CN117938936A - Method, system, computing device and medium for identifying tenant identification - Google Patents
Method, system, computing device and medium for identifying tenant identification Download PDFInfo
- Publication number
- CN117938936A CN117938936A CN202410024654.1A CN202410024654A CN117938936A CN 117938936 A CN117938936 A CN 117938936A CN 202410024654 A CN202410024654 A CN 202410024654A CN 117938936 A CN117938936 A CN 117938936A
- Authority
- CN
- China
- Prior art keywords
- request
- tenant
- type
- identification
- tenant identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000004458 analytical method Methods 0.000 claims abstract description 23
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 4
- 238000012216 screening Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 238000002955 isolation Methods 0.000 description 6
- 235000014510 cooky Nutrition 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method, a system, a computing device and a medium for identifying tenant identification, wherein the method comprises the following steps: different types of requests sent by a user are obtained, and SaaS entry modes corresponding to the requests are obtained; analyzing and identifying a plurality of key parameters in each request, and assembling each key parameter of each request into a corresponding tenant context object; for each type, determining at least one tenant identification analyzer corresponding to each type of request according to a corresponding SaaS entry mode, and determining a target analyzer corresponding to each type of request according to analysis priority of each tenant identification analyzer; and for each type of each request, analyzing the corresponding tenant context object by utilizing a corresponding target analyzer to obtain the tenant identification corresponding to each request. The method solves the problems that the existing tenant identification method is usually fixed and single, and cannot meet the identification requirements of requests in different modes.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, a computing device, and a medium for identifying a tenant identifier.
Background
In a standard multi-tenant system, the tenants should have data isolation, both logically and physically. In order to enable Web requests to access the data area of different tenants, we need to specify the tenant identity in the current request.
The tenant identity is typically a unique identity for identifying a particular tenant. Traditional tenant isolation methods generally adopt modes of domain name, header, parameter and the like to identify tenant identification, but the methods have certain limitations. For example, the domain name identification method requires that the tenant uses an independent domain name, the header identification method requires that the tenant additionally carries the tenant identifier in the request, and the parameter identification method requires that the tenant specify the tenant identifier in the request. Therefore, the existing tenant identification recognition method is usually fixed and single, and cannot meet the recognition requirements of the requests in different modes.
Disclosure of Invention
In order to solve the problem that the existing tenant identification method is usually fixed and single and cannot meet the identification requirements of requests in different modes, the invention provides a method, a system, computing equipment and a medium for identifying tenant identification.
In order to solve the technical problem, the present invention provides a method for identifying a tenant identifier, including:
Different types of requests sent by a user are obtained, and SaaS entry modes corresponding to the requests are obtained;
Analyzing and identifying a plurality of key parameters in each request, and assembling each key parameter of each request into a corresponding tenant context object;
For each type, determining at least one tenant identification analyzer corresponding to each type of request according to a corresponding SaaS entry mode, and determining a target analyzer corresponding to each type of request according to analysis priority of each tenant identification analyzer;
and for each type of each request, analyzing the corresponding tenant context object by utilizing a corresponding target analyzer to obtain the tenant identification corresponding to each request.
In a second aspect, the present invention further provides a system for identifying a tenant identifier, including:
The acquisition module is used for acquiring different types of requests sent by a user and acquiring a SaaS entry mode corresponding to each request;
the assembly module is used for analyzing and identifying a plurality of key parameters in each request and assembling each key parameter of each request into a tenant context object corresponding to the request;
The determining module is used for determining at least one tenant identification analyzer corresponding to each type of request according to the corresponding SaaS entry mode and determining a target analyzer corresponding to each type of request according to the analysis priority of each tenant identification analyzer;
and the analysis module is used for analyzing the corresponding tenant context object by utilizing the corresponding target analyzer for each type of each request to obtain the tenant identification corresponding to each request.
In a third aspect, the present invention further provides a computing device, including a memory, a processor, and a program stored on the memory and running on the processor, where the processor implements the steps of a method for identifying a tenant identity as described above when the program is executed by the processor.
In a fourth aspect, the present invention also provides a computer readable storage medium having instructions stored therein which, when executed on a terminal device, cause the terminal device to perform the steps of a method of identifying a tenant identity.
The beneficial effects of the invention are as follows: by utilizing the SaaS entry mode corresponding to the different types of requests, each type of request can determine at least one corresponding tenant identification resolver which can meet the identification requirement. And then determining a target analyzer corresponding to each request according to the priority of each tenant identification analyzer, analyzing the tenant context object corresponding to each request by utilizing each target analyzer, and determining the corresponding tenant identification, so that the tenant context objects are not required to be analyzed by other tenant identification analyzers except the target analyzers, and the tenant identification corresponding to each request can be determined while the data processing capacity is reduced. In this way, through the method, the requests of the types corresponding to each SaaS entry mode can be analyzed and identified, and the tenant identification corresponding to each request is determined, so that the identification requirements of the requests in different modes can be met.
Drawings
FIG. 1 is a flow chart of a method for identifying tenant identity according to the present invention;
FIG. 2 is a block diagram of a tenant identifier parser component of the present invention;
FIG. 3 is a schematic diagram of a configuration of a resolver strategy set according to the present invention;
FIG. 4 is an interactive schematic diagram of a method of identifying tenant identity according to the present invention;
FIG. 5 is another flow chart of a method for identifying tenant identity according to the present invention;
Fig. 6 is a schematic structural diagram of a system for identifying tenant identity according to the present invention.
Detailed Description
The following examples are further illustrative and supplementary of the present invention and are not intended to limit the invention in any way.
The following describes a method, a system, a computing device and a medium for identifying tenant identification in the embodiments of the present invention with reference to the accompanying drawings.
The method for identifying the tenant identification is applied to the terminal equipment, and the scheme of the application is explained by taking the terminal equipment as an execution main body, wherein the terminal equipment is used for executing the steps of the method for identifying the tenant identification.
As shown in fig. 1, the present invention provides a method for identifying tenant identity, which includes:
Step S1, obtaining different types of requests sent by a user, and obtaining a SaaS entry mode corresponding to each request;
step S2, analyzing and identifying a plurality of key parameters in each request, and assembling each key parameter of each request into a corresponding tenant context object;
Step S3, for each type, determining at least one tenant identification analyzer corresponding to each type of request according to a corresponding SaaS entry mode, and determining a target analyzer corresponding to each type of request according to analysis priority of each tenant identification analyzer;
step S4, for each type of each request, analyzing the corresponding tenant context object by using a corresponding target analyzer to obtain the tenant identification corresponding to each request.
According to the method for identifying the tenant identification, through utilizing the SaaS entry modes corresponding to the different types of requests, each type of request can determine at least one corresponding tenant identification analyzer capable of meeting the identification requirement. And then determining a target analyzer corresponding to each request according to the priority of each tenant identification analyzer, analyzing the tenant context object corresponding to each request by utilizing each target analyzer, and determining the corresponding tenant identification, so that the tenant context objects are not required to be analyzed by other tenant identification analyzers except the target analyzers, and the tenant identification corresponding to each type of request can be determined while the data processing amount is reduced. In this way, through the method, the requests of the types corresponding to each SaaS entry mode can be analyzed and identified, and the tenant identification corresponding to each request is determined, so that the identification requirements of the requests in different modes can be met.
In some embodiments, the tenant identity parser has stored therein an identification policy for parsing tenant context objects. The identification policy is a path context matching policy, HTTPHEADER matching policy, domain name matching policy, cookie matching policy or HttpSession matching policy; analyzing the corresponding tenant context object by using the corresponding target analyzer to obtain the tenant identifier corresponding to the request, wherein the method comprises the following steps:
Acquiring tenant identification from a context path of a corresponding tenant context object by using a corresponding path context matching strategy; or alternatively, the first and second heat exchangers may be,
Acquiring tenant identification from the head of the corresponding tenant context object by utilizing the corresponding HTTPHEADER matching strategy; or alternatively, the first and second heat exchangers may be,
Acquiring tenant identification from a host of a corresponding tenant context object by using a corresponding domain name matching strategy; or alternatively, the first and second heat exchangers may be,
Acquiring tenant identification from Cookies of corresponding tenant context objects by using corresponding Cookies matching strategies; or alternatively, the first and second heat exchangers may be,
And acquiring tenant identification from the session of the corresponding tenant context object by utilizing the corresponding HttpSession matching strategy.
Table 1 shows five identification strategies. Each identification strategy has unique strategy identification and description, so that the identification strategy is convenient to directly search when in subsequent use.
TABLE 1
Fig. 2 is a block diagram of a tenant identifier parser component of the present invention that is responsible for parsing tenant identifiers from HTTP requests. The tenant identifier is a unique identifier for distinguishing different tenants. As shown in fig. 2, tenantidentifierResolverComposite, representing a container for all tenant identity resolvers, will select the appropriate tenant identity resolver according to the SaaS entry schema of the request. factories Map < SaasEntryMode, function < SaasProperties, tenantidentifierResolver >, representing a constructor that maps SaaS entry schemas to tenant identity resolvers. Resolvers List < TenantidentifierResolver > represents a tenant identity resolver that contains all registered tenants. resolve (HttpServletRequest) Optional < String >, means that the appropriate tenant identity resolver will be invoked to obtain the tenant identity according to the requested SaaS entry schema. TenantidentifierResolver, which represents an interface that represents the resolution policies that define the identity resolvers of the various tenants, each implementation class of which is a resolution policy. resolve (HttpServletRequest) denotes that tenant identity is to be obtained from the request.
Wherein TenantidentifierResolver interfaces correspond to five implementation classes: 1. CookieTenantidentifierResolver, which represents obtaining the tenant identity from the Cookie in the request. SaasProperties, which represents the Saas configuration item. 2. CxtPathTenantidentifierResolver, representing the retrieval of tenant identity from the requested context path. 3. SessionTenantidentifierResolver, representing acquiring tenant identity from the requested session. 4. HostTenantidentifierResolver, representing obtaining a tenant identity from the requesting host. getHost (String) String, indicating that the tenant identity is obtained. 5. HeaderTenantidentifierResolver, representing the retrieval of tenant identity from the header of the request.
Before the method of the invention is executed, the corresponding configuration items are required to be declared in advance. Table 2 shows the configuration item declaration of the present invention. The configuration item is a preference setting item pushed for different application systems. Different logics are needed to be respectively realized due to different authentication systems, user structures and session modes of different applications, and a specific operation mode is needed to be selected according to the characteristics of an application system in actual use. By setting these configuration items, the recognition logic of tenant identification is customized in a lightweight manner.
TABLE 2
Specific matching rules are specified using a spring profile, such as the following configuration. This configuration is an item in the above-described configuration item declaration, and is simply a conversion of the naming of the hump form into the form of a short horizontal line. saas is the namespace for all configuration items. For example: header matching is preferentially used, context path matching is next, and configuration items of all strategies are specified. The corresponding codes are as follows:
Wherein TenantIdentifierResolverComposite classes are containers of all tenant identity resolvers. It will select the appropriate tenant identity resolver according to the resolution policy and specific request of the application configuration. factories attributes are Map types, mapping SaaS entry schemas to constructors of the tenant identity resolver. resolvers attributes are List types, containing all registered tenant identity resolvers.
The analysis strategy set internally realizes specific matching logic as follows:
FIG. 3 is a schematic configuration diagram of a resolver policy set of the present invention, where the resolver policy set obtains an enabled policy from SaaSProperties (SaaS configuration item) through GETMATCHING () to obtain a policy enumeration, and starts traversal as shown in FIG. 3; the get () then obtains the corresponding policy factory method (factories, the policy factory map) by enumeration and filters (Objects:: nonNull) the items that cannot be matched. Then factor. Apppy (properties) is imported, factory method is called, map () gets the object set of the resolver instance, and thus the configuration initialization of the resolving policy set is completed.
Optionally, for each type of request, determining at least one tenant identity resolver corresponding to each type of request according to a corresponding SaaS entry mode, including:
Screening at least one tenant identification parser containing information of SaaS entry modes of each type of request in a preset parser policy set for each type; the preset resolver strategy is stored with a plurality of tenant identification resolvers in a centralized mode, and one tenant identification resolver contains information of a type of SaaS entry mode.
In this embodiment, by setting a plurality of tenant identity resolvers in advance and storing information of SaaS entry modes of types corresponding to request types that each tenant identity resolver can resolve in a centralized manner to a preset resolver policy, when a terminal device receives a request, the corresponding tenant identity resolvers can be directly invoked in the preset resolver policy centralized manner according to the SaaS entry modes corresponding to the request, thereby improving the recognition efficiency of the request in different modes, and further realizing the recognition requirement of the request in different modes.
Optionally, for each type, determining the target resolver corresponding to each type of request according to the resolution priority of each tenant identification resolver corresponding to the request includes:
And for each type, acquiring the analysis priority of each tenant identification analyzer corresponding to each type of request, and taking the tenant identification analyzer with the highest analysis priority as a target analyzer corresponding to the request of the corresponding type.
In this embodiment, since the speed and the resource usage rate of each tenant identity resolver when resolving the corresponding tenant context object are different, it is generally necessary to sort the resolving order of each tenant identity resolver by considering both the resolving speed and the resource usage rate when resolving, and determine the resolving priority of each tenant identity. In this way, after determining each tenant resolver corresponding to the request, the tenant identification resolver with the highest resolution priority is used as the target resolver corresponding to the request, so that when the target resolver is subsequently utilized for the corresponding tenant context object, the resolution speed and the resource utilization rate during resolution are considered, and the resolution speed can be ensured, and the resource utilization rate can be improved.
Optionally, the method for identifying the identity of the tenant further comprises:
and sending each tenant identification to terminal equipment for display.
In this embodiment, each tenant identifier is sent to the terminal device for display, so that a user sending the request can intuitively know the tenant identifier condition corresponding to the request.
Optionally, the method for identifying the identity of the tenant further comprises:
and for each type, if the tenant identification analyzer corresponding to each type of request is not determined according to the corresponding SaaS entry mode, sending abnormal information of the response request to the terminal equipment.
In this embodiment, if the tenant identifier resolver corresponding to the request is not determined according to the SaaS entry mode corresponding to the request, the acquired request is in an abnormal state, so that the SaaS entry mode corresponding to the request cannot be identified normally, and therefore the tenant identifier resolver corresponding to the request cannot be determined. At the moment, the information of response request abnormality is sent to the terminal equipment, so that the user can be reminded of the request abnormality sent at the time, and the abnormality can be traced and processed in time.
Optionally, the method for identifying the identity of the tenant further comprises:
For each type, storing the tenant identification corresponding to each type of request into a cache, and deleting the corresponding tenant identification from the cache when each request is finished.
In this embodiment, after a general user sends a request, the terminal device executes service logic corresponding to the request. In the process, the corresponding tenant identification is only analyzed when the request is sent for the first time, and the analyzed tenant identification is stored in the cache, so that the data corresponding to the tenant identification can be directly used when the service logic corresponding to the request is executed, and the execution efficiency of the service logic is improved. When the request is finished, the corresponding tenant identification is deleted from the cache, and useless data in the cache can be cleaned in time, so that the resource utilization rate of the cache can be improved.
In some embodiments, in the function of needing to parse the tenant context, a predefined tenant context cache is called, and after the first parsing, the parsing is not repeated any more, so that the cached tenant context object is directly obtained.
The code of the specific implementation logic for automatically generating the tenant context cache is as follows:
The concrete implementation class of identifierResolver (tenant identity resolver) is the policy set obtained by TenantIdentifierResolverComposite combination. The policy set has already made clear at initialization which policies are used. The method in the code is described as follows: the getContext () method is used to obtain the current tenant context. The bound attribute is Optional < TenantContext > type, representing the currently cached temporary tenant context. The currentRequest () method returns the current request. The flatMap () method maps the current request to TenantIdentifierResolver object. The resolve () method obtains the tenant identity from the request. The map () method maps the tenant identity to TenantContext objects. orElseThrow () method if TenantContext object is empty, then the exception is thrown.
FIG. 4 is an interactive diagram of a method for identifying tenant identity according to the present invention, as shown in FIG. 4, a bound attribute of a request is determined, if the bound attribute is not null, the bound attribute is directly returned, and then a tenant context is obtained through getContext () (TenantContext), and through
Resolve (HttpServletRequest) calling a tenant identification analyzer (TenantldentifierResolver), determining a result of the target analyzer on the tenant context of the request, and obtaining the tenant identification, namely obtaining the tenant identification from the request, and returning the analysis result (namely, the tenant identification) through resolve (HttpServletRequest). Then creating a new context through create (), namely creating a new TenantContext object, if the acquisition fails, throwing out an exception, if the acquisition is successful, obtaining the context object through get (), calling a tenant identification analyzer by utilizing the new context object, determining a result of the requested tenant context after a target analyzer is determined, obtaining a tenant identification, and returning the tenant identification to the request through getContext (), namely displaying at the front end of the request.
Fig. 5 is another flow chart of a method for identifying tenant identity according to the present invention, as shown in fig. 5, a SaaS entry mode initiates a request, and then obtains a context of the request: the key parameters in the request are parsed and identified, and assembled into a context object. Then traversing the matching strategy in the strategy set according to the SaaS entry mode: traversing all policy sets, executing policies, returning an analysis result, wherein the analysis result is an optional value, and filtering the result by judging existence; if no matching item exists after traversing, an exception is thrown, namely, the request is responded to exception, and meanwhile, when the request is abnormal, the exception status code 400 is directly returned, and the reason is informed. Secondly, finding a matching first result: when traversing the matching, one or more strategies may be matched, and in the production environment, the first result may be selected. The priority of the strategy configuration item corresponding to the front is higher, and the analysis result returned by the strategy with the highest priority is taken as the first result. Again, the first result is put into cache: the first result is placed in a cache so that the next access can be obtained quickly without re-parsing. The cache is only available within the scope of a single request and the request is destroyed upon completion. And finally, responding to the data: and responding the data of the tenant to the foreground, namely returning the first result to the foreground end for display.
The invention provides a method for identifying tenant identifications, which utilizes configurable multimode identification tenant identifications under an HTTP protocol, and an enabling system flexibly completes the acquisition of tenant key identifications through any combination of one to a plurality of identification methods. According to the method, the tenant identification is identified in the HTTP request, and isolation of databases, business logic and the like is carried out according to the tenant identification, so that the safety and the data isolation of the multi-tenant system are realized.
The method of the invention has the following advantages: 1. configurable: the identification mode of the tenant identification can be configured according to the needs, so that the requirements of different scenes are met; 2. flexibility: the tenant identification can be identified in a plurality of modes, so that the identification accuracy is improved; 3. safety: through tenant data filtering, malicious requests are screened, and the security of the system is improved. The method can be applied to various multi-tenant systems, such as a SaaS system, a cloud computing system and the like, and can be used in combination with other multi-tenant isolation technologies to improve the safety and data isolation of the system. The method for identifying the tenant identification can achieve the following effects: 1. the tenant identification mechanism avoids malicious attacks on network requests to a great extent, correct tenant identifications are needed, accessible resources of each tenant are limited in a controllable range, and a system advanced middleware account and system permissions can be protected. 2. Five tenant identification strategies based on domain names, application contexts, session sessions, HTTP HEADER and Cookies are supported, the strategies can be combined to identify the tenants at will, no extra performance loss exists, and great expandability and convenience are provided for the access of a third party system. 3. The method supports the staticization of the strategy after the single application is started, can buffer the analysis result after one-time analysis, has high performance, and can be used in a high-concurrency production environment.
As shown in fig. 6, the present invention provides a system for identifying tenant identity, comprising:
The acquisition module is used for acquiring different types of requests sent by a user and acquiring a SaaS entry mode corresponding to each request;
the assembly module is used for analyzing and identifying a plurality of key parameters in each request and assembling each key parameter of each request into a tenant context object corresponding to the request;
The determining module is used for determining at least one tenant identification analyzer corresponding to each type of request according to the corresponding SaaS entry mode and determining a target analyzer corresponding to each type of request according to the analysis priority of each tenant identification analyzer;
and the analysis module is used for analyzing the corresponding tenant context object by utilizing the corresponding target analyzer for each type of each request to obtain the tenant identification corresponding to each request.
Optionally, the determining module is specifically configured to:
Screening at least one tenant identification parser containing information of SaaS entry modes of each type of request in a preset parser policy set for each type; the preset resolver strategy is stored with a plurality of tenant identification resolvers in a centralized mode, and one tenant identification resolver contains information of a type of SaaS entry mode.
Optionally, the determining module is specifically configured to:
And for each type, acquiring the analysis priority of each tenant identification analyzer corresponding to each type of request, and taking the tenant identification analyzer with the highest analysis priority as a target analyzer corresponding to the request of the corresponding type.
Optionally, the system for identifying the tenant identity further comprises a display module. The display module is specifically used for:
and sending each tenant identification to terminal equipment for display.
Optionally, the system for identifying the identity of the tenant further comprises an alarm module. The alarm module is specifically used for:
and for each type, if the tenant identification analyzer corresponding to each type of request is not determined according to the corresponding SaaS entry mode, sending abnormal information of the response request to the terminal equipment.
Optionally, the system for identifying tenant identity further comprises a storage module. The storage module is specifically used for:
For each type, storing the tenant identification corresponding to each type of request into a cache, and deleting the corresponding tenant identification from the cache when each request is finished.
The computing device of the embodiment of the invention comprises a memory, a processor and a program stored on the memory and running on the processor, wherein the processor realizes part or all of the steps of the method for identifying tenant identification when executing the program.
The computing device may be a computer, and correspondingly, the program is computer software, and the parameters and steps in the above embodiment of the method for identifying tenant identity are referred to in the above embodiments of the present invention, and are not described herein.
In the embodiment of the invention, a computer readable storage medium stores instructions, and when the instructions are running, the steps of the tenant identification method are executed.
The computer readable storage medium may be a transitory computer readable storage medium or a non-transitory computer readable storage medium.
Embodiments of the present disclosure may be embodied in a software product stored on a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of a method of embodiments of the present disclosure. The aforementioned computer-readable storage medium may be a non-transitory computer-readable storage medium comprising: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a random access Memory (RAM, randomAccess Memory), a magnetic disk, or an optical disk, and the like, and also may be a transitory computer readable storage medium.
Those skilled in the art will appreciate that the present invention may be implemented as a system, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: either entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or entirely software, or a combination of hardware and software, referred to herein generally as a "circuit," module "or" system. Furthermore, in some embodiments, the invention may also be embodied in the form of a computer program product in one or more computer-readable media, which contain computer-readable program code. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (10)
1. A method of identifying a tenant identity, comprising:
Different types of requests sent by a user are obtained, and SaaS entry modes corresponding to the requests are obtained;
analyzing and identifying a plurality of key parameters in each request, and assembling the key parameters of each request into corresponding tenant context objects;
For each type, determining at least one tenant identification analyzer corresponding to each type of request according to the corresponding SaaS entry mode, and determining a target analyzer corresponding to each type of request according to the analysis priority of each tenant identification analyzer;
and for each request of each type, analyzing the corresponding tenant context object by utilizing the corresponding target analyzer to obtain the tenant identification corresponding to each request.
2. The method of claim 1, wherein the determining, for each type, at least one tenant identity resolver for each type of the request according to the corresponding SaaS entry schema comprises:
Screening at least one tenant identification parser containing information of the SaaS entry mode of each type of request in a preset parser policy set for each type; the preset resolver strategy is stored with a plurality of tenant identification resolvers in a centralized mode, and one tenant identification resolver contains information of a type of SaaS entry mode.
3. The method of claim 1, wherein for each type, determining a target resolver for each type of request according to the resolution priority of the tenant identity resolver for each type of request comprises:
And for each type, acquiring the analysis priority of each tenant identification analyzer corresponding to the request of each type, and taking the tenant identification analyzer with the highest analysis priority as a target analyzer corresponding to the request of the corresponding type.
4. A method according to any one of claims 1 to 3, further comprising:
And sending each tenant identification to terminal equipment for display.
5. A method according to any one of claims 1 to 3, further comprising:
And for each type, if the tenant identification analyzer corresponding to the request of each type is not determined according to the corresponding SaaS entry mode, sending abnormal information of the response request to the terminal equipment.
6. A method according to any one of claims 1 to 3, further comprising:
for each type, storing the tenant identification corresponding to each type of request into a cache, and deleting the corresponding tenant identification from the cache when each type of request is finished.
7. A system for identifying a tenant identity, comprising:
The acquisition module is used for acquiring different types of requests sent by a user and acquiring a SaaS entry mode corresponding to each request;
The assembly module is used for analyzing and identifying a plurality of key parameters in each request and assembling the key parameters of each request into a tenant context object corresponding to the request;
The determining module is used for determining at least one tenant identification analyzer corresponding to each type of request according to the corresponding SaaS entry mode, and determining a target analyzer corresponding to each type of request according to the analysis priority of each tenant identification analyzer;
And the analysis module is used for analyzing the corresponding tenant context object by utilizing the corresponding target analyzer for each type of each request to obtain the tenant identification corresponding to each request.
8. The system according to claim 7, wherein the determining module is specifically configured to:
Screening at least one tenant identification parser containing information of the SaaS entry mode of each type of request in a preset parser policy set for each type; the preset resolver strategy is stored with a plurality of tenant identification resolvers in a centralized mode, and one tenant identification resolver contains information of a type of SaaS entry mode.
9. A computing device comprising a memory, a processor and a program stored on the memory and running on the processor, characterized in that the processor implements the steps of a method of identifying a tenant identity as claimed in any one of claims 1 to 6 when the program is executed.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein instructions, which when run on a terminal device, cause the terminal device to perform the steps of a method of identifying a tenant identity according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410024654.1A CN117938936A (en) | 2024-01-08 | 2024-01-08 | Method, system, computing device and medium for identifying tenant identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410024654.1A CN117938936A (en) | 2024-01-08 | 2024-01-08 | Method, system, computing device and medium for identifying tenant identification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117938936A true CN117938936A (en) | 2024-04-26 |
Family
ID=90755189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410024654.1A Pending CN117938936A (en) | 2024-01-08 | 2024-01-08 | Method, system, computing device and medium for identifying tenant identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117938936A (en) |
-
2024
- 2024-01-08 CN CN202410024654.1A patent/CN117938936A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2425449C2 (en) | Tracking state transition data in order to aid computer network security | |
| US20090037686A1 (en) | Application inspection tool for determining a security partition | |
| CN110609844A (en) | Data updating method, device and system | |
| CN111225082B (en) | Identity management method and device of Internet of things intelligent equipment and Internet of things platform | |
| US10382387B2 (en) | OID configuration, resolution method, client, node, database and storage medium | |
| CN110704476A (en) | Data processing method, device, equipment and storage medium | |
| KR102561083B1 (en) | Profile-based content and services | |
| CN107423037B (en) | Application program interface positioning method and device | |
| CN113037891B (en) | Access method and device for stateful application in edge computing system and electronic equipment | |
| CN108154024B (en) | Data retrieval method and device and electronic equipment | |
| CN110210241B (en) | Data desensitization method and device | |
| CN112905636A (en) | Data manipulation method, server, and computer-readable medium | |
| CN112052227A (en) | Data change log processing method and device and electronic equipment | |
| CN112084199A (en) | Scene-based general parameter maintenance method and device | |
| CN107018140B (en) | Authority control method and system | |
| CN117938936A (en) | Method, system, computing device and medium for identifying tenant identification | |
| CN112905617B (en) | Data writing method, server and computer readable storage medium | |
| US20150347402A1 (en) | System and method for enabling a client system to generate file system operations on a file system data set using a virtual namespace | |
| CN109101595A (en) | A kind of information query method, device, equipment and computer readable storage medium | |
| WO2021232860A1 (en) | Communication method, apparatus and system | |
| WO2021155529A1 (en) | Resource deletion method, apparatus, and device, and storage medium | |
| CN110389966B (en) | Information processing method and device | |
| CN114840574A (en) | Data query method, server, node and storage medium | |
| CN114553521A (en) | Remote memory access method, device, equipment and medium | |
| CN107562420B (en) | Linux environment network interface structure memory processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |