CN117633731A - JAR package authority control method and device, computer equipment and storage medium - Google Patents

JAR package authority control method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN117633731A
CN117633731A CN202311603853.XA CN202311603853A CN117633731A CN 117633731 A CN117633731 A CN 117633731A CN 202311603853 A CN202311603853 A CN 202311603853A CN 117633731 A CN117633731 A CN 117633731A
Authority
CN
China
Prior art keywords
hive table
jar packet
jar
execution
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311603853.XA
Other languages
Chinese (zh)
Inventor
戴建明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN202311603853.XA priority Critical patent/CN117633731A/en
Publication of CN117633731A publication Critical patent/CN117633731A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of big data, and discloses a JAR packet authority control method, which comprises the following steps: storing the first JAR packet into a first Hive table, and storing the second JAR packet into a second Hive table; storing a first execution password of the first JAR packet and a second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different; and controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table. Therefore, the invention replaces the JAR package authorization management for the user by carrying out the Hive table authorization management for the user, and the user only needs to apply the corresponding Hive table authorization when needing a certain JAR package, thereby avoiding the problems of complex combined authorization and the like and achieving the purpose of improving the JAR package authorization control efficiency.

Description

JAR package authority control method and device, computer equipment and storage medium
Technical Field
The present invention relates to the field of big data technologies, and in particular, to a JAR packet permission control method, apparatus, computer device, and storage medium.
Background
A JAR file (Java Archive File), also known as a JAR package, is a document format that is related to Java and binds Java applets and their required components (e.g., class files, images and sounds) into the JAR package for use by a user in need thereof.
However, in order to use the JAR package, the user must obtain the execution authority of the JAR package, at present, the application of the execution authority of the JAR package needs to be manually participated, and when there are too many users to be authorized and one user needs to have the execution authority of a plurality of JAR packages, there is a great difficulty in managing the authority, which results in lower efficiency of managing the authority of the JAR package.
Disclosure of Invention
The embodiment of the invention provides a JAR package authority control method, a device, computer equipment and a storage medium, which are used for solving the problem that the JAR package authority control efficiency is lower under the condition that more users need to be authorized and one user needs the execution authorities of a plurality of JAR packages.
A JAR packet entitlement control method, the method comprising:
storing the first JAR packet into a first Hive table, and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions; the method comprises the steps of carrying out a first treatment on the surface of the
Storing a first execution password of the first JAR packet and a second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
And controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table.
The method, optionally, of implementing the execution authority control of the first JAR packet and the second JAR packet through the table authority control of the first Hive table, the second Hive table and the third Hive table, includes:
based on authority application operation of a user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
after a first query right of the first Hive table and a third query right of the third Hive table are authorized to a user based on the first query right application and the third query right application, acquiring the first JAR packet from the first Hive table and acquiring the first execution password from the third Hive table;
acquiring the execution authority of the first JAR packet based on the first execution password;
after a second query right of the second Hive table and a third query right of the third Hive table are authorized to a user based on the second query right application and the third query right application, acquiring the second JAR packet from the second Hive table and acquiring the second execution password from the third Hive table;
And acquiring the execution authority of the second JAR packet based on the second execution password.
In the above method, optionally, the first JAR packet includes a complete cluster path of the third Hive table;
wherein the obtaining the first JAR packet from the first Hive table and the first execution password from the third Hive table includes:
the first JAR packet is invoked to extract a first execution password from the second Hive table based on the full cluster path.
The method, optionally, the first JAR packet includes a first decoding key of a first execution password;
wherein, based on the first execution password, the obtaining the execution authority of the first JAR packet includes:
decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
A JAR packet entitlement control device, the device comprising:
the first storage unit is used for storing the first JAR packet into a first Hive table and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions;
The second storage unit is used for storing the first execution password of the first JAR packet and the second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
and the permission control unit is used for controlling the execution permission of the first JAR packet and the second JAR packet through the table permission control of the first Hive table, the second Hive table and the third Hive table.
The above device, optionally, the permission control unit is configured to:
based on authority application operation of a user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
after a first query right of the first Hive table and a third query right of the third Hive table are authorized to a user based on the first query right application and the third query right application, acquiring the first JAR packet from the first Hive table and acquiring the first execution password from the third Hive table;
Acquiring the execution authority of the first JAR packet based on the first execution password;
after a second query right of the second Hive table and a third query right of the third Hive table are authorized to a user based on the second query right application and the third query right application, acquiring the second JAR packet from the second Hive table and acquiring the second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
The above apparatus, optionally, the first JAR packet includes a complete cluster path of the third Hive table;
wherein, the authority control unit is used for:
the first JAR packet is invoked to extract a first execution password from the second Hive table based on the full cluster path.
The above apparatus, optionally, the first JAR packet includes a first decoding key of a first execution password;
wherein, the authority control unit is used for:
decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing a JAR packet entitlement control method as described above when the computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor implements a JAR packet entitlement control method as described above.
According to the JAR package authority control method, the device, the computer equipment and the storage medium, the first JAR package is stored in the first Hive table, the second JAR package is stored in the second Hive table, the first execution password of the first JAR package and the second execution password of the second JAR package are stored in the third Hive table, and further the authority control of the first JAR package and the second JAR package is realized through the authority management of different Hive tables. Therefore, the invention replaces the JAR package authorization management for the user by carrying out the Hive table authorization management for the user, and the user only needs to apply the corresponding Hive table authorization when needing a certain JAR package, thereby avoiding the problems of complex combined authorization and the like and achieving the purpose of improving the JAR package authorization control efficiency. In addition, in this embodiment, different JAR packets are respectively stored in different Hive tables, and the execution passwords of the JAR packets are stored in another Hive table, so that the security of the JAR packets and the execution passwords can be further ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart illustrating an implementation of a method for JAR packet entitlement control in accordance with an embodiment of the present invention;
FIG. 2 is a flow chart of a partial implementation of a JAR packet entitlement control method in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram of a JAR packet entitlement control device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that some, but not all embodiments of the invention are described. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
In addition, in the description of the present specification and the appended claims, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the invention. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more, but not all, embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
The invention discloses a JAR package authority control method, a device, computer equipment and a storage medium. Therefore, the invention replaces the JAR package authorization management for the user by carrying out the Hive table authorization management for the user, and the user only needs to apply the corresponding Hive table authorization when needing a certain JAR package, thereby avoiding the problems of complex combined authorization and the like and achieving the purpose of improving the JAR package authorization control efficiency. In addition, in this embodiment, different JAR packets are respectively stored in different Hive tables, and the execution passwords of the JAR packets are stored in another Hive table, so that the security of the JAR packets and the execution passwords can be further ensured. The following is a description of specific examples.
Fig. 1 is a flowchart illustrating an implementation of a JAR packet permission control method according to an embodiment of the present invention, where the method is applicable to an electronic device with data processing capability, such as a mobile phone, a tablet computer, a personal computer, or a server. The method specifically comprises the following steps:
s101: the first JAR packet is stored to the first Hive table and the second JAR packet is stored to the second Hive table.
The first JAR packet and the second JAR packet are JAR packets with different functions. For example, the first JAR packet is a JAR packet having an encryption function, and the second JAR packet is a JAR packet having a decryption function.
In a specific implementation, the first JAR package and the second JAR package may be stored by a file management system in this embodiment, such as a distributed file system (Hadoop Distributed File System, HDFS). And respectively importing the first JAR package and the second JAR package into a distributed file system, further storing the first JAR package into a designated first Hive table, and storing the second JAR package into a designated second Hive table. The file management system automatically stores the first JAR packet into the first Hive table according to the HDFS path included in the first JAR packet after the first JAR packet is imported into the file management system, or selects the HDFS path of the first Hive table after the first JAR packet is imported into the file management system, and then stores the first JAR packet into the first Hive table based on the HDFS path. Similarly, the second JAR packet may include an HDFS path of the second Hive table, and after the second JAR packet is imported into the file management system, the file management system automatically stores the second JAR packet into the second Hive table according to the HDFS path included in the second JAR packet, or after the second JAR packet is imported into the file management system, selects the HDFS path of the second Hive table, and then stores the second JAR packet into the first Hive table based on the HDFS path.
It should be noted that the first JAR packet and the second JAR packet are merely exemplary descriptions of the present embodiment, and the first JAR packet is not necessarily a JAR packet having an encryption function, the second JAR packet is necessarily a JAR packet having a decryption function, and is not limited to only the first JAR packet and the second JAR packet, and is not limited to only the first Hive table and the second Hive table, that is, the third JAR packet may be stored in the fourth Hive table, and the specific functions of the first JAR packet and the second JAR packet, and the number of JAR packets and the number of Hive tables are not limited in the present embodiment.
S102: and storing the first execution password of the first JAR packet and the second execution password of the second JAR packet into a third Hive table.
Wherein the first execution password and the second execution password are the same or different. That is, the first JAR packet and the second JAR packet may use the same execution password or may use different execution passwords.
It should be appreciated that to ensure that the first JAR packet and the second JAR packet are misappropriated by unauthorized persons, the first execution password and the second execution password must be owned to ensure that the first JAR packet and the second JAR packet are entirely usable. The first execution password and the second execution password are stored separately from the first JAR packet and the second JAR packet, even if the first JAR packet and the second JAR packet are stolen, the first JAR packet and the second JAR packet are not available due to the fact that the first execution password and the second execution password are not available, so that the safety of the first JAR packet and the second JAR packet is ensured, and the first execution password and the second execution password are stored in the third Hive table, so that the safety of the first execution password and the second execution password is improved, and the possibility that the first JAR packet and the second JAR packet are used by a person is reduced.
In a specific implementation, in this embodiment, the first execution password and the second execution password may be input to the file management system, and the HDFS path of the third Hive table is selected, so that the file management system stores the first execution password and the second execution password in the third Hive table based on the HDFS path.
S103: and controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table.
In a specific implementation, when a user needs a first JAR package, the first JAR package and a first execution password can be obtained only by applying for the query rights of the first Hive table and the third Hive table, so that the execution rights of the first JAR package are obtained; when the user needs the second JAR package, the second JAR package and the second execution password can be obtained only by applying for the query authorities of the second Hive table and the third Hive table, so that the execution authority of the second JAR package is obtained.
In summary, the present invention discloses a JAR packet permission control method, which stores a first JAR packet in a first Hive table, stores a second JAR packet in a second Hive table, stores a first execution password of the first JAR packet and a second execution password of the second JAR packet in a third Hive table, and further performs permission control on the first JAR packet and the second JAR packet by performing authorization management on different Hive tables. Therefore, the invention can obtain the execution authority of the JAR package only by applying the authority of the Hive table where different JAR packages are located and the authority of the Hive table where the execution password is located, and the purposes of improving the authority control efficiency of the JAR package can be achieved without complex authority of multiple people of the JAR package, combined authority and the like.
In the specific implementation based on fig. 1, step S103 may be specifically implemented by the following steps, as shown in fig. 2:
s201: based on the authority application operation of the user, a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table are obtained, or a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table are obtained.
It should be understood that when the user needs to obtain the execution rights of the first JAR package, the user needs to query the first Hive table and the third Hive table, that is, based on the rights application operation of the user, the user obtains the first query rights application of the user to the first Hive table and the third query rights application of the user to the third Hive table; when the user needs to acquire the execution right of the second JAR package, the user needs to query the second Hive table and the third Hive table, namely, based on the right application operation of the user, the user acquires the second query right application of the second Hive table and the third query right application of the third Hive table. And according to different JAR packages required by a user, inquiring authority application is carried out on different Hive tables.
In a specific implementation, in this embodiment, the user may perform the rights application operation in a Hive table query rights application page output by the file management system. For example, a user may log in a personal account in the file management system, select a Hive table to be applied in a Hive table inquiry authority application page, and click an apply control to generate an inquiry authority request, so that a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table can be obtained based on an authority application operation of the user.
S202: after the first query permission of the first Hive table and the third query permission of the third Hive table are authorized to the user based on the first query permission application and the third query permission application, a first JAR package is obtained from the first Hive table, and a first execution password is obtained from the third Hive table.
In a specific implementation, the authorization manner of the Hive table in this embodiment may be manual authorization, automatic authorization, and the like, which is specifically shown as follows:
the first authorization mode is that the first query authority of the first Hive table and the third query authority of the third Hive table are authorized to the user through manual authorization.
And sending the first inquiry authority application of the user to a background control terminal of the file management system, and verifying the information of the user by an administrator of the background control terminal based on the first inquiry authority application, for example, verifying whether the user is an enterprise internal employee or whether the user is an enterprise client or not, and returning a verification success result to the user terminal under the condition that the verification is passed. Therefore, the first query authority of the first Hive table and the third query authority of the third Hive table can be authorized to the user, so that the user can acquire the first JAR package from the first Hive table and acquire the first execution password from the third Hive table.
In the second authorization mode, related information of the user, which can be used for authorization, is stored in the verification terminal so as to automatically authorize the user.
And the verification terminal compares and verifies the user information stored by the verification terminal based on the user information in the first inquiry authority application, and returns a verification success result to the user terminal when the information is consistent. Therefore, the first query authority of the first Hive table and the third query authority of the third Hive table can be authorized to the user, so that the user can acquire the first JAR package from the first Hive table and acquire the first execution password from the third Hive table.
S203: based on the first execution password, the execution authority of the first JAR packet is obtained.
It should be appreciated that when the user obtains the first execution password and the first JAR package, the user obtains the execution authority of the first JAR package, that is, the user may use all functions of the first JAR package based on the first execution password.
S204: and after the second query authority of the second Hive table and the third query authority of the third Hive table are authorized to the user based on the second query authority application and the third query authority application, acquiring a second JAR packet from the second Hive table and acquiring a second execution password from the third Hive table.
In a specific implementation, the authorization manner of the Hive table in this embodiment may be manual authorization, automatic authorization, and the like, which is specifically shown as follows:
the first authorization mode is that the second query authority of the second Hive table and the third query authority of the third Hive table are authorized to the user through manual authorization.
And sending the second inquiry authority application of the user to a background control terminal of the file management system, and verifying the information of the user by an administrator of the background control terminal based on the second inquiry authority application, for example, verifying whether the user is an enterprise internal employee or whether the user is an enterprise client or not, and returning a verification success result to the user terminal under the condition that the verification is passed. Therefore, the second query authority of the second Hive table and the third query authority of the third Hive table can be authorized to the user, so that the user can acquire the second JAR package from the second Hive table and acquire the second execution password from the third Hive table.
In the second authorization mode, related information of the user, which can be used for authorization, is stored in the verification terminal so as to automatically authorize the user.
And the verification terminal compares and verifies the user information stored by the verification terminal based on the user information in the second inquiry authority application, and returns a verification success result to the user terminal when the information is consistent. Therefore, the second query authority of the second Hive table and the third query authority of the third Hive table can be authorized to the user, so that the user can acquire the second JAR package from the second Hive table and acquire the second execution password from the third Hive table.
S205: and acquiring the execution authority of the second JAR packet based on the second execution password.
It should be appreciated that when the user obtains the second execution password and the second JAR package, the user obtains the execution authority of the second JAR package, that is, the user may use all functions of the second JAR package based on the second execution password.
In one implementation, the first JAR packet includes a complete cluster path of the third Hive table. Thus, when the first JAR packet is invoked, the first execution password may be extracted from the second Hive table based on the complete cluster path of the third Hive table.
Specifically, the first JAR packet may include a program for implementing data extraction based on path addressing, and when the first JAR packet is called, the program is started, and then path addressing is performed based on a complete cluster path of the third Hive table, so as to find the third Hive table, and further, the first execution password in the third Hive table, so that the user only needs to call the first JAR packet from the first Hive table, and does not need to actively find the first execution password from the third Hive table, thereby further improving the authorization efficiency of the JAR packet and also improving the security of the first execution password.
In addition, because the first execution password is extracted from the third Hive table based on the program with path addressing, the first JAR packet is calculated to be copied to other equipment by non-enterprise staff or non-enterprise clients, the complete function of the first JAR packet still cannot be used, and the risk of property loss or information leakage of enterprises caused by using the first JAR packet by other people is avoided.
Similarly, the second JAR packet may also include a complete cluster path of the third Hive table, which is not described herein.
In one implementation, the first JAR packet includes a first decoding key for the first execution password. That is, the first execution password is an encrypted password that has been encrypted in advance.
After a first JAR packet is called and a path addressing program in the first JAR packet is used for decrypting the first execution password from a first execution password in a third Hive table, the first decryption execution password is obtained based on the first decryption password and a corresponding decryption algorithm, and then the execution permission of the first JAR packet is obtained based on the first decryption execution password.
The decryption algorithm and the encryption algorithm in this embodiment may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or the like, which is not particularly limited in this embodiment.
In summary, in this embodiment, the encrypted first execution password is stored in the third Hive table, so that the security of the first execution password is further improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
As shown in fig. 3, the present embodiment discloses a JAR packet permission control device, which is suitable for an electronic device with data processing capability, such as a mobile phone, a tablet computer, a personal computer, or a server.
Specifically, the apparatus in this embodiment may specifically include the following units:
a first storage unit 301, configured to store a first JAR packet into a first Hive table and store a second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions;
a second storage unit 302, configured to store the first execution password of the first JAR packet and the second execution password of the second JAR packet in a third Hive table; the first execution password and the second execution password are the same or different;
and the permission control unit 303 is configured to implement execution permission control on the first JAR packet and the second JAR packet through table permission control of the first Hive table, the second Hive table and the third Hive table.
In summary, the present embodiment discloses a JAR packet authority control device, which stores a first JAR packet in a first Hive table, stores a second JAR packet in a second Hive table, stores a first execution password of the first JAR packet and a second execution password of the second JAR packet in a third Hive table, and further performs authority control on the first JAR packet and the second JAR packet by managing the authority of different Hive tables. Therefore, the invention replaces the JAR package authorization management for the user by carrying out the Hive table authorization management for the user, and the user only needs to apply the corresponding Hive table authorization when needing a certain JAR package, thereby avoiding the problems of complex combined authorization and the like and achieving the purpose of improving the JAR package authorization control efficiency. In addition, in this embodiment, different JAR packets are respectively stored in different Hive tables, and the execution passwords of the JAR packets are stored in another Hive table, so that the security of the JAR packets and the execution passwords can be further ensured.
In one implementation, the rights control unit 303 is configured to:
based on the authority application operation of the user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
after the first query authority of the first Hive table and the third query authority of the third Hive table are authorized to the user based on the first query authority application and the third query authority application, acquiring a first JAR packet from the first Hive table and acquiring a first execution password from the third Hive table;
acquiring the execution authority of a first JAR packet based on the first execution password;
after the second query authority of the second Hive table and the third query authority of the third Hive table are authorized to the user based on the second query authority application and the third query authority application, acquiring a second JAR packet from the second Hive table and acquiring a second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
In one implementation, the first JAR packet includes a complete cluster path of the third Hive table;
Wherein the rights control unit 303 is configured to:
the first JAR packet is invoked to extract the first execution password from the second Hive table based on the full cluster path.
In one implementation, a first decoding key of a first execution password is included in a first JAR packet;
wherein the rights control unit 303 is configured to:
decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
For specific limitations of the JAR packet entitlement control device, reference may be made to the above-mentioned limitations regarding the JAR packet entitlement control method, and no further description is given here. The modules in the JAR packet authority control device can be all or partially realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one implementation, an embodiment of the present invention discloses a computer device, which may be a server, and an internal structure diagram of the computer device may be shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a JAR packet entitlement control method.
In one embodiment, a computer device is provided comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
storing the first JAR packet into a first Hive table, and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions; the method comprises the steps of carrying out a first treatment on the surface of the
Storing a first execution password of the first JAR packet and a second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
and controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table.
In one implementation, the controlling of the execution authority of the first JAR packet and the second JAR packet is implemented through the table authority control of the first Hive table, the second Hive table and the third Hive table, including:
based on the authority application operation of the user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
After the first query authority of the first Hive table and the third query authority of the third Hive table are authorized to the user based on the first query authority application and the third query authority application, acquiring a first JAR packet from the first Hive table and acquiring a first execution password from the third Hive table;
acquiring the execution authority of a first JAR packet based on the first execution password;
after the second query authority of the second Hive table and the third query authority of the third Hive table are authorized to the user based on the second query authority application and the third query authority application, acquiring a second JAR packet from the second Hive table and acquiring a second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
In one implementation, the first JAR packet includes a complete cluster path of the third Hive table;
wherein, obtain the first JAR package from the first Hive table to obtain the first execution password from the third Hive table, include:
the first JAR packet is invoked to extract the first execution password from the second Hive table based on the full cluster path.
In one implementation, a first decoding key of a first execution password is included in a first JAR packet;
wherein, based on the first execution password, the obtaining the execution authority of the first JAR packet includes:
Decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
In one implementation, embodiments of the invention disclose a computer readable storage medium, which when executed by a processor in a computer device, causes the computer device to perform the steps of any of the embodiments of a JAR packet entitlement control method as disclosed herein. The computer readable storage medium may be nonvolatile or may be volatile.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
storing the first JAR packet into a first Hive table, and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions; the method comprises the steps of carrying out a first treatment on the surface of the
Storing a first execution password of the first JAR packet and a second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
and controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table.
In one implementation, the controlling of the execution authority of the first JAR packet and the second JAR packet is implemented through the table authority control of the first Hive table, the second Hive table and the third Hive table, including:
based on the authority application operation of the user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
after the first query authority of the first Hive table and the third query authority of the third Hive table are authorized to the user based on the first query authority application and the third query authority application, acquiring a first JAR packet from the first Hive table and acquiring a first execution password from the third Hive table;
acquiring the execution authority of a first JAR packet based on the first execution password;
after the second query authority of the second Hive table and the third query authority of the third Hive table are authorized to the user based on the second query authority application and the third query authority application, acquiring a second JAR packet from the second Hive table and acquiring a second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
In one implementation, the first JAR packet includes a complete cluster path of the third Hive table;
wherein, obtain the first JAR package from the first Hive table to obtain the first execution password from the third Hive table, include:
the first JAR packet is invoked to extract the first execution password from the second Hive table based on the full cluster path.
In one implementation, a first decoding key of a first execution password is included in a first JAR packet;
wherein, based on the first execution password, the obtaining the execution authority of the first JAR packet includes:
decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

Claims (10)

1. A JAR packet entitlement control method, the method comprising:
storing the first JAR packet into a first Hive table, and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions;
Storing a first execution password of the first JAR packet and a second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
and controlling the execution authority of the first JAR package and the second JAR package through the table authority control of the first Hive table, the second Hive table and the third Hive table.
2. The JAR packet permission control method of claim 1, wherein the performing permission control on the first JAR packet and the second JAR packet through the table permission control of the first Hive table, the second Hive table, and the third Hive table comprises:
based on authority application operation of a user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
after a first query right of the first Hive table and a third query right of the third Hive table are authorized to a user based on the first query right application and the third query right application, acquiring the first JAR packet from the first Hive table and acquiring the first execution password from the third Hive table;
Acquiring the execution authority of the first JAR packet based on the first execution password;
after a second query right of the second Hive table and a third query right of the third Hive table are authorized to a user based on the second query right application and the third query right application, acquiring the second JAR packet from the second Hive table and acquiring the second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
3. The JAR packet entitlement control method of claim 2 wherein the first JAR packet includes a complete cluster path of the third Hive table;
wherein the obtaining the first JAR packet from the first Hive table and the first execution password from the third Hive table includes:
the first JAR packet is invoked to extract a first execution password from the second Hive table based on the full cluster path.
4. The JAR packet entitlement control method of claim 2 wherein the first JAR packet includes a first decoding key for a first execution password;
wherein, based on the first execution password, the obtaining the execution authority of the first JAR packet includes:
Decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
5. A JAR packet entitlement control device, said device comprising:
the first storage unit is used for storing the first JAR packet into a first Hive table and storing the second JAR packet into a second Hive table; the first JAR packet and the second JAR packet are JAR packets with different functions;
the second storage unit is used for storing the first execution password of the first JAR packet and the second execution password of the second JAR packet into a third Hive table; the first execution password and the second execution password are the same or different;
and the permission control unit is used for controlling the execution permission of the first JAR packet and the second JAR packet through the table permission control of the first Hive table, the second Hive table and the third Hive table.
6. The JAR packet entitlement control device as claimed in claim 5, wherein the entitlement control unit is adapted to:
based on authority application operation of a user, acquiring a first inquiry authority application of the user to the first Hive table and a third inquiry authority application of the user to the third Hive table, or acquiring a second inquiry authority application of the user to the second Hive table and a third inquiry authority application of the user to the third Hive table;
After a first query right of the first Hive table and a third query right of the third Hive table are authorized to a user based on the first query right application and the third query right application, acquiring the first JAR packet from the first Hive table and acquiring the first execution password from the third Hive table;
acquiring the execution authority of the first JAR packet based on the first execution password;
after a second query right of the second Hive table and a third query right of the third Hive table are authorized to a user based on the second query right application and the third query right application, acquiring the second JAR packet from the second Hive table and acquiring the second execution password from the third Hive table;
and acquiring the execution authority of the second JAR packet based on the second execution password.
7. The JAR packet entitlement control device of claim 6 wherein the first JAR packet includes a complete cluster path of the third Hive table;
wherein, the authority control unit is used for:
the first JAR packet is invoked to extract a first execution password from the second Hive table based on the full cluster path.
8. The JAR packet entitlement control device of claim 6 wherein the first JAR packet includes a first decoding key for a first execution password;
wherein, the authority control unit is used for:
decrypting the first execution password based on the first decoding key to obtain a first decryption execution password;
and acquiring the execution authority of the first JAR packet based on the first decryption execution password.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the JAR packet entitlement control method according to any of claims 1 to 4 when the computer program is executed by the processor.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the JAR packet entitlement control method of any of claims 1 to 4.
CN202311603853.XA 2023-11-27 2023-11-27 JAR package authority control method and device, computer equipment and storage medium Pending CN117633731A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311603853.XA CN117633731A (en) 2023-11-27 2023-11-27 JAR package authority control method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311603853.XA CN117633731A (en) 2023-11-27 2023-11-27 JAR package authority control method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117633731A true CN117633731A (en) 2024-03-01

Family

ID=90028166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311603853.XA Pending CN117633731A (en) 2023-11-27 2023-11-27 JAR package authority control method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117633731A (en)

Similar Documents

Publication Publication Date Title
US11475137B2 (en) Distributed data storage by means of authorisation token
US10541806B2 (en) Authorizing account access via blinded identifiers
EP3100171B1 (en) Client authentication using social relationship data
CA2709944C (en) System and method for securing data
US9203904B2 (en) Secure hybrid file-sharing system
US11170128B2 (en) Information security using blockchains
US11595384B2 (en) Digital identity network interface system
US9553855B2 (en) Storing a key to an encrypted file in kernel memory
US11303443B2 (en) Electronic system to enable rapid acquisition and delivery of services and to provide strong protection of security and privacy
CN106992851B (en) TrustZone-based database file password encryption and decryption method and device and terminal equipment
US20100228987A1 (en) System and method for securing information using remote access control and data encryption
US20200042721A1 (en) System for providing access to data stored in a distributed trust computing network
AU2012266675B2 (en) Access control to data stored in a cloud
CN105991614A (en) Open authorization, resource access method and device, and a server
CN112836202A (en) Information processing method and device and server
CN111917711B (en) Data access method and device, computer equipment and storage medium
US11308238B2 (en) Server and method for identifying integrity of application
CN118260264A (en) User-friendly encrypted storage system and method for distributed file system
US20240265131A1 (en) Privacy preserving data processing in a Solid ecosystem using agents
CN111783115A (en) Data encryption storage method and device, electronic equipment and storage medium
CN117633731A (en) JAR package authority control method and device, computer equipment and storage medium
CN114239000A (en) Password processing method, device, computer equipment and storage medium
CN116318899B (en) Data encryption and decryption processing method, system, equipment and medium
US11841970B1 (en) Systems and methods for preventing information leakage
CN118523960B (en) Data authentication processing method of object storage server, server and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination