CN107071051A - For ordering the method and apparatus performed - Google Patents
For ordering the method and apparatus performed Download PDFInfo
- Publication number
- CN107071051A CN107071051A CN201710344266.1A CN201710344266A CN107071051A CN 107071051 A CN107071051 A CN 107071051A CN 201710344266 A CN201710344266 A CN 201710344266A CN 107071051 A CN107071051 A CN 107071051A
- Authority
- CN
- China
- Prior art keywords
- order
- request
- client
- information
- level process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 135
- 230000008569 process Effects 0.000 claims description 102
- 238000004891 communication Methods 0.000 claims description 54
- 230000005540 biological transmission Effects 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 8
- 238000003860 storage Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 244000035744 Hura crepitans Species 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000033228 biological regulation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 210000004209 hair Anatomy 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/541—Client-server
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Cardiology (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The purpose of the application is to provide a kind of method and apparatus for being used to order execution.Compared with prior art, the application performs request by receiving the order that client is sent, wherein, the order, which is performed, includes pending order in request, be then based on the order and perform request and security restriction information, perform the order.In this way, it is possible to use security restriction information makes order be performed in the environment of safety, the serious consequence that dangerous information is brought is carried in bug or order when order is present so as to avoid.
Description
Technical field
The application is related to field of computer technology, more particularly to a kind of technology for being used to order execution.
Background technology
In the exectorial actual scene of Linux server, needs can be run into third party is performed in Linux server
The demand of order, and these third parties order may have some not trusted orders, if particularly these orders are present
Bug or with dangerous information, can bring serious safety problem.In the prior art, realize that order safety is performed generally to use
Virtualization technology, for example, chroot, selinux sandbox, virtual machine etc., wherein, chroot is by independently going out one
Catalogue, all programs are all copied to and performed under separate category, his shortcoming is to have only isolated file system;selinux
Sandbox shortcoming is laid down a regulation hell to pay to program, it is necessary to open selinux, not thin enough to Process flowchart granularity;And it is empty
The implementation cost of plan machine is too big, inconvenient with other interprogram communications, is unfavorable for programming.Therefore, existing virtualization technology can not
Meet the demand of actual different scenes.
The content of the invention
The purpose of the application is to provide a kind of method and apparatus for being used to order execution.
According to the one side of the application there is provided a kind of method ordered and performed, wherein, this method includes:
The order for receiving client transmission performs request, wherein, the order, which is performed, includes pending order in request;
Request and security restriction information are performed based on the order, the order is performed.
Further, wherein, it is described reception client send order perform request before, methods described also includes:
Receive the connection request that the client is sent;
Based on the connection request, the communication connection set up between the client.
Further, wherein, methods described also includes:
Create one-level process;
The order for receiving client transmission, which performs request, to be included:
The order for controlling the one-level process to receive client transmission by the communication connection performs request, the order
Perform and pending order is included in request;
Described to perform request and security restriction information based on the order, performing the order includes:
Control the one-level process to be based on the order and perform request and security restriction information, perform the order.
Further, wherein, it is described based on it is described order perform request and security restriction information, perform it is described order bag
Include:
Control described two grades of processes of one-level process creation;
Control two grades of processes to be based on the order and perform request and security restriction information, perform the order.
Further, wherein, methods described also includes:
After the order is performed, control two grades of processes to be sent to the one-level process and exit signal;
Control to exit signal described in the one-level process reception, and generate feedback information;
The one-level process is controlled to send the feedback information to the client.
Further, wherein, methods described also includes:
During execution is ordered, the one-level process sends heartbeat request by the communication connection, to the client;
When not receiving the heartbeat response that the client is returned based on the heartbeat request in preset time, institute is disconnected
State communication connection.
Further, wherein, it is described order perform request in also include configuration information, the configuration information be used for set institute
Security restriction information is stated, described to perform request and security restriction information based on the order, performing the order also includes:
The security restriction information is set based on the configuration information.
Further, wherein, the security restriction information include it is following any one of at least:Network control message;Resource control
Information processed;Time-out time information.
According to the another aspect of the application, a kind of equipment ordered and performed is additionally provided, wherein, the equipment includes:
First device, the order for receiving client transmission performs request, wherein, the order is performed to be included in request
Pending order;
Second device, for performing request and security restriction information based on the order, performs the order.
Further, wherein, the equipment also includes:
3rd device, for receiving the connection request that the client is sent;
4th device, for based on the connection request, the communication connection set up between the client.
Further, wherein, the equipment also includes:
5th device, for creating one-level process;
The first device is used for:
The order for controlling the one-level process to receive client transmission by the communication connection performs request, the order
Perform and pending order is included in request;
The second device is used for:
Control the one-level process to be based on the order and perform request and security restriction information, perform the order.
Further, wherein, the second device is used for:
Control described two grades of processes of one-level process creation;
Control two grades of processes to be based on the order and perform request and security restriction information, perform the order.
Further, wherein, the equipment also includes:
6th device, is moved back for after the order is performed, controlling two grades of processes to be sent to the one-level process
Go out signal;
7th device, for controlling to exit signal described in the one-level process reception, and generates feedback information, and control institute
One-level process is stated to send the feedback information to the client.
Further, wherein, the equipment also includes:
8th device, for during ordering and performing, the one-level process to be by the communication connection, to the client
Send heartbeat request;
9th device, the heart that the client is returned based on the heartbeat request is not received for working as in preset time
Response is jumped, the communication connection is disconnected.
Further, wherein, it is described order perform request in also include configuration information, the configuration information be used for set institute
Security restriction information is stated, the second device is additionally operable to:
The security restriction information is set based on the configuration information.
Further, wherein, the security restriction information include it is following any one of at least:Network control message;Resource control
Information processed;Time-out time information.
Compared with prior art, the application performs request by receiving the order that client is sent, wherein, the order is held
Pending order is included in row request, the order is then based on and performs request and security restriction information, perform the order.
In this way, it is possible to use security restriction information makes order be performed in the environment of safety, so as to avoid when order is deposited
The serious consequence that dangerous information is brought is carried in bug or order.
Moreover, the application during ordering and performing can also control the one-level process by the communication connection, to institute
State client and send heartbeat request, and returned when not receiving the client in preset time based on the heartbeat request
Heartbeat response, control the one-level process to disconnect the communication connection.In this way, can constantly it detect and client
Between communication connection it is whether normal, when detect client it is abnormal when, the communication connection can be disconnected, to avoid order from continuing to hold
The capable wasting of resources brought of going down.
In addition, the application can also include configuration information in order performs request, the configuration information is used to set institute
Security restriction information is stated, oneself can select to set security restriction information by such mode user, improve flexibility, from
And disclosure satisfy that different demands.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, of the invention is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 shows a kind of method flow diagram for being used to order execution according to the application one side;
Fig. 2 shows a kind of side that request parallel processing is performed for multiple orders according to one preferred embodiment of the application
Method flow chart;
Fig. 3 shows a kind of equipment schematic diagram for being used to order execution according to the application other side.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic disk storage or other magnetic storage apparatus or
Any other non-transmission medium, the information that can be accessed by a computing device available for storage.Defined according to herein, computer
Computer-readable recording medium does not include the data-signal and carrier wave of non-temporary computer readable media (transitory media), such as modulation.
It is below in conjunction with the accompanying drawings and preferably real further to illustrate the effect of technological means that the application taken and acquirement
Example is applied, to the technical scheme of the application, clear and complete description is carried out.
Fig. 1 shows to be included according to a kind of method flow diagram for being used to order execution of the application one side, this method:
The order that S11 receives client transmission performs request, wherein, the order, which is performed, includes pending life in request
Order;
S12 is based on the order and performs request and security restriction information, performs the order.
In this embodiment, in the step S11, the order that equipment 1 receives client transmission performs request, wherein,
The order, which is performed, includes pending order in request.Set here, the equipment 1 includes but is not limited to various intelligent movables
The cloud that standby, personal computer, network host, single network server, multiple webserver collection or multiple servers are constituted;Its
In, cloud is made up of a large amount of computers or the webserver based on cloud computing (Cloud Computing), wherein, cloud computing is
One kind of Distributed Calculation, a virtual supercomputer being made up of the computer collection of a group loose couplings.
Wherein, it is described order perform request be used for ask equipment 1 perform it is described order perform request in include it is pending
Order, the order can include pending program code, including the order that carries of system or third party's order etc..
Specifically, the equipment 1 receives the order by the network connection set up between client and performs request.
Continue in this embodiment, in the step S12, equipment 1 is based on the order and performs request and security restriction
Information, performs the order.Wherein, the security restriction information is including one or more, here, the security restriction packet
Include following at least any one:Network control message;Resource control information;Time-out time information;Control of authority information etc..Wherein,
Can the network control message be used to control configuration processor belonging network, and use network;The resource control information is used
Use in limitation internal memory and exchange partition;The time-out time information is used for setting command and performs time-out time;The power
Limit control information is used to control user and group, file access authority, program work catalogue belonging to configuration processor etc..
Performed here, the security restriction information may be embodied in the order in request, and the order execution please
Configuration information is also included in asking, the configuration information is used to set the security restriction information, for example, when security restriction letter
Cease for network control message, the configuration information can be using network or can not to use network;When the security restriction
Information is time-out time information, and the configuration information is time-out time for specifically setting etc..In addition, the order performs request
In can not include the security restriction information or the configuration information, at this moment can by using acquiescence configuration information,
So as to reduce the flow of transmission.In this way, the setting of security restriction information, spirit can be carried out according to different scenes
Activity is high, can meet the demand under different scenes.
Preferably, before the step S11, methods described also includes:S13 (not shown) receives the client and sent
Connection request;S14 (not shown) is based on the connection request, the communication connection set up between the client.
In this embodiment, can be first between client and equipment 1 before client is sent when order performs request
Communication connection is set up, therefore, in the step S13, equipment 1 receives the connection request that the client is sent, the connection
Ask to be used to ask to set up communication connection between equipment 1 and client, further, in the step S14, the equipment 1
Based on the connection request, the communication connection set up between the client.Specifically, equipment 1 set up the communication connection can
To use unix sockets, or web socket is used, but be due to that usage scenario is used in itself for server, unix sockets
Word meets requirement and efficiency is than using web socket efficiency high, therefore, it can preferred unix sockets.It is this first to set up
The mode of communication connection can improve data transmission efficiency below.
Preferably, methods described also includes:S15 (not shown) creates one-level process;Wherein, the step S11 includes:Control
Make the one-level process and request is performed by the order of the communication connection reception client transmission, the order is performed in request
Include pending order;The step S12 includes:Control the one-level process to be based on the order and perform request and safety limit
Information processed, performs the order.
In this embodiment, in the step S15, equipment 1 creates one-level process, and specifically, equipment 1 can pass through
Fork functions realize create one-level process, the one-level process can by realizing data transfer between communication connection and client,
For example, receive client send order performs request, further, the one-level process be based on it is described order execution ask and
Security restriction information, performs the order.
It is highly preferred that wherein, the step S12 includes:Equipment 1 controls described two grades of processes of one-level process creation, and controls
Make two grades of processes and be based on the order execution request and security restriction information, perform the order.In this embodiment, institute
State one-level process and do not perform the order directly, but the life is performed by creating two grades of processes, and by two grades of processes
Order.
It is highly preferred that wherein, methods described also includes:S16 (not shown) is after the order is performed, control described two
Level process sends to the one-level process and exits signal;S17 (not shown) controls to exit signal described in the one-level process reception,
And generate feedback information;Then the one-level process is controlled to send the feedback information to the client.
In this embodiment, in the step S16, after two grades of processes perform the order, described two grades
Process sends to the one-level process and exits signal, correspondingly, exits signal described in the one-level process reception, then generates anti-
Feedforward information, and the feedback information is sent to the client.Here, after the feedback information is performed including the order
Corresponding implementing result.
It is highly preferred that wherein, methods described also includes:S18 (not shown) is during execution is ordered, and control described one is grading
Journey sends heartbeat request by the communication connection, to the client;S19 (not shown) is worked as not to be received in preset time
The heartbeat response that the client is returned based on the heartbeat request, disconnects the communication connection.
In this embodiment, in the step S18, order perform during the one-level process can by with client
The communication connection of foundation, heartbeat request is sent to the client, and the heartbeat request is used to detect logical between client
Whether letter connection is disconnected, and the heartbeat request can be sent once every the set time, for example, being sent once every 1 second.
In addition, equipment 1 can perform request to multiple orders that multiple client is sent simultaneously carries out parallel processing, such as scheme
2 show to perform the flow chart of request parallel processing according to a kind of multiple orders of preferred embodiment of the application other side.
Wherein, server corresponding devices 1, Client 1 to Client N correspondence clients 1 are arrived to client N, Manager 1
Manager N correspondence one-level processes, Exec 1 to Exec 2 two grades of processes of correspondence, step 1 to 7 is introduced below:
1) Client initiates connection request, the communication connection that server is set up between Client to server.
2) after communication connection foundation is finished, Server goes out a subprocess Manager to each Client connections fork
Management client is asked.
3) Manager receives the order from Client and performs request, and parses the order and perform request.
4) Manager is performed according to the order asks to set up another the specific life in process Exec execution requests
Order, and network control message, resource control information, time-out time information etc. are set, and monitor subprogram Exec returns and each
The I/O event (processing standard output is exported with mistake) of resource is planted, Exec subprocess inside sets control of authority information, for example, journey
Gid, uid and chroot that sequence is performed etc., then Exec subprocess calling system function performs order.
5) order perform during Manager and Client can carry out heartbeat synchronization (for example, sync interval 1 second), i.e., to
Client sends heartbeat request, it is ensured that client is present.
6) Manager treats that Exec subprocess performs order and finishes and exit, and what Manager received subprocess transmission exits letter
Number, the problems such as handling the resource reclaim after subprocess is exited.
7) feedback information of Manager generations order returns to client, and client receives the feedback letter of Manager hairs
Breath, closes connection, and parsing feedback information obtains order and performs return, and whole flow process terminates.
Compared with prior art, the application performs request by receiving the order that client is sent, wherein, the order is held
Pending order is included in row request, the order is then based on and performs request and security restriction information, perform the order.
In this way, it is possible to use security restriction information makes order be performed in the environment of safety, so as to avoid when order is deposited
The serious consequence that dangerous information is brought is carried in bug or order.
Moreover, the application during ordering and performing can also control the one-level process by the communication connection, to institute
State client and send heartbeat request, and returned when not receiving the client in preset time based on the heartbeat request
Heartbeat response, control the one-level process to disconnect the communication connection.In this way, can constantly it detect and client
Between communication connection it is whether normal, when detect client it is abnormal when, the communication connection can be disconnected, to avoid order from continuing to hold
The capable wasting of resources brought of going down.
In addition, the application can also include configuration information in order performs request, the configuration information is used to set institute
Security restriction information is stated, oneself can select to set security restriction information by such mode user, improve flexibility, from
And disclosure satisfy that different demands.
Fig. 3 shows to be wrapped according to a kind of equipment schematic diagram for being used to order execution of the application other side, the equipment 1
Include:
First device, the order for receiving client transmission performs request, wherein, the order is performed to be included in request
Pending order;
Second device, for performing request and security restriction information based on the order, performs the order.
In this embodiment, the order that the first device reception client of the equipment 1 is sent performs request, wherein, institute
Order is stated to perform in request comprising pending order.Here, the equipment 1 include but is not limited to various intelligent movable equipment,
The cloud that personal computer, network host, single network server, multiple webserver collection or multiple servers are constituted;Wherein,
Cloud is made up of a large amount of computers or the webserver based on cloud computing (Cloud Computing), wherein, cloud computing is distribution
One kind that formula is calculated, a virtual supercomputer being made up of the computer collection of a group loose couplings.
Wherein, it is described order perform request be used for ask equipment 1 perform it is described order perform request in include it is pending
Order, the order can include pending program code, including the order that carries of system or third party's order etc..
Specifically, the equipment 1 receives the order by the network connection set up between client and performs request.
Continue in this embodiment, the second device of the equipment 1 is based on the order and performs request and security restriction letter
Breath, performs the order.Wherein, the security restriction information is including one or more, here, the security restriction information includes
Below any one of at least:Network control message;Resource control information;Time-out time information.Wherein, the network control message is used
In control configuration processor belonging network, and network can be used;The resource control information is used to limit internal memory and exchange
The use of subregion;The time-out time information is used for setting command and performs time-out time;The control of authority information is used to control
User and group, file access authority, program work catalogue belonging to configuration processor etc..
Performed here, the security restriction information may be embodied in the order in request, and the order execution please
Configuration information is also included in asking, the configuration information is used to set the security restriction information, for example, when security restriction letter
Cease for network control message, the configuration information can be using network or can not to use network;When the security restriction
Information is time-out time information, and the configuration information is time-out time for specifically setting etc..In addition, the order performs request
In can not include the security restriction information or the configuration information, at this moment can by using acquiescence configuration information,
So as to reduce the flow of transmission.In this way, the setting of security restriction information, spirit can be carried out according to different scenes
Activity is high, can meet the demand under different scenes.
Preferably, the equipment 1 also includes:3rd device (not shown), for receiving the connection that the client is sent
Request;4th device (not shown), for based on the connection request, the communication connection set up between the client.
In this embodiment, can be first between client and equipment 1 before client is sent when order performs request
Communication connection is set up, therefore, the 3rd device of the equipment 1 receives the connection request that the client is sent, and the connection please
Ask for asking to set up communication connection between equipment 1 and client, further, the 4th device of the equipment 1 is based on described
Connection request, the communication connection set up between the client.Specifically, the 4th device of equipment 1 sets up the communication connection
Unix sockets can be used, or use web socket, but are due to that usage scenario is used in itself for server, unix sets
Connect the requirement of word satisfaction and efficiency is than using web socket efficiency high, therefore, it can preferred unix sockets.It is this first to build
The mode of vertical communication connection can improve data transmission efficiency below.
Preferably, the equipment also includes:5th device (not shown), for creating one-level process;Wherein, described first
Device is used for:The order for controlling the one-level process to receive client transmission by the communication connection performs request, the life
Order, which is performed, includes pending order in request;The second device is used for:Control the one-level process to be based on the order to hold
Row request and security restriction information, perform the order.
In this embodiment, the 5th device of equipment 1 creates one-level process, and specifically, the 5th device of equipment 1 can lead to
Cross fork functions and realize the one-level process that creates, the one-level process can be by realizing that data are passed between communication connection and client
Defeated, for example, the order for receiving client transmission performs request, further, the one-level process is based on the order execution please
Ask and security restriction information, perform the order.
It is highly preferred that wherein, the second device of the equipment 1 is used for:Described two grades of processes of one-level process creation are controlled, and
Control two grades of processes to be based on the order and perform request and security restriction information, perform the order.In this embodiment,
The one-level process does not perform the order directly, but by creating two grades of processes, and it is described by two grades of processes execution
Order.
It is highly preferred that wherein, the equipment also includes:6th device (not shown), for after the order is performed,
Control two grades of processes to be sent to the one-level process and exit signal;7th device (not shown), for controlling the one-level
Process exits signal described in receiving, and generates feedback information;Then control the one-level process by the feedback information send to
The client.
In this embodiment, the 6th device of the equipment 1 is after two grades of processes perform the order, and described two
Level process sends to the one-level process and exits signal, correspondingly, exits signal described in the one-level process reception, then generates
Feedback information, and the feedback information is sent to the client.Here, the feedback information includes the order execution
Corresponding implementing result afterwards.
It is highly preferred that wherein, the equipment also includes:8th device (not shown), for during execution is ordered, controlling
The one-level process sends heartbeat request by the communication connection, to the client;9th device (not shown), for working as
Do not receive the heartbeat response that the client is returned based on the heartbeat request in preset time, disconnect the communication link
Connect.
In this embodiment, the 8th device of the equipment 1 order perform during the one-level process can by with visitor
The communication connection that family end is set up, heartbeat request is sent to the client, and the heartbeat request is used to detect between client
Communication connection whether disconnect, the heartbeat request can every the set time send once, for example, every 1 second send once.
Compared with prior art, the application performs request by receiving the order that client is sent, wherein, the order is held
Pending order is included in row request, the order is then based on and performs request and security restriction information, perform the order.
In this way, it is possible to use security restriction information makes order be performed in the environment of safety, so as to avoid when order is deposited
The serious consequence that dangerous information is brought is carried in bug or order.
Moreover, the application during ordering and performing can also control the one-level process by the communication connection, to institute
State client and send heartbeat request, and returned when not receiving the client in preset time based on the heartbeat request
Heartbeat response, control the one-level process to disconnect the communication connection.In this way, can constantly it detect and client
Between communication connection it is whether normal, when detect client it is abnormal when, the communication connection can be disconnected, to avoid order from continuing to hold
The capable wasting of resources brought of going down.
In addition, the application can also include configuration information in order performs request, the configuration information is used to set institute
Security restriction information is stated, oneself can select to set security restriction information by such mode user, improve flexibility, from
And disclosure satisfy that different demands.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit is required rather than described above is limited, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as to the claim involved by limitation.This
Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in device claim is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (16)
1. a kind of order the method performed, wherein, this method includes:
The order for receiving client transmission performs request, wherein, the order, which is performed, includes pending order in request;
Request and security restriction information are performed based on the order, the order is performed.
2. according to the method described in claim 1, wherein, it is described reception client send order perform request before, institute
Stating method also includes:
Receive the connection request that the client is sent;
Based on the connection request, the communication connection set up between the client.
3. method according to claim 2, wherein, methods described also includes:
Create one-level process;
The order for receiving client transmission, which performs request, to be included:
The order for controlling the one-level process to receive client transmission by the communication connection performs request, and the order is performed
Pending order is included in request;
Described to perform request and security restriction information based on the order, performing the order includes:
Control the one-level process to be based on the order and perform request and security restriction information, perform the order.
4. method according to claim 3, wherein, it is described that request and security restriction information are performed based on the order, hold
The row order includes:
Control described two grades of processes of one-level process creation;
Control two grades of processes to be based on the order and perform request and security restriction information, perform the order.
5. method according to claim 4, wherein, methods described also includes:
After the order is performed, control two grades of processes to be sent to the one-level process and exit signal;
Control to exit signal described in the one-level process reception, and generate feedback information;
The one-level process is controlled to send the feedback information to the client.
6. the method according to claim 3 or 4, wherein, methods described also includes:
During execution is ordered, the one-level process is controlled to send heartbeat request by the communication connection, to the client;
When not receiving the heartbeat response that the client is returned based on the heartbeat request in preset time, described one is controlled
Level process disconnects the communication connection.
7. method according to any one of claim 1 to 6, wherein, the order is performed in request also comprising setting letter
Breath, the configuration information is used to set the security restriction information, described to perform request and security restriction letter based on the order
Breath, performing the order also includes:
The security restriction information is set based on the configuration information.
8. method according to any one of claim 1 to 7, wherein, the security restriction information is at least appointed including following
One:
Network control message;
Resource control information;
Time-out time information;
Control of authority information.
9. a kind of order the equipment performed, wherein, the equipment includes:
First device, the order for receiving client transmission performs request, wherein, the order performs to include in request and waits to hold
Capable order;
Second device, for performing request and security restriction information based on the order, performs the order.
10. equipment according to claim 9, wherein, the equipment also includes:
3rd device, for receiving the connection request that the client is sent;
4th device, for based on the connection request, the communication connection set up between the client.
11. equipment according to claim 10, wherein, the equipment also includes:
5th device, for creating one-level process;
The first device is used for:
The order for controlling the one-level process to receive client transmission by the communication connection performs request, and the order is performed
Pending order is included in request;
The second device is used for:
Control the one-level process to be based on the order and perform request and security restriction information, perform the order.
12. equipment according to claim 11, wherein, the second device is used for:
Control described two grades of processes of one-level process creation;
Control two grades of processes to be based on the order and perform request and security restriction information, perform the order.
13. equipment according to claim 12, wherein, the equipment also includes:
6th device, letter is exited for after the order is performed, controlling two grades of processes to be sent to the one-level process
Number;
7th device, for controlling to exit signal described in the one-level process reception, and generates feedback information, and control described one
Level process sends the feedback information to the client.
14. the equipment according to claim 11 or 12, wherein, the equipment also includes:
8th device, for during ordering and performing, controlling the one-level process by the communication connection, to the client
Send heartbeat request;
9th device, should based on the heartbeat that the heartbeat request is returned for ought not receive the client in preset time
Answer, control the one-level process to disconnect the communication connection.
15. the equipment according to any one of claim 9 to 14, wherein, the order is performed in request also comprising setting
Information, the configuration information is used to set the security restriction information, and the second device is additionally operable to:
The security restriction information is set based on the configuration information.
16. the equipment according to any one of claim 9 to 15, wherein, the security restriction information include it is following at least
Any one:
Network control message;
Resource control information;
Time-out time information;
Control of authority information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710344266.1A CN107071051A (en) | 2017-05-16 | 2017-05-16 | For ordering the method and apparatus performed |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710344266.1A CN107071051A (en) | 2017-05-16 | 2017-05-16 | For ordering the method and apparatus performed |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107071051A true CN107071051A (en) | 2017-08-18 |
Family
ID=59609339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710344266.1A Pending CN107071051A (en) | 2017-05-16 | 2017-05-16 | For ordering the method and apparatus performed |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107071051A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112346791A (en) * | 2020-11-25 | 2021-02-09 | 中盈优创资讯科技有限公司 | AAA-based dangerous command identification and shielding method and device |
| CN115103001A (en) * | 2022-05-10 | 2022-09-23 | 航天国政信息技术(北京)有限公司 | Communication method and device and electronic equipment |
| CN116483517A (en) * | 2023-04-27 | 2023-07-25 | 安芯网盾(北京)科技有限公司 | Virtual machine control method, device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080140772A1 (en) * | 1998-03-18 | 2008-06-12 | Edward Balassanian | Application server |
| CN103970601A (en) * | 2013-02-06 | 2014-08-06 | 北京壹人壹本信息科技有限公司 | Operational order execution method and operational order execution device |
| CN106506565A (en) * | 2017-01-04 | 2017-03-15 | 上海上讯信息技术股份有限公司 | A kind of remote command executes method and apparatus |
-
2017
- 2017-05-16 CN CN201710344266.1A patent/CN107071051A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080140772A1 (en) * | 1998-03-18 | 2008-06-12 | Edward Balassanian | Application server |
| CN103970601A (en) * | 2013-02-06 | 2014-08-06 | 北京壹人壹本信息科技有限公司 | Operational order execution method and operational order execution device |
| CN106506565A (en) * | 2017-01-04 | 2017-03-15 | 上海上讯信息技术股份有限公司 | A kind of remote command executes method and apparatus |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112346791A (en) * | 2020-11-25 | 2021-02-09 | 中盈优创资讯科技有限公司 | AAA-based dangerous command identification and shielding method and device |
| CN112346791B (en) * | 2020-11-25 | 2022-07-15 | 中盈优创资讯科技有限公司 | AAA-based dangerous command identification and shielding method and device |
| CN115103001A (en) * | 2022-05-10 | 2022-09-23 | 航天国政信息技术(北京)有限公司 | Communication method and device and electronic equipment |
| CN115103001B (en) * | 2022-05-10 | 2024-03-08 | 航天国政信息技术(北京)有限公司 | Communication method and device and electronic equipment |
| CN116483517A (en) * | 2023-04-27 | 2023-07-25 | 安芯网盾(北京)科技有限公司 | Virtual machine control method, device and system |
| CN116483517B (en) * | 2023-04-27 | 2024-01-26 | 安芯网盾(北京)科技有限公司 | Virtual machine control method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7127010B2 (en) | Resource allocation methods, apparatus, electronic equipment, computer readable media and computer programs | |
| US8819230B2 (en) | Virtual private storage array service for cloud servers | |
| US10079850B1 (en) | Systems and methods for provisioning cyber security simulation exercises | |
| US8590025B2 (en) | Techniques for accessing a backup system | |
| EP2871553A1 (en) | Systems and methods for protecting virtualized assets | |
| US9875061B2 (en) | Distributed backup system | |
| CN108376100A (en) | Container scheduling based on safety | |
| US10439957B1 (en) | Tenant-based management system and method for distributed computing environments | |
| CN110516452A (en) | RBAC access authorization for resource distribution method, device, electronic equipment and storage medium | |
| US20130254852A1 (en) | Providing multiple authentications to authenticate users with respect to a system and file systems offered through the system | |
| CN110442610A (en) | The method, apparatus of load balancing calculates equipment and medium | |
| GB2604965A (en) | Shared enterprise cloud | |
| CN107071051A (en) | For ordering the method and apparatus performed | |
| CN113986478B (en) | Resource migration strategy determination method and device | |
| CN109756527A (en) | Data sharing method, apparatus and system | |
| JP7501983B2 (en) | Secure handling of unified message flows in multitenant containers | |
| WO2018118812A1 (en) | On-demand generation of a contact center | |
| CN108366098A (en) | A kind of data interactive method and device of network node | |
| CN114296953A (en) | Multi-cloud heterogeneous system and task processing method | |
| CN107666401A (en) | A kind of configuration information obtaining method and terminal | |
| US20140365623A1 (en) | Method to Protect Storage Systems from Discontinuity Due to Device Misconfiguration | |
| US8433877B2 (en) | Storage scalability management | |
| JP2025518158A (en) | Method, apparatus and system for managing cluster access rights - Patents.com | |
| CN108696557A (en) | Information processing system, method and apparatus | |
| CN113765986B (en) | Flow control method of open platform and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170818 |
|
| RJ01 | Rejection of invention patent application after publication |