[go: up one dir, main page]

CN105100051A - Method and system for realizing data resource access right control - Google Patents

Method and system for realizing data resource access right control Download PDF

Info

Publication number
CN105100051A
CN105100051A CN201510288422.8A CN201510288422A CN105100051A CN 105100051 A CN105100051 A CN 105100051A CN 201510288422 A CN201510288422 A CN 201510288422A CN 105100051 A CN105100051 A CN 105100051A
Authority
CN
China
Prior art keywords
data resource
resource access
application example
authority information
access authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510288422.8A
Other languages
Chinese (zh)
Other versions
CN105100051B (en
Inventor
李宏宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jingdong Yuan Yuan Letter Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201510288422.8A priority Critical patent/CN105100051B/en
Publication of CN105100051A publication Critical patent/CN105100051A/en
Application granted granted Critical
Publication of CN105100051B publication Critical patent/CN105100051B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a method and system for realizing data resource access right control. A server performs local cache on configuration files of the access right information of data resources used by each application example, and after an access data resource request of a corresponding application example is received, the data resource access right information locally cached and to be used by the application example is directly called for access verification, therefore, data resource access efficiency is improved.

Description

实现数据资源访问权限控制的方法及系统Method and system for realizing data resource access control

技术领域technical field

本发明涉及计算机领域,特别涉及一种实现数据资源访问权限控制的方法及系统。The invention relates to the field of computers, in particular to a method and system for realizing data resource access authority control.

背景技术Background technique

在大型的计算机网络系统中,比如线上生产系统,往往具有很多的数据资源的客户端,同时或不同时的调用计算机网络系统中的服务器上的数据资源。但是,当调用访问请求的数量很大时,就会造成被调用的服务器的异常,最终导致服务器崩溃。为了解决这一问题,可以为计算机网络系统中的客户端设置优先级,按照优先级的高低,由服务器依次服务这些客户端,为这些客户端提供数据资源,从而保证计算机系统的正常运行。In a large-scale computer network system, such as an online production system, clients with many data resources often call data resources on servers in the computer network system at the same time or at different times. However, when the number of invoking access requests is large, it will cause an exception of the called server, and finally cause the server to crash. In order to solve this problem, priority can be set for the clients in the computer network system, and according to the priority, the server will serve these clients one by one and provide data resources for these clients, thus ensuring the normal operation of the computer system.

在计算机网络系统中的服务器中,预先设置配置文件,存储在服务器的系统硬盘上,包括了对数据资源访问权限信息。当服务器处理客户端的数据资源访问请求时,服务器将系统硬盘上的配置文件读取到内存中,根据配置文件中设置的对数据资源访问权限信息确定业务逻辑,是否为客户端提供数据资源。当对数据资源的访问权限信息进行更新或调整时,如果该信息对应了多个应用实例,则在配置文件中的这多个应用实例下的数据资源访问权限信息都需要进行一一更新或调整,且在更新或调整完成后,需要重启服务器,以重新加载配置文件中的这些更新或调整了数据资源访问权限信息的应用实例。In the server in the computer network system, the configuration file is preset and stored on the system hard disk of the server, including information on access rights to data resources. When the server processes the data resource access request of the client, the server reads the configuration file on the system hard disk into the memory, and determines whether to provide data resources for the client according to the business logic set in the configuration file according to the data resource access information. When updating or adjusting the access permission information of a data resource, if the information corresponds to multiple application instances, the data resource access permission information under the multiple application instances in the configuration file needs to be updated or adjusted one by one , and after the update or adjustment is completed, the server needs to be restarted to reload the updated or adjusted application instances in the configuration file.

上述服务器对数据资源访问权限的控制方法存在缺点:第一,每次接受到数据资源访问请求时,都需要将系统硬盘上的配置文件加载到内存中,系统硬盘的读取操作耗时严重,影响了服务器处理数据资源访问请求的效率,从而影响了计算机网络系统中的数据资源访问效率;第二,在更新或调整数据资源访问权限时,需要修改配置文件且需要重新服务器,才能完成配置文件的更新,服务器重启过程中无法为计算机网络系统提供数据资源的访问,这在高并发大访问量的环境下,导致大量请求被拒绝或者给计算机网络系统中的其他服务器带来更大的流量压力;第三,配置文件中,与数据资源访问权限信息相关的应用实例都需要逐一修改或更新,改错或改动不一致风险比较大。There are disadvantages in the above-mentioned server’s control method for data resource access rights: first, every time a data resource access request is received, the configuration file on the system hard disk needs to be loaded into the memory, and the read operation of the system hard disk is time-consuming. It affects the efficiency of the server in processing data resource access requests, thereby affecting the efficiency of data resource access in the computer network system; second, when updating or adjusting data resource access permissions, the configuration file needs to be modified and the server needs to be restarted to complete the configuration file In the process of restarting the server, the computer network system cannot provide access to data resources. This will cause a large number of requests to be rejected or bring greater traffic pressure to other servers in the computer network system in an environment with high concurrency and large access volume. ;Third, in the configuration file, the application instances related to the data resource access permission information need to be modified or updated one by one, and the risk of making mistakes or changing inconsistencies is relatively high.

发明内容Contents of the invention

有鉴于此,本发明实施例提供一种实现数据资源访问权限控制的方法,该方法能够提高数据资源访问权限的效率。In view of this, an embodiment of the present invention provides a method for implementing data resource access authority control, which can improve the efficiency of data resource access authority.

本发明实施例还提供一种实现数据资源访问权限控制的系统,该系统能够提高数据资源访问的效率。The embodiment of the present invention also provides a system for realizing data resource access authority control, which can improve the efficiency of data resource access.

根据上述目的,本发明是这样实现的:According to above-mentioned purpose, the present invention is achieved like this:

一种实现数据资源访问权限控制的方法,该方法包括:A method for implementing data resource access control, the method comprising:

计算机网络系统的服务器将每个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存;The server of the computer network system caches locally the configuration file to which the data resource access permission information to be used by each application instance belongs;

接收到计算机网络系统中的客户端发送的对应应用实例的访问数据资源请求后,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证,返回验证结果。After receiving the data resource access request corresponding to the application instance sent by the client in the computer network system, it directly invokes the locally cached data resource access permission information to be used by the application instance for access verification, and returns the verification result.

所述每一个应用实例所要使用的数据资源访问权限信息所属的配置文件采用hash表方式缓存。The configuration file to which the data resource access authority information to be used by each application instance belongs is cached in the form of a hash table.

该方法还包括:The method also includes:

在服务器包括一个日志型的键值数据库,存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志。The server includes a log-type key-value database, which stores data resource access permission information to be used by each application instance, and when updating, updates the data resource access permission information to be used by the application instance in the database and identifies an update flag.

所述日志型的键值数据库采用redis组件实现,所述该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志采用hash表方式存储。The log-type key-value database is realized by the redis component, and the data resource access authority information and identification update flags to be used by the application instances in the database are stored in a hash table.

该方法还包括:所述本地缓存的每个应用实例定时异步访问所述数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息。The method further includes: each application instance in the local cache regularly and asynchronously accesses the database, acquires the updated data resource access permission information used by the application instance, and overwrites the data resource access information used by the application instance in the cache permission information.

所述应用实例异步定时访问所述数据库为采用异步定时线程完成。The asynchronous timing access of the application instance to the database is completed by using an asynchronous timing thread.

一种实现数据资源访问权限控制的系统,包括:本地缓存单元、请求响应单元及验证单元,其中,A system for implementing data resource access control, including: a local cache unit, a request response unit, and a verification unit, wherein,

本地缓存单元,用于将每一个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存;The local cache unit is used to locally cache the configuration file to which the data resource access permission information to be used by each application instance belongs;

请求响应单元,接收到计算机网络系统中的客户端发送的对应应用实例的访问数据资源请求;The request response unit receives the data resource access request corresponding to the application instance sent by the client in the computer network system;

验证单元,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证,返回验证结果。The verification unit directly invokes the locally cached data resource access authority information to be used by the application instance to perform access verification, and returns a verification result.

还包括日志型的键值数据库,用于存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,直接更新应用实例所要使用的数据资源访问权限信息并标识更新标志。It also includes a log-type key-value database, which is used to store the data resource access permission information to be used by each application instance. When updating, directly update the data resource access permission information to be used by the application instance and identify the update flag.

所述本地缓存单元,还用于每个应用实例定时异步访问所述日志型的键值数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息。The local cache unit is also used for each application instance to regularly and asynchronously access the log-type key-value database to obtain the updated data resource access permission information used by the application instance, and to overwrite the data resources used by the application instance in the cache. The data resource access permission information of .

由上述方案可以看出,本发明实施例的服务器将每一个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存,当接收到对应应用实例的访问数据资源请求后,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证。这样,就不需要像背景技术那样,每次接收到访问数据资源请求后,都到系统硬盘中读取配置文件进行验证,提高了数据资源访问效率。进一步地,在服务器还包括一个日志型的键值数据库,存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,直接更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识,本地缓存的应用实例定时访问该数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息,从而不需要在更新数据资源访问权限信息时,重新启动服务器,防止计算机网络系统中的访问流量压力。It can be seen from the above scheme that the server in the embodiment of the present invention caches locally the configuration file to which the data resource access authority information to be used by each application instance belongs, and directly calls the local The cached data resource access permission information to be used by the application instance is used for access verification. In this way, it is not necessary to read the configuration file from the system hard disk for verification every time a data resource access request is received, as in the background technology, which improves the data resource access efficiency. Further, the server also includes a log-type key-value database, which stores the data resource access permission information to be used by each application instance, and when updating, directly updates the data resource access permission information to be used by the application instance in the database And identify that the locally cached application instance regularly accesses the database to obtain the updated data resource access permission information used by the application instance, and overwrite the data resource access permission information used by the application instance in the cache, so that there is no need to update When accessing the data resource access rights information, restart the server to prevent access traffic pressure in the computer network system.

附图说明Description of drawings

图1为本发明实施例提供的一种实现数据资源访问权限控制的方法流程图;FIG. 1 is a flow chart of a method for implementing data resource access authority control provided by an embodiment of the present invention;

图2为本发明实施例提供的一种实现数据资源访问权限控制的方法具体例子流程图;FIG. 2 is a flow chart of a specific example of a method for implementing data resource access authority control provided by an embodiment of the present invention;

图3为本发明实施例提供的一种实现数据资源访问权限控制的系统结构示意图;FIG. 3 is a schematic structural diagram of a system for implementing data resource access authority control provided by an embodiment of the present invention;

图4为本发明实施例提供的一种实现数据资源访问权限控制的系统具体例子示意图。Fig. 4 is a schematic diagram of a specific example of a system for implementing data resource access authority control provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明作进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

为了提高数据资源访问的效率,本发明实施例的服务器将每一个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存,当接收到对应应用实例的访问数据资源请求后,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证。这样,就不需要像背景技术那样,每次接收到访问数据资源请求后,都到系统硬盘中读取配置文件进行验证,提高了数据资源访问效率。In order to improve the efficiency of data resource access, the server in the embodiment of the present invention caches the configuration file of the data resource access authority information to be used by each application instance locally, and when receiving the data resource access request of the corresponding application instance, directly calls The locally cached data resource access permission information to be used by the application instance is used for access verification. In this way, it is not necessary to read the configuration file from the system hard disk for verification every time a data resource access request is received, as in the background technology, which improves the data resource access efficiency.

在这里,该配置文件为副本配置文件,且保存时采用hash表方式包括,每个hash表对应一个应用实例,从而后续可以定位日志型的键值数据库中的应用实例。Here, the configuration file is a copy configuration file, and it is saved in the form of a hash table. Each hash table corresponds to an application instance, so that the application instance in the log-type key-value database can be located later.

进一步地,在服务器还包括一个日志型的键值数据库,存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,直接更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志。Further, the server also includes a log-type key-value database, which stores the data resource access permission information to be used by each application instance, and when updating, directly updates the data resource access permission information to be used by the application instance in the database And identify the update flag.

在这里,该数据库采用redis组件进行开发,redis是一个开源的使用ANSIC语言编写,支持网络,可基于系统内存亦可持久化的日志型的键值数据库,可以提供各种应用程序编程接口(API)。在该数据库中,应用实例与数据资源访问权限信息是一一对应的结构,将所有具有更新标识的数据资源访问信息对应应用实例设置在一个hash表中。Here, the database is developed using the redis component. Redis is an open-source, log-type key-value database that is written in ANSIC language, supports the network, and can be based on system memory or persists. It can provide various application programming interfaces (API ). In this database, there is a one-to-one correspondence structure between application instances and data resource access information, and all application instances corresponding to data resource access information with update identifiers are set in a hash table.

本地缓存的每个应用实例定时异步访问该数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息,从而不需要在更新数据资源访问权限信息时,重新启动服务器,防止计算机网络系统中的访问流量压力。进一步地,由于更新时采用覆盖方式更新了本地缓存的该应用实例的所有数据资源访问权限信息,也就是针对应用实例的hash表一次性替换的方式,而不是对所有应用实例的数据资源访问权限信息都替换,这样,就可以防止当计算机网络系统的请求并发环境下,在验证请求时有应用实例的旧数据资源访问权限信息,也有新数据资源访问权限信息。Each application instance in the local cache accesses the database regularly and asynchronously, obtains the updated data resource access permission information used by the application instance, and overwrites the data resource access permission information used by the application instance in the cache, so that there is no need to update When accessing the data resource access rights information, restart the server to prevent access traffic pressure in the computer network system. Furthermore, since all the data resource access rights information of the application instance in the local cache is updated by overwriting during the update, that is, the hash table of the application instance is replaced at one time, rather than the data resource access rights of all application instances The information is all replaced, so that in the concurrent request environment of the computer network system, it can prevent the old data resource access permission information of the application instance and the new data resource access permission information when verifying the request.

图1为本发明实施例提供的一种实现数据资源访问权限控制的方法流程图,其具体步骤为:Fig. 1 is a flow chart of a method for realizing data resource access control provided by an embodiment of the present invention, and its specific steps are:

步骤101、计算机网络系统的服务器将每一个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存;Step 101, the server of the computer network system caches locally the configuration file to which the data resource access authority information to be used by each application instance belongs;

步骤102、接收到计算机网络系统中的客户端发送的对应应用实例的访问数据资源请求后,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证,返回验证结果给客户端。Step 102: After receiving the data resource access request corresponding to the application instance sent by the client in the computer network system, directly call the locally cached data resource access authority information to be used by the application instance for access verification, and return the verification result to the client .

在该步骤中,验证结果可以是验证通过,允许客户端访问数据资源;或者为验证不通过,不允许客户端范围数据资源。In this step, the verification result may be that the verification is passed, and the client is allowed to access the data resource; or the verification is not passed, and the client is not allowed to range the data resource.

在该方法中,所述每一个应用实例所要使用的数据资源访问权限信息所属的配置文件都采用hash表方式缓存。In this method, the configuration file to which the data resource access authority information to be used by each application instance belongs is cached in the form of a hash table.

在该方法中,进一步包括:In the method, further comprising:

在服务器还包括一个日志型的键值数据库,存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,直接更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志。The server also includes a log-type key-value database, which stores the data resource access information to be used by each application instance. When updating, directly update the data resource access information to be used by the application instance in the database and identify the update sign.

所述日志型的键值数据库采用redis组件实现,所述该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志采用hash表方式存储。The log-type key-value database is realized by the redis component, and the data resource access authority information and identification update flags to be used by the application instances in the database are stored in a hash table.

在该方法中,还包括:In this method, also include:

本地缓存的每个应用实例定时异步访问该数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息。Each application instance in the local cache accesses the database regularly and asynchronously, obtains the updated data resource access permission information used by the application instance, and overwrites the data resource access permission information used by the application instance in the cache.

所述应用实例异步定时访问该数据库为采用异步定时线程完成。The asynchronous timing access of the application instance to the database is completed by using an asynchronous timing thread.

图2为本发明实施例提供的一种实现数据资源访问权限控制的方法具体例子流程图,可以看出,在更新阶段,配置更改者直接更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志,配置查询者到本地缓存中获取所请求应用实例所使用的数据资源访问权限信息并由服务器进行验证,而本地缓存的应用实例到基于redis的数据库中定时异步获取得到更新后的应用实例的数据资源访问权限信息并进行覆盖。在查询阶段,配置查询者到本地缓存中获取所请求应用实例所使用的数据资源访问权限信息并由服务器进行验证。Fig. 2 is a flow chart of a specific example of a method for implementing data resource access authority control provided by an embodiment of the present invention. It can be seen that in the update phase, the configuration changer directly updates the data resource access authority to be used by the application instance in the database information and identify the update flag, configure the queryer to obtain the data resource access information used by the requested application instance from the local cache and verify it by the server, and the application instance of the local cache will be regularly and asynchronously obtained from the redis-based database after being updated The data resource access permission information of the application instance and overwrite it. In the query phase, configure the queryer to obtain the access permission information of the data resource used by the requested application instance from the local cache and verify it by the server.

图3为本发明实施例提供的一种实现数据资源访问权限控制的系统结构示意图,包括:本地缓存单元、请求响应单元及验证单元,其中,FIG. 3 is a schematic structural diagram of a system for implementing data resource access control provided by an embodiment of the present invention, including: a local cache unit, a request response unit, and a verification unit, wherein,

本地缓存单元,用于将每一个应用实例所要使用的数据资源访问权限信息所属的配置文件进行本地缓存;The local cache unit is used to locally cache the configuration file to which the data resource access permission information to be used by each application instance belongs;

请求响应单元,接收到计算机网络系统中的客户端发送的对应应用实例的访问数据资源请求,返回验证结果给客户端;The request response unit receives the data resource access request corresponding to the application instance sent by the client in the computer network system, and returns the verification result to the client;

验证单元,直接调用本地缓存的该应用实例所要使用的数据资源访问权限信息进行访问验证。The verification unit directly invokes the locally cached data resource access permission information to be used by the application instance to perform access verification.

在该系统中,还包括日志型的键值数据库,用于存储有每个应用实例所要使用的数据资源访问权限信息,当更新时,直接更新应用实例所要使用的数据资源访问权限信息并标识更新标志。In the system, a log-type key-value database is also included, which is used to store the data resource access permission information to be used by each application instance. When updating, directly update the data resource access permission information to be used by the application instance and identify the update sign.

在该系统中,所述本地缓存单元,还用于每个应用实例定时异步访问所述日志型的键值数据库,获取该应用实例所使用的已经更新的数据资源访问权限信息,覆盖缓存中的该应用实例所使用的数据资源访问权限信息。In this system, the local cache unit is also used for each application instance to regularly and asynchronously access the log-type key-value database, to obtain the updated data resource access permission information used by the application instance, and to overwrite the The data resource access permission information used by the application instance.

图4为本发明实施例提供的一种实现数据资源访问权限控制的系统具体例子示意图,从图中可以看出,在服务器的本地缓存中,为每个应用实例都设置了hash表,该hash表中存储了该应用实例的数据资源访问权限信息,每个应用实例都可以接收访问数据资源请求。每个应用采用异步线程与基于redis组件的数据库交互,在该数据库中,对应每个应用实例,缓存有要使用的数据资源访问权限信息,采用hash表存储,当更新时,直接与该数据库交互,更新该数据库中的应用实例所要使用的数据资源访问权限信息并标识更新标志,应用实例与更新的数据资源访问权限信息或者未更新的数据资源访问权限信息为一一对应关系。Fig. 4 is a schematic diagram of a specific example of a system for implementing data resource access control provided by an embodiment of the present invention. It can be seen from the figure that in the local cache of the server, a hash table is set for each application instance, and the hash The data resource access permission information of the application instance is stored in the table, and each application instance can receive data resource access requests. Each application uses an asynchronous thread to interact with the database based on the redis component. In the database, corresponding to each application instance, the data resource access information to be used is cached and stored in a hash table. When updating, it directly interacts with the database , update the data resource access authority information to be used by the application instance in the database and identify the update flag, and the application instance has a one-to-one correspondence with the updated data resource access authority information or the unupdated data resource access authority information.

在本发明实施例中,如果进行更新,则在服务器中相关的应用实例的数据资源访问权限信息都会更新,且很快生效,不需要重启服务。本发明实施例大幅减少权限判定时间,提高了计算机系统玩两个的资源分配效率。In the embodiment of the present invention, if the update is performed, the data resource access authority information of the relevant application instance in the server will be updated, and it will take effect soon without restarting the service. The embodiments of the present invention greatly reduce the authority determination time, and improve the resource allocation efficiency of computer systems playing two games.

以上举较佳实施例,对本发明的目的、技术方案和优点进行了进一步详细说明,所应理解的是,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The preferred embodiments above are used to further describe the purpose, technical solutions and advantages of the present invention in detail. It should be understood that the above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Within the spirit and principles of the present invention, any modifications, equivalent replacements and improvements, etc., shall be included within the protection scope of the present invention.

Claims (9)

1. realize a method for data resource access control of authority, it is characterized in that, the method comprises:
The configuration file belonging to data resource access authority information that each application example will use by the server of computer network system carries out local cache;
After receiving the visit data resource request of the corresponding application example that client in computer network system sends, the data resource access authority information that this application example directly calling local cache will use conducts interviews checking, returns the result.
2. the method for claim 1, is characterized in that, the configuration file belonging to data resource access authority information that each application example described will use adopts hash to show mode buffer memory.
3. the method for claim 1, is characterized in that, the method also comprises:
The key value database of a log type is comprised at server, store the data resource access authority information that each application example will use, when updated, data resource access authority information identification renewal mark that the application example in this database will use is upgraded.
4. method as claimed in claim 3, it is characterized in that, the key value database of described log type adopts redis assembly to realize, the data resource access authority information that the application example in this database described will use identification renewal mark adopts hash table mode to store.
5. method as claimed in claim 3, it is characterized in that, the method also comprises: database described in each application example timing asynchronous access of described local cache, obtain the data resource access authority information upgraded that this application example uses, cover the data resource access authority information that this application example in buffer memory uses.
6. method as claimed in claim 5, is characterized in that, database described in the asynchronous timer access of described application example completes for adopting asynchronous timed thread.
7. realize a system for data resource access control of authority, it is characterized in that, comprising: local cache unit, request-response unit and authentication unit, wherein,
Local cache unit, carries out local cache for the configuration file belonging to the data resource access authority information that will be used by each application example;
Request-response unit, receives the visit data resource request of the corresponding application example that the client in computer network system sends;
Authentication unit, the data resource access authority information that this application example directly calling local cache will use conducts interviews checking, returns the result.
8. system as claimed in claim 7, it is characterized in that, also comprise the key value database of log type, for storing the data resource access authority information that each application example will use, when updated, data resource access authority information identification renewal mark that application example will use directly is upgraded.
9. system as claimed in claim 8, it is characterized in that, described local cache unit, also for the key value database of log type described in each application example timing asynchronous access, obtain the data resource access authority information upgraded that this application example uses, cover the data resource access authority information that this application example in buffer memory uses.
CN201510288422.8A 2015-05-29 2015-05-29 Realize the method and system of data resource access permission control Active CN105100051B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510288422.8A CN105100051B (en) 2015-05-29 2015-05-29 Realize the method and system of data resource access permission control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510288422.8A CN105100051B (en) 2015-05-29 2015-05-29 Realize the method and system of data resource access permission control

Publications (2)

Publication Number Publication Date
CN105100051A true CN105100051A (en) 2015-11-25
CN105100051B CN105100051B (en) 2019-04-26

Family

ID=54579598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510288422.8A Active CN105100051B (en) 2015-05-29 2015-05-29 Realize the method and system of data resource access permission control

Country Status (1)

Country Link
CN (1) CN105100051B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302492A (en) * 2016-08-23 2017-01-04 唐山新质点科技有限公司 A kind of access control method and system
CN106557347A (en) * 2016-11-24 2017-04-05 泰康保险集团股份有限公司 Software updating method and device
CN106992997A (en) * 2017-05-25 2017-07-28 人教数字出版有限公司 The management method and device of a kind of copyright
CN107291923A (en) * 2017-06-29 2017-10-24 北京京东尚科信息技术有限公司 Information processing method and device
CN107436920A (en) * 2017-07-01 2017-12-05 武汉斗鱼网络科技有限公司 Node.js authority control methods, storage medium, electronic equipment and system
CN108073559A (en) * 2016-11-18 2018-05-25 腾讯科技(深圳)有限公司 It is a kind of to realize the newer method, apparatus of list data and system
CN108334380A (en) * 2018-01-19 2018-07-27 新智云数据服务有限公司 A kind of configuration item management method, device, terminal and computer readable storage medium
CN108417258A (en) * 2017-02-10 2018-08-17 深圳市理邦精密仪器股份有限公司 Right management method, device and patient monitor
CN108632204A (en) * 2017-03-17 2018-10-09 网宿科技股份有限公司 HTTP interface method for checking access authority of Internet, system and server
CN108900475A (en) * 2018-06-06 2018-11-27 麒麟合盛网络技术股份有限公司 User authority control method and device
CN109286643A (en) * 2017-07-20 2019-01-29 西门子公司 Method and apparatus for reading configuration parameters of an application instance
CN110717192A (en) * 2019-09-11 2020-01-21 南京工业职业技术学院 Access control method for big data security based on Key-Value accelerator
CN111090882A (en) * 2019-12-18 2020-05-01 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database
CN111147509A (en) * 2019-12-30 2020-05-12 北京三快在线科技有限公司 Network isolation method, device, server and storage medium
CN111290768A (en) * 2020-01-22 2020-06-16 北京百度网讯科技有限公司 Updating method, device, equipment and medium for containerization application system
CN113010131A (en) * 2021-03-15 2021-06-22 京东数字科技控股股份有限公司 Display content updating method, device, terminal, server and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5230070A (en) * 1989-09-08 1993-07-20 International Business Machines Corporation Access authorization table for multi-processor caches
US7725219B2 (en) * 2005-06-22 2010-05-25 Denso Corporation Local operation remote cancellation authorizing method and system under remote operation
CN103490886A (en) * 2012-06-12 2014-01-01 阿里巴巴集团控股有限公司 Permission data validation method, device and system
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN104112085A (en) * 2013-04-19 2014-10-22 阿里巴巴集团控股有限公司 Data permission control method and device for application system clusters

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5230070A (en) * 1989-09-08 1993-07-20 International Business Machines Corporation Access authorization table for multi-processor caches
US7725219B2 (en) * 2005-06-22 2010-05-25 Denso Corporation Local operation remote cancellation authorizing method and system under remote operation
CN103490886A (en) * 2012-06-12 2014-01-01 阿里巴巴集团控股有限公司 Permission data validation method, device and system
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN104112085A (en) * 2013-04-19 2014-10-22 阿里巴巴集团控股有限公司 Data permission control method and device for application system clusters

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302492A (en) * 2016-08-23 2017-01-04 唐山新质点科技有限公司 A kind of access control method and system
CN108073559B (en) * 2016-11-18 2021-07-27 腾讯科技(深圳)有限公司 A method, device and system for realizing table data update
CN108073559A (en) * 2016-11-18 2018-05-25 腾讯科技(深圳)有限公司 It is a kind of to realize the newer method, apparatus of list data and system
CN106557347A (en) * 2016-11-24 2017-04-05 泰康保险集团股份有限公司 Software updating method and device
CN106557347B (en) * 2016-11-24 2020-09-04 泰康保险集团股份有限公司 Software updating method and device
CN108417258A (en) * 2017-02-10 2018-08-17 深圳市理邦精密仪器股份有限公司 Right management method, device and patient monitor
CN108632204B (en) * 2017-03-17 2021-01-22 网宿科技股份有限公司 HTTP interface access authority verification method, system and server
CN108632204A (en) * 2017-03-17 2018-10-09 网宿科技股份有限公司 HTTP interface method for checking access authority of Internet, system and server
CN106992997A (en) * 2017-05-25 2017-07-28 人教数字出版有限公司 The management method and device of a kind of copyright
CN106992997B (en) * 2017-05-25 2020-05-05 人教数字出版有限公司 Copyright management method and device
CN107291923B (en) * 2017-06-29 2020-03-27 北京京东尚科信息技术有限公司 Information processing method and device
CN107291923A (en) * 2017-06-29 2017-10-24 北京京东尚科信息技术有限公司 Information processing method and device
CN107436920A (en) * 2017-07-01 2017-12-05 武汉斗鱼网络科技有限公司 Node.js authority control methods, storage medium, electronic equipment and system
CN109286643A (en) * 2017-07-20 2019-01-29 西门子公司 Method and apparatus for reading configuration parameters of an application instance
CN108334380A (en) * 2018-01-19 2018-07-27 新智云数据服务有限公司 A kind of configuration item management method, device, terminal and computer readable storage medium
CN108900475A (en) * 2018-06-06 2018-11-27 麒麟合盛网络技术股份有限公司 User authority control method and device
CN110717192A (en) * 2019-09-11 2020-01-21 南京工业职业技术学院 Access control method for big data security based on Key-Value accelerator
CN111090882A (en) * 2019-12-18 2020-05-01 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database
CN111090882B (en) * 2019-12-18 2022-08-05 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database
CN111147509A (en) * 2019-12-30 2020-05-12 北京三快在线科技有限公司 Network isolation method, device, server and storage medium
CN111290768A (en) * 2020-01-22 2020-06-16 北京百度网讯科技有限公司 Updating method, device, equipment and medium for containerization application system
CN111290768B (en) * 2020-01-22 2023-10-20 北京百度网讯科技有限公司 An update method, device, equipment and medium for a containerized application system
CN113010131A (en) * 2021-03-15 2021-06-22 京东数字科技控股股份有限公司 Display content updating method, device, terminal, server and storage medium
CN113010131B (en) * 2021-03-15 2024-04-05 京东科技控股股份有限公司 Display content updating method, device, terminal, server and storage medium

Also Published As

Publication number Publication date
CN105100051B (en) 2019-04-26

Similar Documents

Publication Publication Date Title
CN105100051A (en) Method and system for realizing data resource access right control
US9990224B2 (en) Relaxing transaction serializability with statement-based data replication
US10572350B1 (en) System and method for improved application consistency in a distributed environment
US11468175B2 (en) Caching for high-performance web applications
WO2020181810A1 (en) Data processing method and apparatus applied to multi-level caching in cluster
US10970311B2 (en) Scalable snapshot isolation on non-transactional NoSQL
US10831915B2 (en) Method and system for isolating application data access
US11489844B2 (en) On-the-fly creation of transient least privileged roles for serverless functions
US20120310909A1 (en) File system with optimistic i/o operations on shared storage
US11599503B2 (en) Path name cache for notifications of file changes
US11853284B2 (en) In-place updates with concurrent reads in a decomposed state
CN113220669A (en) Service data processing method and device and electronic equipment
CN104796412A (en) End-to-end cloud service system and method for accessing sensitive data thereof
CN115174158B (en) Cloud product configuration checking method based on multi-cloud management platform
US20180097817A1 (en) Generating short-term signatures for accessing cloud storage
CN115277145A (en) Distributed storage access authorization management method, system, device and readable medium
CN113590661A (en) Data caching method, device, server and computer readable storage medium
US20210383006A1 (en) Distribution of user specific data elements in a replication environment
US12164434B1 (en) Systems and methods for coupled cache management
US11500732B2 (en) Method and system for performing data protection services for user data associated with calendar events
CN114329427A (en) A method, device, computing device and storage medium for dynamic control of operation authority
US10712952B1 (en) Metadata caches in a reliable distributed computing system
US20150006592A1 (en) Reducing transaction operations using deferred operations
CN119248660B (en) Hardware information access system
CN114861198B (en) Access page permission control method, equipment and medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160602

Address after: 200433, room 1945, 1243 Siping Road, Shanghai, Yangpu District

Applicant after: Shanghai Jingdong Yuan Yuan letter Information Technology Co., Ltd.

Address before: 100080 Beijing city Haidian District xingshikou Road No. 65 building 11C Creative Park West West west Shan East 1-4 layer 1-4 layer

Applicant before: Beijing Jingdong Shangke Information Technology Co., Ltd.

Applicant before: Beijing Jingdong Century Commerce Co., Ltd.

GR01 Patent grant
GR01 Patent grant