first authentication token, so that the fact that the user can only access one storage space in the document library management system at the same time can be realized, the authentication of the user is facilitated, and meanwhile, the security of data access can be improved.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In one or more embodiments of the present application, in a case where it is detected that the user has access to the first storage space, the method includes:
under the condition that the first storage space is included in the storage space list corresponding to the user is detected; the storage space list comprises all storage spaces of which the user has access rights.
It should be understood that the user information of the user is carried in the access operation of the user to the first space, so that the access right of the user to the first storage space can be authenticated based on the user information in the access operation. Typically, a list of memory spaces is maintained in the electronic device, which includes all memory spaces that the user has access to. Thus, in the case where the first storage space is included in the storage space list by the query, it can be determined that the user has access to the first storage space.
In an application, the storage space in the storage space list may be generated by a user when registering with the document library management system. When the user is registered in the document library management system, a background staff of the document library management system can verify and authenticate the storage space to be registered by the user, and after the authentication is passed, the storage space requested by the user during registration is added into a storage space list corresponding to the user.
In the scheme provided by the embodiment, the access authority of the user to the first storage space is verified through the storage space list, so that the method is simple and easy to realize.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In one or more embodiments of the application, the method further comprises:
in the case of generating the first authentication token, the first authentication token is stored in a cache.
In the scheme provided by the embodiment of the application, the first authentication token is stored in the cache (Redis), so that the reading and writing speed of the first authentication token can be improved, and the data access speed is improved.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
The embodiment of the application also provides a data access device, as shown in fig. 4, which may include:
a generating module 41, configured to generate, in response to an access operation of a user to a first storage space in a document library management system, a first authentication token, where the first authentication token is used to indicate that the user has access to the first storage space, when it is detected that the user has access to the first storage space;
an access module 42 for accessing the first storage space using the first authentication token.
Optionally, the access module 42 is configured to:
and marking the first authentication token as a failure token in response to the fact that the access operation of the user to the first storage space is not detected within the token valid duration.
Optionally, the access module 42 is configured to:
and in response to detecting the operation of the user on the first storage space in the monitoring duration, prolonging the token effective duration of the first authentication token, wherein the monitoring duration is a duration difference between the token effective duration and the generated duration of the first authentication token.
Optionally, the access module 42 is configured to:
acquiring a current valid token corresponding to the user in response to detecting a data access operation of the user to target data in the first storage space;
and processing the target data based on the data access operation in the case that the currently valid token is the first authentication token.
Optionally, the device is further configured to:
generating a second authentication token in response to detecting that the user accesses a second storage space in the document library management system and that the user has access to the second storage space, the second authentication token being used to indicate that the user has access to the second storage space;
and covering the first authentication token with the second authentication token.
Optionally, the generating module 41 is configured to:
under the condition that the first storage space is included in the storage space list corresponding to the user is detected; the storage space list comprises all storage spaces of which the user has access rights.
Optionally, the device is further configured to:
in the case of generating the first authentication token, the first authentication token is stored in a cache.
The embodiment of the application also provides the electronic equipment for executing the data access method. Referring to fig. 5, a schematic diagram of an electronic device according to some embodiments of the present application is shown. As shown in fig. 5, the electronic device 5 includes: a processor 500, a memory 501, a bus 502 and a communication interface 503, the processor 500, the communication interface 503 and the memory 501 being connected by the bus 502; the memory 501 stores a computer program executable on the processor 500, and the processor 500 executes the data access method provided in any of the foregoing embodiments of the present application when the computer program is executed.
The memory 501 may include a high-speed random access memory (RAM: random Access Memory), and may further include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory. The communication connection between the device network element and at least one other network element is achieved through at least one communication interface 503 (which may be wired or wireless), the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
Bus 502 may be an ISA bus, a PCI bus, an EISA bus, or the like. The buses may be classified as address buses, data buses, control buses, etc. The memory 501 is configured to store a program, and the processor 500 executes the program after receiving an execution instruction, and the data access method disclosed in any of the foregoing embodiments of the present application may be applied to the processor 500 or implemented by the processor 500.
The processor 500 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuitry in hardware or instructions in software in the processor 500. The processor 500 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 501, and the processor 500 reads the information in the memory 501, and in combination with its hardware, performs the steps of the method described above.
The electronic equipment provided by the embodiment of the application and the data access method provided by the embodiment of the application have the same beneficial effects as the method adopted, operated or realized by the electronic equipment based on the same inventive concept.
The embodiment of the present application further provides a computer readable storage medium corresponding to the data access method provided in the foregoing embodiment, referring to fig. 6, the computer readable storage medium is shown as an optical disc 30, on which a computer program (i.e. a program product) is stored, where the computer program, when executed by a processor, performs the data access method provided in any of the foregoing embodiments.
It should be noted that examples of the computer readable storage medium may also include, but are not limited to, a phase change memory (PRAM), a Static Random Access Memory (SRAM), a Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a flash memory, or other optical or magnetic storage medium, which will not be described in detail herein.
The computer readable storage medium provided by the above embodiment of the present application has the same advantageous effects as the method adopted, operated or implemented by the application program stored therein, because of the same inventive concept as the data access method provided by the embodiment of the present application.
It should be noted that:
in the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the application and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
The present application is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present application are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of data access, comprising:
in response to a user accessing a first storage space in a document library management system, generating a first authentication token in the case that the user has access to the first storage space is detected, wherein the first authentication token is used for indicating that the user has access to the first storage space;
accessing the first storage space using the first authentication token.
2. The method of claim 1, wherein accessing the first storage space with the first authentication token comprises:
and marking the first authentication token as a failure token in response to the fact that the access operation of the user to the first storage space is not detected within the token valid duration.
3. The method of claim 1, wherein accessing the first storage space with the first authentication token comprises:
and in response to detecting the operation of the user on the first storage space in the monitoring duration, prolonging the token effective duration of the first authentication token, wherein the monitoring duration is a duration difference between the token effective duration and the generated duration of the first authentication token.
4. A method according to any of claims 1-3, wherein accessing the first storage space with the first authentication token comprises:
acquiring a current valid token corresponding to the user in response to detecting a data access operation of the user to target data in the first storage space;
and processing the target data based on the data access operation in the case that the currently valid token is the first authentication token.
5. A method according to any one of claims 1-3, wherein the method further comprises:
generating a second authentication token in response to detecting that the user accesses a second storage space in the document library management system and that the user has access to the second storage space, the second authentication token being used to indicate that the user has access to the second storage space;
and covering the first authentication token with the second authentication token.
6. A method according to any of claims 1-3, characterized in that in case it is detected that the user has access to the first storage space, it comprises:
under the condition that the first storage space is included in the storage space list corresponding to the user is detected; the storage space list comprises all storage spaces of which the user has access rights.
7. A method according to any one of claims 1-3, wherein the method further comprises:
in the case of generating the first authentication token, the first authentication token is stored in a cache.
8. A data access device, comprising:
the generation module is used for responding to the access operation of a user to a first storage space in the document library management system, and generating a first authentication token when the user is detected to have the access right to the first storage space, wherein the first authentication token is used for indicating that the user has the access right to the first storage space;
and the access module is used for accessing the first storage space by using the first authentication token.
9. An electronic device, comprising: a processor and a memory;
the memory is used for storing a computer program;
the processor being configured to execute a program stored in the memory to implement the data access method of any one of claims 1 to 7.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the data access method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310935652.3A CN116663066B (en) | 2023-07-28 | 2023-07-28 | Data access method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310935652.3A CN116663066B (en) | 2023-07-28 | 2023-07-28 | Data access method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116663066A true CN116663066A (en) | 2023-08-29 |
| CN116663066B CN116663066B (en) | 2024-02-23 |
Family
ID=87717406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310935652.3A Active CN116663066B (en) | 2023-07-28 | 2023-07-28 | Data access method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116663066B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6973493B1 (en) * | 2000-05-09 | 2005-12-06 | Sun Microsystems, Inc. | Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment |
| CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
| CN102546782A (en) * | 2011-12-28 | 2012-07-04 | 北京奇虎科技有限公司 | Distribution system and data operation method thereof |
| US20140282940A1 (en) * | 2013-03-15 | 2014-09-18 | salesforce.com,inc. | Method and Apparatus for Multi-Domain Authentication |
| CN106326947A (en) * | 2016-08-18 | 2017-01-11 | 徐峰 | Identifier processing method and device |
| CN107294920A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | It is a kind of reversely to trust login method and device |
| US10057246B1 (en) * | 2015-08-31 | 2018-08-21 | EMC IP Holding Company LLC | Method and system for performing backup operations using access tokens via command line interface (CLI) |
| CN114978605A (en) * | 2022-04-25 | 2022-08-30 | 联仁健康医疗大数据科技股份有限公司 | Page access method and device, electronic equipment and storage medium |
-
2023
- 2023-07-28 CN CN202310935652.3A patent/CN116663066B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6973493B1 (en) * | 2000-05-09 | 2005-12-06 | Sun Microsystems, Inc. | Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment |
| CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
| CN102546782A (en) * | 2011-12-28 | 2012-07-04 | 北京奇虎科技有限公司 | Distribution system and data operation method thereof |
| US20140282940A1 (en) * | 2013-03-15 | 2014-09-18 | salesforce.com,inc. | Method and Apparatus for Multi-Domain Authentication |
| US10057246B1 (en) * | 2015-08-31 | 2018-08-21 | EMC IP Holding Company LLC | Method and system for performing backup operations using access tokens via command line interface (CLI) |
| CN107294920A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | It is a kind of reversely to trust login method and device |
| CN106326947A (en) * | 2016-08-18 | 2017-01-11 | 徐峰 | Identifier processing method and device |
| CN114978605A (en) * | 2022-04-25 | 2022-08-30 | 联仁健康医疗大数据科技股份有限公司 | Page access method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 李海峰: "基于FPGA的混合服务策略控制系统设计", 《中国优秀硕士学位论文全文数据库•工程科技Ⅱ辑》, no. 02, pages 1 - 16 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116663066B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9811683B2 (en) | Context-based security screening for accessing data | |
| JP6599906B2 (en) | Login account prompt | |
| JP4726545B2 (en) | Method, system and apparatus for discovering and connecting data sources | |
| US10963526B2 (en) | Techniques for managing writable search results | |
| CN102165430B (en) | Multiple parallel user experiences provided by a single set of internet hosting machines | |
| EP3814929B1 (en) | Blockchain-based content management method, apparatus, and electronic device | |
| US8904551B2 (en) | Control of access to files | |
| US20130111404A1 (en) | User interface for saving documents using external storage services | |
| US20160342449A1 (en) | Data exchange across multiple computing devices through a proactive intelligent clipboard | |
| JP2010530589A (en) | Integrated sharing of electronic documents | |
| US20090144321A1 (en) | Associating metadata with media objects using time | |
| US20160077673A1 (en) | Intelligent Canvas | |
| CN107515879B (en) | Method and electronic equipment for document retrieval | |
| US20230367829A1 (en) | Indexing Native Application Data | |
| CN108108633A (en) | A kind of data file and its access method, device and equipment | |
| US20110252298A1 (en) | Managing bookmarks in applications | |
| CN116663066B (en) | Data access method, device and storage medium | |
| US20140297953A1 (en) | Removable Storage Device Identity and Configuration Information | |
| CN105354506A (en) | File hiding method and apparatus | |
| KR101828466B1 (en) | Method and apparatus for providing an object-based storage interface on the storage device based on file system | |
| TW201523304A (en) | Document collections distribution and publishing | |
| US20160150038A1 (en) | Efficiently Discovering and Surfacing Content Attributes | |
| KR20220056656A (en) | Method and apparatus for providing metadata share service | |
| CN114580008B (en) | Document access control based on document component layout | |
| US20230305997A1 (en) | Shared item file retention |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |