WO2019128007A1 - Procédé de connexion à un conteneur, serveur d'application, système et support de stockage - Google Patents

Procédé de connexion à un conteneur, serveur d'application, système et support de stockage Download PDF

Info

Publication number
WO2019128007A1
WO2019128007A1 PCT/CN2018/084466 CN2018084466W WO2019128007A1 WO 2019128007 A1 WO2019128007 A1 WO 2019128007A1 CN 2018084466 W CN2018084466 W CN 2018084466W WO 2019128007 A1 WO2019128007 A1 WO 2019128007A1
Authority
WO
WIPO (PCT)
Prior art keywords
control unit
container
random token
proxy server
unit address
Prior art date
Application number
PCT/CN2018/084466
Other languages
English (en)
Chinese (zh)
Inventor
刘俊杰
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019128007A1 publication Critical patent/WO2019128007A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Definitions

  • the present application relates to the field of computer technologies, and in particular, to a container login method, an application server, a system, and a storage medium.
  • the container technology provided by the Docker container allows several containers (Containers) to be run on the same host or virtual machine, each container being a separate virtual environment or application.
  • the Docker container provides the client with the ability to log in to the container, allowing the user to access the container to operate the container in the same way as the host or virtual machine.
  • Kubernetes is a Google container open source container orchestration tool that combines several Docker containers into a single service, dynamically allocating hosts running on containers.
  • Kubernetes locates the host where the container is located through the management unit of the cluster where the container resides, reads the docker socket on the host, and provides the websocket to the client.
  • the API way allows users to log in to the container directly using the Kubernetes API.
  • API requests expose the direct access of the cluster's snap-ins to the client; they cannot be combined with dynamic authentication.
  • the purpose of the present application is to provide a container login method, an application server, a system, and a storage medium, which combines the need for facilitating login of a container with dynamic authentication, and does not expose the cluster control unit.
  • the real address guarantees the security of the system.
  • a container login method includes the following steps:
  • control unit address is obtained according to the random token and returned to the proxy server, and the container login request is sent by the proxy server to the control unit. Address, which establishes a connection between the client and the control unit.
  • An application server for container login comprising: a processor, a memory, and a communication bus;
  • Storing on the memory is a computer readable program executable by the processor
  • the communication bus implements connection communication between the processor and the memory
  • the processor implements the steps in the container login method of any of the above, when the computer readable program is executed.
  • a computer readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement a container login method as described above A step of.
  • a container login system comprising a client and a proxy server, further comprising an application server logged in by the container as described above;
  • the application server is configured to receive a user-initiated container service access request and generate a random token; and query a control unit address of the cluster where the service to be accessed is located according to the container service access request, and the random token and the control unit The address is formed into a key value pair and stored in the cache; and when the container login request in the service to be accessed is received, the container login request and the random token are sent to the proxy server, wherein the container login request includes user account information And authenticating the user account information and the random token, if the authentication is passed, acquiring the control unit address according to the random token and returning to the proxy server;
  • the proxy server is configured to send the container login request to the control unit address to establish a connection between the client and the control unit.
  • the container login method receives a user-initiated container service access request and generates a random token;
  • the service access request queries the control unit address of the cluster where the service to be accessed is located, and stores the random token and the control unit address into a key value pair, and then stores the information in the cache; and when receiving the container login request in the service to be accessed,
  • the container login request and the random token are sent to the proxy server, where the container login request includes user account information; and then the user account information and the random token are authenticated, and if the authentication is passed, according to the random
  • the token acquires the control unit address and returns it to the proxy server, which sends the container login request to the control unit address to establish a connection between the client and the control unit.
  • FIG. 1 is a flowchart of a container login method provided by the present application.
  • step S20 is a flowchart of step S20 in the container login method provided by the present application.
  • step S23 is a flowchart of step S23 in the container login method provided by the present application.
  • step S30 is a flowchart of step S30 in the container login method provided by the present application.
  • FIG. 5 is a flowchart of step S40 in the container login method provided by the present application.
  • FIG. 6 is a flowchart of step S43 in the container login method provided by the present application.
  • FIG. 7 is a schematic diagram of an operating environment of a preferred embodiment of a container login procedure of the present application.
  • FIG. 8 is a functional block diagram of a system for installing a container login program according to a preferred embodiment of the present application.
  • FIG. 9 is a structural block diagram of an application server for container login provided by the present application.
  • Kubernetes is a Google container open source container orchestration tool, which can realize the functions of combining several Docker containers into one service and dynamically allocating the host running the container.
  • Kubernetes Service is the Kubernetes service is a collection of several containers, a Service can provide services for users;
  • Kubernetes cluster refers to a group of hosts or virtual machines, used to run Kubernetes services, the containers within the services of Kubernetes actually run in the cluster On each node host; each Kubernetes cluster has one and only one control unit, namely Kubernetes Master, used to schedule and manage Kubernetes services, such as allocating a container of a service to a node in the cluster.
  • Kubernetes Master is a process that runs on a host or virtual machine.
  • the container login method provided by the present application includes the following steps:
  • the client when the user enters the Kubernetes service page, the client requests access to the container service. At this time, the client receives the container service access request and generates a random token, where the container service access request includes the service name and the container name to be accessed. And information such as user permissions.
  • the service unit and the container information in the container service access request are used to query the control unit address of the cluster in which the service to be accessed is located.
  • the container Since the management of Kubernetes, the container is organized in the form of a service, and the container may be Drift on different hosts to achieve higher availability. The user does not need to know which host the container to log in on, only need to know the container name, the service and the cluster, and then command kubectl through the Kubernetes client. Exec or websocket that calls the Kubernetes control unit
  • the API can log in to the container.
  • the dynamic authentication and control unit address query in the subsequent login operation encapsulates the control unit address of the cluster to improve the security of the system.
  • FIG. 2 is a flowchart of step S20 in the container login method provided by the present application.
  • the step S20 includes:
  • the random token is used as a key and a control unit address as a value to form a key value pair, and then stored in a cache.
  • the container service after receiving the container service request, according to the service information to be accessed in the request, that is, the service name, the container name, and the user authority, etc., first verify whether the user has the right to access the service, if the authority is verified. Passing, the container service access request is forwarded to the container service, the container service obtains the Kubernetes cluster name of the container according to the service name and the container name in the request, and accesses the database, and receives the database query according to the Kubernetes cluster name. The control unit address of the Kubernetes cluster. After that, the container service will generate the random token key and the obtained control unit address as the value ⁇ random token, control unit address> key-value pair, and store it in the cache for subsequent call query. .
  • the random token is returned to the front end page of the client and saved as a variable, and the timeout period of the random token is set to be consistent with the timeout period of the system session, that is, each time the user enters the Kubernetes service page, a random order is generated. Cards and key-value pairs. If the user enters the Kubernetes service page again after exiting, a new random token will be generated again. The last saved random token will expire with the timeout, and will be generated each time the service page is entered. A new ⁇ random token, control unit address> key-value pair is used for the user to log in to the container, improving subsequent authentication and login security.
  • FIG. 3 is a flowchart of step S23 in the container login method provided by the present application.
  • the step S23 includes:
  • the random token is used as a key and a control unit address as a value to form a key value pair.
  • the generated random token and the obtained control unit address are first composed of a ⁇ random token, a control unit address> key value pair, and then the cache (such as redis) is checked. Is there a key-value pair with the same random token as the key, if there is, then regenerate a new random token, compose the new key-value pair and check again, if not, directly store the current key-value pair in the cache. To avoid the occurrence of the case where the same random token is used as the key and the different control unit addresses are used as the value in the cache, and the accuracy of the subsequent acquisition of the control unit address is ensured.
  • a container login request is initiated, and the container login request includes user account information, and the container login request and the random order are received after receiving the container login request.
  • the card is sent to the proxy server, and the subsequent login process is performed through the proxy server.
  • the proxy server adopts Nginx, which is an open source proxy service, which can proxy the request initiated by the user and forward the request, which can be avoided by the proxy server. Expose the real control unit address when logging in to the container to ensure the security of the system.
  • FIG. 4 is a flowchart of step S30 in the container login method provided by the present application.
  • the step S30 includes:
  • the user triggers the login request through the login container virtual button on the Kubernetes service detail page.
  • the user carries the user account information and the random token to send the container login request to the proxy server.
  • the user account information includes a username, a password, and a user authority, and the like.
  • the user account information and the random token are first authenticated, and the user account information and the random token are verified to be correct, if the authentication is performed. Passing the red token in the cache according to the random token to obtain the corresponding control unit address and returning to the proxy server, and the proxy server sends the container login request to the control unit address to establish a connection between the client and the control unit.
  • the user can directly log in to the container from the existing Kubernetes container service platform to ensure the convenience of the container login, and at the same time, the user is authenticated when the container is logged in, thereby solving the user's need for convenient login and permission authentication.
  • FIG. 5 is a flowchart of step S40 in the container login method provided by the present application.
  • the step S40 includes:
  • control unit address is obtained according to the random token and returned to the proxy server, and the proxy login request is sent by the proxy server to the control unit address to establish a connection between the client and the control unit.
  • the proxy server after receiving the login container request, the proxy server first initiates a sub-request for obtaining the control unit address.
  • Nginx is used as the proxy server, and Nginx has an open source module ngx_http_auth_request_module that provides the sub-request function, that is, Before Nginx forwards the received request to its proxy's real service, it first initiates a subrequest. Only when the subrequest's response is normal (response status code is 200-299), the original request is forwarded.
  • the proxy server receives After the request to the login container, the login container request is not immediately forwarded, but the user account information and the random token are first sent to the authentication service to initiate a sub-request for obtaining the control unit address, and the authentication service pairs the user account information and the random request.
  • the token is authenticated and the authentication result is returned to the proxy server; specifically, the authentication service verifies that the user account information is correct, including verifying that the username and password are correct, whether the user has permission to log in to the container, etc., if correct, the control will be acquired.
  • the sub-request of the unit address is forwarded to the container service; otherwise it does not turn The sub-request, the authentication failure information is returned directly to the proxy server.
  • the authentication service will intercept the request and return an unauthorized response, so the sub-request fails, and the proxy server does not forward the request to the real control unit address;
  • the authentication service forwards the sub-request to the container service, and the container service obtains the corresponding control unit address in the cache according to the random token. Therefore, before the user logs in the container, the authentication service is combined with the authentication service to perform the dynamic authority authentication on the account information, so as to implement the combination of the convenient login and the dynamic authentication.
  • FIG. 6 is the step of the container login method provided by the present application. Flowchart of S43.
  • the step S43 includes:
  • the container service searches for a corresponding control unit address in the cache according to the random token.
  • the proxy server sends the container login request to the control unit address to establish a connection between the client and the control unit.
  • the container service After the user account information is verified and the authentication service forwards the sub-request to the container service, the container service searches the cache for the corresponding control unit address according to the random token. If the random token is missing or incorrect, the cache is cached. According to the random token, the real control unit address cannot be obtained, the response is not found, the sub-request fails, the proxy server does not forward the request to the real control unit address; if the random token is correct, the container service is based on the random token. The corresponding control unit address is obtained in the cache and returned to the proxy server. At this time, the sub-request is successful, and the proxy server forwards the original container login request to the corresponding control unit, and accesses the websocket of the control unit.
  • API which establishes a connection for the client and the control unit, allows the client to successfully log in to the container, and implements the encapsulation of the real address of the cluster control unit that needs to be accessed by the login container. The user cannot intercept the information and ensure the security of the system. .
  • the application further provides an application server for registering a container, and the application server for registering the container may be a mobile terminal, a desktop computer, a notebook, a palmtop computer, a server, or the like. Computing device.
  • the application server to which the container logs in includes the processor 10, the memory 20, and the display 30.
  • Figure 7 shows only some of the components of the application server to which the container logs in, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 20 may be, in some embodiments, an internal storage unit of the application server to which the container logs in, such as a hard disk or memory of an application server to which the container logs.
  • the memory 20 may also be an external storage device of the application server that the container logs in, for example, a plug-in hard disk equipped on the application server of the container login, and a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, flash card (Flash) Card) and so on.
  • the memory 20 may also include an internal storage unit of the application server to which the container is logged in, and an external storage device.
  • the memory 20 is configured to store application software and various types of data of an application server installed in the container, for example, a program code of an application server to which the installation container logs in.
  • the memory 20 can also be used to temporarily store data that has been output or is about to be output.
  • a container login program 40 is stored on the memory 20, and the container login program 40 can be executed by the processor 10 to implement the container login method of the present application.
  • the processor 10 may be a central processing unit (Central Processing Unit) in some embodiments.
  • the display 30 may be an LED display, a liquid crystal display, a touch liquid crystal display, and an OLED (Organic) in some embodiments. Light-Emitting Diode, organic light emitting diodes), etc.
  • the display 30 is for displaying information of an application server registered in the container and a user interface for displaying visualization.
  • the processor 10 executes the container login program 40 in the memory 20, the steps of the embodiments in the container login method are implemented, and details are not described herein.
  • FIG. 8 is a functional block diagram of a system for installing a container login program according to a preferred embodiment of the present application.
  • the system for installing the container login program may be divided into one or more modules, the one or more modules being stored in the memory 20 and being composed of one or more processors (this embodiment) Executed for the processor 10) to complete the application.
  • the system in which the container login program is installed may be divided into a generation module 21, a query module 22, a login module 23, and an authentication acquisition module 24.
  • a module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than the program to describe the execution process of the container login program in the application server to which the container is logged. The following description will specifically describe the functions of the modules 21-24.
  • Generating block 21 configured to receive a user-initiated container service access request and generate a random token
  • the querying module 22 is configured to query, according to the container service access request, a control unit address of a cluster where the service to be accessed is located, and store the random token and the control unit address into a key value pair and store the information in the cache;
  • the login module 23 is configured to send the container login request and the random token to the proxy server when receiving the container login request in the to-be-accessed service, where the container login request includes user account information;
  • the authentication obtaining module 24 is configured to authenticate the user account information and the random token. If the authentication succeeds, the control unit address is obtained according to the random token and returned to the proxy server.
  • the query module 22 specifically includes:
  • a name obtaining unit configured to acquire a cluster name and access a database according to the to-be-accessed service information in the container service access request;
  • a receiving unit configured to receive, by the database, the control unit address of the cluster that is queried according to the cluster name;
  • a generating unit configured to store the random token as a key, a control unit address as a value, and then store the key value pair in a cache.
  • the generating unit includes:
  • a key-value pair generating sub-unit configured to use the random token as a key and a control unit address as a value to form a key-value pair;
  • the search unit is configured to search whether there is a key value pair with the same random token as a key in the cache, and regenerate the random token if it exists; if not, the current key value pair is stored in the cache.
  • the login module 23 includes:
  • a detecting unit configured to detect whether a virtual button of the login container in the service to be accessed is triggered
  • a sending unit configured to send a container login request and a random token to the proxy server when the virtual button of the login container is triggered, where the container login request includes user account information.
  • the authentication obtaining module 24 includes:
  • a sub-requesting initiation unit configured to initiate a sub-request for obtaining an address of the control unit according to the user account information and the random token;
  • An authentication unit configured to authenticate the user account information and the random token, and return an authentication result to the proxy server;
  • the address obtaining unit is configured to acquire the control unit address according to the random token and return to the proxy server when the authentication is passed.
  • the address obtaining unit includes:
  • An address search subunit for the container service to search for a corresponding control unit address in the cache according to the random token
  • the feedback sub-unit is configured to return the sub-request failure information to the proxy server if the random token is missing or incorrect; if the random token is correct, the corresponding control unit address is obtained and returned to the proxy server.
  • the present application further provides a container login system.
  • the client 101, the proxy server 102, and the container login application server 103 as described above are included.
  • the application server 103 is configured to receive a user-initiated container service access request and generate a random token; and query a control unit address of the cluster where the service to be accessed is located according to the container service access request, and the random token and The control unit address is stored in the cache after the key value pair is formed; and when the container login request in the service to be accessed is received, the container login request and the random token are sent to the proxy server 102, wherein the container login request includes User account information; and authenticating the user account information and the random token, if the authentication is passed, acquiring the control unit address according to the random token and returning to the proxy server 102; the proxy server 102 is configured to The login request is sent to the control unit address to establish a connection between the client 101 and the control unit.
  • the container login method receives a user-initiated container service access request and generates a random token; and then accesses according to the container service.
  • the need to facilitate the login of the container is combined with dynamic authentication, and the real address of the cluster control unit is not exposed to ensure the security of the system.
  • a computer program to instruct related hardware (such as a processor, a controller, etc.), and the program can be stored in one.
  • the program when executed, may include the processes of the various method embodiments as described above.
  • the storage medium described therein may be a memory, a magnetic disk, an optical disk, or the like.

Abstract

La présente invention concerne un procédé de connexion à un conteneur, un serveur d'application, un système et un support de stockage, le procédé comprenant : réception d'une demande d'accès à un service de conteneur initiée par un utilisateur et génération d'un jeton aléatoire ; interrogation d'une adresse d'unité de commande d'un groupe dans lequel, selon la demande d'accès au service de conteneur, se trouve un service auquel il faut accéder, et regroupement du jeton aléatoire et de l'adresse d'unité de commande en une paire de valeurs de clé puis stockage de celle-ci dans une mémoire cache ; lors de la réception d'une demande de connexion à un conteneur dans le service auquel il faut accéder, envoi de la demande de connexion au conteneur et du jeton aléatoire à un serveur proxy, la demande de connexion au conteneur comprenant des informations de compte d'utilisateur ; authentification des informations de compte d'utilisateur et du jeton aléatoire, et si l'authentification est réussie, obtention de l'adresse d'unité de commande selon le jeton aléatoire et renvoi de celle-ci au serveur proxy, puis envoi, au moyen du serveur proxy, de la demande de connexion au conteneur à l'adresse d'unité de commande afin d'établir une connexion pour un client et l'unité de commande. Une connexion à un conteneur et une authentification dynamique commodes sont réalisées sans exposer l'adresse réelle de l'unité de commande de groupe, ce qui permet d'assurer la sécurité du système.
PCT/CN2018/084466 2017-12-29 2018-04-25 Procédé de connexion à un conteneur, serveur d'application, système et support de stockage WO2019128007A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711482082.8A CN107948203B (zh) 2017-12-29 2017-12-29 一种容器登录方法、应用服务器、系统及存储介质
CN201711482082.8 2017-12-29

Publications (1)

Publication Number Publication Date
WO2019128007A1 true WO2019128007A1 (fr) 2019-07-04

Family

ID=61938062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/084466 WO2019128007A1 (fr) 2017-12-29 2018-04-25 Procédé de connexion à un conteneur, serveur d'application, système et support de stockage

Country Status (2)

Country Link
CN (1) CN107948203B (fr)
WO (1) WO2019128007A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500537A (zh) * 2022-03-24 2022-05-13 杭州博盾习言科技有限公司 容器服务的访问方法、系统、存储介质及电子设备

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107948203B (zh) * 2017-12-29 2019-09-13 平安科技(深圳)有限公司 一种容器登录方法、应用服务器、系统及存储介质
CN109104417B (zh) * 2018-07-24 2021-08-20 成都安恒信息技术有限公司 一种运用于运维审计系统的用户鉴权和选路方法
CN110912865A (zh) * 2018-09-18 2020-03-24 深圳市鸿合创新信息技术有限责任公司 一种安全访问控制方法及服务器、电子设备
CN109543129B (zh) * 2018-10-26 2022-04-12 深圳点猫科技有限公司 一种基于教育资源平台的网络请求方法及装置
CN111245774B (zh) * 2018-11-29 2023-09-26 阿里巴巴集团控股有限公司 资源请求处理方法、装置和系统
CN109831435B (zh) * 2019-01-31 2021-06-01 广州银云信息科技有限公司 一种数据库操作方法、系统及代理服务器和存储介质
US11128617B2 (en) * 2019-01-31 2021-09-21 Baidu Usa Llc Token based secure multiparty computing framework using a restricted operating environment
CN110175077A (zh) * 2019-05-27 2019-08-27 浪潮云信息技术有限公司 一种基于命令管理容器资源的方法及系统
CN117215635A (zh) * 2019-06-28 2023-12-12 杭州海康威视数字技术股份有限公司 任务处理方法、装置及存储介质
CN112994909B (zh) * 2019-12-12 2022-12-06 北京金山云网络技术有限公司 管理Kubernetes集群的方法、装置、设备及存储介质
CN113141386B (zh) * 2020-01-19 2023-01-06 北京百度网讯科技有限公司 私有网络中Kubernetes集群的接入方法、装置、设备和介质
CN111629059B (zh) * 2020-05-27 2022-12-16 浪潮电子信息产业股份有限公司 一种集群通信方法、系统、设备及计算机可读存储介质
CN111726399B (zh) * 2020-06-08 2022-10-18 中国工商银行股份有限公司 Docker容器安全访问方法及装置
CN113742711A (zh) * 2020-10-20 2021-12-03 北京沃东天骏信息技术有限公司 容器访问的方法和装置
CN112383613B (zh) * 2020-11-11 2023-05-12 杭州飞致云信息科技有限公司 容器集群系统的管理方法和装置
CN112306640A (zh) * 2020-11-12 2021-02-02 广州方硅信息技术有限公司 容器分配方法及其装置、设备、介质
CN113630447B (zh) * 2021-07-22 2023-04-07 济南浪潮数据技术有限公司 一种基于web的云服务提供方法、系统及存储介质
CN113938289B (zh) * 2021-08-31 2024-03-01 联通沃音乐文化有限公司 一种代理客户端预防拦截机制被滥用和攻击的系统和方法
CN114050911B (zh) * 2021-09-27 2023-05-16 度小满科技(北京)有限公司 一种容器远程登录方法及系统
CN114615329A (zh) * 2022-03-08 2022-06-10 北京从云科技有限公司 一种无客户端sdp架构实现方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685949A (zh) * 2016-12-24 2017-05-17 上海七牛信息技术有限公司 一种容器访问方法、装置以及系统
CN106899544A (zh) * 2015-12-17 2017-06-27 腾讯科技(深圳)有限公司 基于Docker的容器登录方法、装置和系统
CN107395642A (zh) * 2017-08-31 2017-11-24 郑州云海信息技术有限公司 基于Websocket访问启动TLS认证的Docker容器的方法及系统
CN107493344A (zh) * 2017-08-29 2017-12-19 郑州云海信息技术有限公司 一种Web访问Docker容器的方法及系统
CN107948203A (zh) * 2017-12-29 2018-04-20 平安科技(深圳)有限公司 一种容器登录方法、应用服务器、系统及存储介质

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101810762B1 (ko) * 2015-12-07 2017-12-19 한양대학교 에리카산학협력단 클라우드 환경에서 hdfs 기반의 도커 컨테이너 보안 로그 분석 방법 및 시스템

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899544A (zh) * 2015-12-17 2017-06-27 腾讯科技(深圳)有限公司 基于Docker的容器登录方法、装置和系统
CN106685949A (zh) * 2016-12-24 2017-05-17 上海七牛信息技术有限公司 一种容器访问方法、装置以及系统
CN107493344A (zh) * 2017-08-29 2017-12-19 郑州云海信息技术有限公司 一种Web访问Docker容器的方法及系统
CN107395642A (zh) * 2017-08-31 2017-11-24 郑州云海信息技术有限公司 基于Websocket访问启动TLS认证的Docker容器的方法及系统
CN107948203A (zh) * 2017-12-29 2018-04-20 平安科技(深圳)有限公司 一种容器登录方法、应用服务器、系统及存储介质

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500537A (zh) * 2022-03-24 2022-05-13 杭州博盾习言科技有限公司 容器服务的访问方法、系统、存储介质及电子设备

Also Published As

Publication number Publication date
CN107948203B (zh) 2019-09-13
CN107948203A (zh) 2018-04-20

Similar Documents

Publication Publication Date Title
WO2019128007A1 (fr) Procédé de connexion à un conteneur, serveur d'application, système et support de stockage
WO2019227557A1 (fr) Procédé de gestion de clé, dispositif, support de stockage et appareil
US10148643B2 (en) Authenticating or controlling software application on end user device
US10230725B2 (en) Edge protection for internal identity providers
WO2019127971A1 (fr) Procédé de synchronisation d'images pour registre d'images, système, dispositif et support d'informations
US10902107B2 (en) Information processing system, information processing device, server device, method of controlling information processing system, and program
WO2019192085A1 (fr) Procédé, appareil et dispositif pour une communication à connexion directe entre une banque et une entreprise, et support de stockage lisible par ordinateur
WO2016169410A1 (fr) Procédé et dispositif d'ouverture de session, serveur et système d'ouverture de session
US20190253251A1 (en) Information processing system and control method therefor
US10447682B1 (en) Trust management in an electronic environment
WO2013065915A1 (fr) Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
US10826895B1 (en) System and method for secure authenticated user session handoff
WO2020189926A1 (fr) Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2020189927A1 (fr) Procédé et serveur de gestion de l'identité d'un utilisateur à l'aide d'un réseau de chaîne de blocs, et procédé et terminal d'authentification d'utilisateur à l'aide d'une identité d'utilisateur sur la base d'un réseau de chaîne de blocs
US20170357799A1 (en) Tracking and managing multiple time-based one-time password (TOTP) accounts
WO2020224247A1 (fr) Procédé, appareil et dispositif de provenance de données basés sur la chaine de blocs, et support d'informations lisible
WO2018098881A1 (fr) Procédé et dispositif de traitement d'accès pour application
WO2019218441A1 (fr) Procédé et appareil de traitement des requêtes, dispositif et support d'enregistrement
US20180343118A1 (en) Method employed in user authentication system and information processing apparatus included in user authentication system
WO2019161597A1 (fr) Procédé, appareil et dispositif d'envoi d'informations sur la base d'une messagerie instantanée, et support d'informations
US11050560B2 (en) Secure reusable access tokens
CN111965996A (zh) 智能设备控制方法、装置、设备和存储介质
WO2018076870A1 (fr) Procédé et appareil de traitement de données, support de stockage, serveur, et système de traitement de données
CN111737232A (zh) 数据库管理方法、系统、装置、设备及计算机存储介质
WO2019024472A1 (fr) Procédé et dispositif d'opération de données et support d'informations lisible par ordinateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18894428

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07.10.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18894428

Country of ref document: EP

Kind code of ref document: A1