CN111259376A - Authority configuration method, device, server and storage medium - Google Patents
Authority configuration method, device, server and storage medium Download PDFInfo
- Publication number
- CN111259376A CN111259376A CN202010055711.4A CN202010055711A CN111259376A CN 111259376 A CN111259376 A CN 111259376A CN 202010055711 A CN202010055711 A CN 202010055711A CN 111259376 A CN111259376 A CN 111259376A
- Authority
- CN
- China
- Prior art keywords
- authority configuration
- configuration file
- server
- authority
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/541—Client-server
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/547—Messaging middleware
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application is applicable to the technical field of information, and provides a permission configuration method, a permission configuration device, a server and a storage medium, wherein the permission configuration method is applicable to a central server and comprises the following steps: acquiring authority configuration files aiming at a plurality of node servers; receiving a registration request of a target node server, and establishing heartbeat connection with the target node server aiming at the registration request; based on the heartbeat connection, the permission configuration file is sent to the target node server, and the permission configuration file is used for indicating the target node server to identify target permission configuration information belonging to the target node server from the permission configuration file according to the identification information and carrying out permission configuration by adopting the target permission configuration information, so that the problem that each node server needs to be operated independently when permission configuration is carried out on each node server in the prior art is solved, the processing complexity of permission configuration is reduced, and the efficiency of permission configuration is also improved.
Description
Technical Field
The present application belongs to the field of information technology, and in particular, to a method, an apparatus, a server, and a storage medium for configuring a right.
Background
With the explosion development of internet technology, the idea of micro-service architecture is gradually emerging. The system architecture is pursuing miniaturization and lightweight, and a plurality of fine-grained systems are derived from the original large-scale centralized IT system through vertical splitting. Therefore, the requirements for a loose coupling between systems are also increasing. Remote Procedure Call (RPC), service administration, message middleware, etc. almost become the standard allocations of modern internet architectures.
Currently, the rockmq is widely used as a piece of high-performance message middleware, and its core advantages are reliable message storage, high-performance and low-delay message transmission, strong message accumulation capability and message processing capability, strict sequential message mode, and the like. Meanwhile, an Access Control List (ACL) authority authentication management is introduced into the RocketMQ version, and the ACL authority authentication management has important significance on the use security of the RocketMQ.
However, the Broker terminals (server terminals) of the rocktmq are usually deployed in a cluster manner, and many Broker terminals maintain their ACL authority authentication files respectively, and can only operate each Broker terminal individually when configuring the authority, which brings a large amount of work to the operation and maintenance personnel, and the operation is complicated and repeated.
Disclosure of Invention
In view of this, embodiments of the present application provide an authority configuration method, an apparatus, a server, and a storage medium, so as to solve the problem in the prior art that when configuring the authority of each Broker end of a rocktmq, the authority can only be completed by operating each Broker end separately, and the operation is complicated and repeated.
A first aspect of an embodiment of the present application provides a permission configuration method, which is applicable to a central server, and the method includes:
acquiring authority configuration files aiming at a plurality of node servers, wherein the authority configuration files carry identification information of the node servers;
receiving a registration request of a target node server, and establishing heartbeat connection with the target node server aiming at the registration request;
and sending the authority configuration file to the target node server based on the heartbeat connection, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
A second aspect of the embodiments of the present application provides an authority configuration method, which is applicable to any node server in a distributed cluster, and the method includes:
sending a registration request to a central server, wherein the registration request is used for indicating the central server to establish heartbeat connection with a node server;
receiving an authority configuration file sent by the central server based on the heartbeat connection, wherein the authority configuration file carries identification information of a plurality of node servers;
and identifying target authority configuration information belonging to the current node server from the authority configuration file according to the identification information, and performing authority configuration by adopting the target authority configuration information.
A third aspect of the embodiments of the present application provides an authority configuration device, which is suitable for a central server, and the device includes:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring authority configuration files aiming at a plurality of node servers, and the authority configuration files carry identification information of the node servers;
the receiving module is used for receiving a registration request of a target node server;
the connection module is used for establishing heartbeat connection with the target node server aiming at the registration request;
and the sending module is used for sending the authority configuration file to the target node server based on the heartbeat connection, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
A fourth aspect of the embodiments of the present application provides an authority configuration device, which is applicable to any node server in a distributed cluster, where the authority configuration device includes:
the system comprises a registration module, a node server and a central server, wherein the registration module is used for sending a registration request to the central server, and the registration request is used for indicating the central server to establish heartbeat connection with the node server;
a receiving module, configured to receive an authority configuration file sent by the central server based on the heartbeat connection, where the authority configuration file carries identification information of multiple node servers;
and the configuration module is used for identifying target authority configuration information belonging to the current node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
A fifth aspect of embodiments of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the permission configuration method according to the first aspect when executing the computer program.
A sixth aspect of the embodiments of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the authority configuration method according to the second aspect when executing the computer program.
A seventh aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the rights configuration method according to the first aspect.
An eighth aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program, and the computer program, when executed by a processor, implements the steps of the permission configuration method according to the second aspect.
Compared with the prior art, the embodiment of the application has the following advantages:
according to the method and the device, the authority configuration files for the plurality of node servers are obtained, so that after a registration request of a target node server is received, heartbeat connection between the target node server and the registration request can be established, the authority configuration files are sent to the target node server based on the heartbeat connection, the target node server identifies target authority configuration information belonging to the target node server according to identification information carried in the authority configuration files, and authority configuration is carried out by adopting the target authority configuration information. In the embodiment, the authority configuration files of all the node servers are uniformly loaded to the central server and then sent to each node server by the central server, so that each node server can automatically find out the authority configuration information belonging to itself through the identification information and perform authority configuration, the problem that each node server needs to be independently operated when authority configuration is performed on each node server in the prior art is solved, the processing complexity of the authority configuration is reduced, and the efficiency of the authority configuration is also improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the embodiments or the description of the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a flowchart illustrating steps of a privilege configuration method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating steps of another privilege configuration method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating steps of another privilege configuration method according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating steps of a further privilege configuration method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a communication architecture between a central server and a node server according to an embodiment of the present application;
FIG. 6 is a schematic diagram illustrating a data interaction flow among a central server, a node server, and a client according to an embodiment of the present application;
FIG. 7 is a diagram of a rights configuration unit according to an embodiment of the present application;
FIG. 8 is a schematic diagram of another rights configuration unit according to an embodiment of the present application;
fig. 9 is a schematic diagram of a server according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical solution of the present application will be described below by way of specific examples.
Referring to fig. 1, a schematic flow chart illustrating steps of a permission configuration method according to an embodiment of the present application is shown, which may specifically include the following steps:
s101, acquiring authority configuration files aiming at a plurality of node servers, wherein the authority configuration files carry identification information of the node servers;
it should be noted that the method may be applied to a central server, and the central server may be communicatively connected to a plurality of node servers in a distributed deployment. That is, the execution subject of this embodiment is the central server, and the configuration of the authority of each node server can be realized by implementing the method on the central server.
As an example of this embodiment, a server system with high performance message processing may be constructed by deploying rockmqs in a central server and respective node servers. Therefore, the central server in this embodiment may be a NameServer (name service) of the rocktmq, and the NameServer is a lightweight service registration and service discovery manager, and may be configured to manage each Broker (server) in the rocktmq and topic (topic message) in each Broker; each Broker terminal is a node Server, is a Server terminal of a RockettMQ and is responsible for receiving and storing data sent by a client; the client can obtain the data of the corresponding topic from the Broker end, and the client can control the topic to be used only by the user configured with the corresponding authority through the authentication of the ACL authority, thereby ensuring that the message can not be consumed by other people. The ACL uses the network flow control (filtering) technology to read the header information of the network layer and the transmission layer on the router, and controls and filters the data flow by executing the access rule defined by the ACL, thereby achieving the purpose of network access control.
In this embodiment, the authority configuration files for the plurality of node servers may be loaded to a server memory when the central server is started, the authority configuration files carry the authority configuration information applicable to each node server, and also include identification information of each node server, and the authority configuration information of each node server and specific node servers can be in one-to-one correspondence through the identification information.
S102, receiving a registration request of a target node server, and establishing heartbeat connection with the target node server aiming at the registration request;
the target node server in this embodiment may be any one of a plurality of node servers.
In order to manage each node server by the central server, the node server needs to register with the central server when being started. In the registration process, the node server can register the IP address, the topic information and the like of the node server into the central server, and the subsequent client can find the corresponding node server according to the information in the central server to perform corresponding operation.
In this embodiment, after receiving the registration request of the node server, the central server may establish a communication connection between the central server and the node server, where the communication connection may be a long connection maintained between the central server and the node server through a heartbeat mechanism.
It should be noted that, when any node server is started, the above registration operation needs to be performed.
S103, sending the authority configuration file to the target node server based on the heartbeat connection, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
After the node server finishes registration, the central server can send the preloaded authority configuration file to the node server, and the node server adopts the received authority configuration file to finish the authority configuration by itself.
It should be noted that, when verifying the authority of the client, each node server only needs to verify the part belonging to the node, so that the central server does not need to distinguish the respective authority configuration information of each node server when sending the authority configuration file, but can place the authority configuration information for all the node servers in the same file for management, and send the authority configuration information to each node server in a unified manner, and each node server finds out the target authority configuration information belonging to itself according to the identification information carried in the authority configuration file and performs authority configuration by using the target authority configuration information. The searching process of the permission configuration information is transferred to each node server, so that the operation processing process of the central server is reduced, and the processing pressure of the central server is relieved.
In the embodiment of the application, the authority configuration files for the plurality of node servers are obtained, so that after a registration request of a target node server is received, heartbeat connection between the target node server and the registration request can be established, the authority configuration files are sent to the target node server based on the heartbeat connection, the target node server identifies target authority configuration information belonging to the target node server according to identification information carried in the authority configuration files, and authority configuration is carried out by adopting the target authority configuration information. In the embodiment, the authority configuration files of all the node servers are uniformly loaded to the central server and then sent to each node server by the central server, so that each node server can automatically find out the authority configuration information belonging to itself through the identification information and perform authority configuration, the problem that each node server needs to be independently operated when authority configuration is performed on each node server in the prior art is solved, the processing complexity of the authority configuration is reduced, and the efficiency of the authority configuration is also improved.
Referring to fig. 2, a schematic step flow diagram of another permission configuration method according to an embodiment of the present application is shown, where the method is applied to a central server, and specifically includes the following steps:
s201, loading a preset configuration file when a starting instruction aiming at the central server is received;
it should be noted that the central server in this embodiment may be one server in a distributed cluster for managing each node server. The main execution body of this embodiment is the central server, and the method can be implemented on the central server to configure the authority of each node server.
As an example of this embodiment, a server system with high performance message processing may be constructed by deploying rockmqs in a central server and respective node servers. Of course, the method is not limited to the rockmq system, and other corresponding systems can be constructed by deploying other services in the central server and each node server.
In this embodiment, the central server may be instructed to start by sending a start instruction to the central server. When the central server is started, a preset configuration file may be loaded first, where the configuration file may include configuration information for various functions of the central server, an authority configuration file for each node server, and other files or data, which is not limited in this embodiment.
S202, reading authority configuration files aiming at a plurality of node servers from the configuration files, wherein the authority configuration files carry identification information of the node servers;
after the preset configuration file is loaded, the central server can perform corresponding processing on various files, information or data in the configuration file to build a working environment of the central server.
For example, for the authority configuration file of each node, after the central server loads the configuration file, the authority configuration file of each node server may be read from the configuration file and stored in the memory.
It should be noted that the authority configuration file may include identification information of each node server, and any identification information corresponds to the authority configuration information of the node server. Therefore, the authority configuration files for the nodes can be uniformly placed in a folder for management, and the node servers can find the authority configuration information belonging to the node servers from the folder through the identification information.
S203, calculating and storing the characteristic value of the authority configuration file;
in a specific implementation, after the central server reads the authority configuration file of each node server, the central server may also perform characteristic value calculation on the authority configuration file. For example, the MD5 value of the entire rights profile is calculated and stored in memory together with the MD5 value. Whether the authority configuration file is changed or not can be judged by identifying whether the value of the MD5 is changed or not.
Of course, according to actual needs, in addition to the MD5 value, other calculation methods may be used to calculate the feature value of the authority configuration file, which is not limited in this embodiment.
It should be noted that, if the central server obtains the modified authority configuration file, the stored feature value may be updated according to the modified authority configuration file. For example. According to the service requirement, when the authority of a certain node server needs to be changed, the authority configuration information of the node server can be modified or changed in a targeted manner, and then the changed authority configuration file is reloaded to the central server. At this time, the central server may calculate the feature value of the modified authority configuration file, and replace the original feature value with the new feature value.
S204, receiving a registration request of a target node server, and establishing heartbeat connection with the target node server aiming at the registration request;
s205, based on the heartbeat connection, sending the authority configuration file to the target node server, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information;
in this embodiment, after completing the authority configuration, the node server may also perform characteristic value calculation on the authority configuration file, and store the calculated characteristic value in the memory.
Since steps S204 to S205 of this embodiment are substantially the same as steps S102 to S103 of the previous embodiment, they can refer to each other, and are not described again in this embodiment.
S206, when the permission configuration file is detected to be changed, the changed permission configuration file is sent to the plurality of node servers through the heartbeat connection, and the changed permission configuration file is used for indicating the plurality of node servers to adopt the changed permission configuration file to carry out permission configuration again.
The central server in this embodiment may maintain long connections with each node server through a heartbeat mechanism. Therefore, the node server needs to return heartbeat information to the central server according to the set frequency. The heartbeat information may carry a characteristic value of the authority configuration file that has been sent to each node server. E.g., MD5 values.
Since the central server already calculates and records the characteristic value of the authority configuration file when transmitting the authority configuration file to each node server, and each node server also calculates the characteristic value of the authority configuration file after receiving the authority configuration file transmitted by the central server, as long as the characteristic value recorded in the node server is the same as the characteristic value recorded in the central server, the authority configuration file is not changed, and the authority of each node server does not need to be reconfigured.
If the authority of a certain node server needs to be changed according to the service requirement, the authority configuration information of the node server can be modified or changed in a targeted manner in the original authority configuration file, then the changed authority configuration file is reloaded to the central server, and the central server can calculate and store the characteristic value of the changed authority configuration file again. At this time, the feature value recorded in the center server is different from the feature value recorded in the node server.
Therefore, after receiving heartbeat information returned by any node server, the central server can determine whether the authority configuration file is changed by detecting whether the characteristic value carried in the heartbeat information is the same as the characteristic value currently stored by the central server.
If the received characteristic value is different from the currently stored characteristic value after the detection, the authority configuration file can be judged to be changed. At this time, the center server may transmit the changed authority configuration file to the plurality of node servers through the heartbeat connection. And searching target authority configuration information belonging to each node server from the changed authority configuration file according to the identification information again, and performing authority configuration again.
It should be noted that the feature value currently stored by the central server shall refer to the feature value stored in the central server at the time of comparison when the central server compares the feature values carried in the heartbeat information returned by any node server. If the authority configuration information in the central server is not changed, the currently stored characteristic value is the characteristic value corresponding to the original unchanged authority configuration information; if the authority configuration information in the central server is changed, the currently stored characteristic value is the characteristic value corresponding to the changed authority configuration information.
In the embodiment of the application, the characteristic values of the authority configuration file are calculated and stored in the central server and the node server, and whether the authority configuration file is changed or not can be judged by detecting whether the characteristic values recorded by the central server and the node server are the same or not. If the permission configuration file is changed, the changed permission configuration file can be sent to each node server through heartbeat connection again, and the permission configuration file after being changed can be guaranteed to take effect at the node server side in time.
Referring to fig. 3, a schematic step flow diagram of another permission configuration method according to an embodiment of the present application is shown, which may specifically include the following steps:
s301, sending a registration request to a central server, wherein the registration request is used for indicating the central server to establish heartbeat connection with a node server;
it should be noted that the method can be applied to any node server in a distributed cluster, and a plurality of node servers are in communication connection with a central server to jointly form a server system. That is, the present embodiment is an introduction of the method from the node server side, and the execution subject of the present embodiment is the node server.
As an example of this embodiment, a server system with high performance message processing may be constructed by deploying rockmqs in a central server and respective node servers. Of course, the method is not limited to the rockmq system, and other corresponding systems can be constructed by deploying other services in the central server and each node server.
In order to manage each node server by the central server, the node server needs to register with the central server when being started. In the registration process, the node server can register the IP address, the topic information and the like of the node server into the central server, and the subsequent client can find the corresponding node server according to the information in the central server to perform corresponding operation.
After receiving the registration request of the node server, the central server may maintain a long connection between the central server and the node server through a heartbeat mechanism for the registration request.
S302, receiving an authority configuration file sent by the central server based on the heartbeat connection, wherein the authority configuration file carries identification information of a plurality of node servers;
after the node server finishes registration, the central server can send the preloaded authority configuration file to the node server. The authority configuration file received by each node server comprises authority configuration information of a plurality of node servers managed by the same central server, and the authority configuration information of each node server can be distinguished through identification information carried in the authority configuration file.
S303, identifying target authority configuration information belonging to the current node server from the authority configuration file according to the identification information, and performing authority configuration by adopting the target authority configuration information.
In this embodiment, each node server may find out target authority configuration information belonging to itself according to identification information carried in the authority configuration file, and perform authority configuration by using the target authority configuration information. The searching process of the permission configuration information is transferred to each node server, so that the operation processing process of the central server is reduced, and the processing pressure of the central server is relieved.
Since the present embodiment is an introduction of the authority configuration method from the node server side, which corresponds to the introduction of the foregoing embodiment from the central server side, the process of the present embodiment is described relatively simply, and specific details can be referred to the introduction of the foregoing embodiment.
In the embodiment of the application, the heartbeat connection between the central server and the node server can be established by sending the registration request to the central server, so that the target authority configuration information belonging to the current node server can be identified and the authority configuration information can be adopted for authority configuration based on the heartbeat connection according to the identification information carried in the authority configuration file after the authority configuration file sent by the central server is received. In the embodiment, the central server uniformly sends the authority configuration files of all the node servers, and then each node server finds out the authority configuration information belonging to the node server by itself through the identification information and performs the authority configuration, so that the problem that each node server needs to be operated independently when the authority configuration is performed on each node server in the prior art is solved, the processing complexity of the authority configuration is reduced, and the efficiency of the authority configuration is also improved.
Referring to fig. 4, a schematic step flow diagram of another permission configuration method according to an embodiment of the present application is shown, where the method is applied to any node server in a distributed cluster, and the method specifically includes the following steps:
s401, sending a registration request to a central server, wherein the registration request is used for indicating the central server to establish heartbeat connection with a node server;
s402, receiving an authority configuration file sent by the central server based on the heartbeat connection, wherein the authority configuration file carries identification information of a plurality of node servers;
s403, according to the identification information, identifying target authority configuration information belonging to the current node server from the authority configuration file and adopting the target authority configuration information to perform authority configuration;
since steps S401 to S403 in this embodiment are substantially the same as steps S301 to S303 in the foregoing embodiment, reference may be made to each other, and details of this embodiment are not repeated.
S404, receiving a data processing request sent by a client; verifying whether the client has corresponding user authority or not based on the target authority configuration information;
after the permission configuration is completed, each node server can process the data processing request sent by the client with the corresponding permission.
At the beginning, the client also needs to register with the central server, and the central server allocates a corresponding node server to the client. The client can determine which node server the message or data should be sent to for processing by receiving the information of the node server returned by the central server.
When receiving the request of the client, the node server may first verify whether the client has the corresponding right. If the client side has no authority, the node server refuses the data processing request of the client side; if it is verified that the client has the corresponding authority, the node server may execute step S405 to process the data processing request.
And S405, processing the data processing request.
S406, sending heartbeat information to the central server according to a preset frequency, wherein the heartbeat information carries a characteristic value of the authority configuration file, and the characteristic value is used for indicating the central server to send the changed authority configuration file to a plurality of node servers when the characteristic value is different from a characteristic value currently stored by the central server;
the central server in this embodiment may maintain long connections with each node server through a heartbeat mechanism. Therefore, the node server needs to return heartbeat information to the central server according to the set frequency. The heartbeat information may carry a characteristic value of the authority configuration file that has been sent to each node server. E.g., MD5 values.
Since the central server already calculates and records the characteristic value of the authority configuration file when transmitting the authority configuration file to each node server, and each node server also calculates the characteristic value of the authority configuration file after receiving the authority configuration file transmitted by the central server, as long as the characteristic value recorded in the node server is the same as the characteristic value recorded in the central server, the authority configuration file is not changed, and the authority of each node server does not need to be reconfigured.
If the authority of a certain node server needs to be changed according to the service requirement, the authority configuration information of the node server can be modified or changed in a targeted manner in the original authority configuration file, then the changed authority configuration file is reloaded to the central server, and the central server can calculate and store the characteristic value of the changed authority configuration file again. At this time, the feature value recorded in the center server is different from the feature value recorded in the node server.
Therefore, after receiving heartbeat information returned by any node server, the central server can determine whether the authority configuration file is changed by detecting whether the characteristic value carried in the heartbeat information is the same as the characteristic value currently stored by the central server.
If the received characteristic value is different from the currently stored characteristic value after the detection, the authority configuration file can be judged to be changed. At this time, the center server may transmit the changed authority configuration file to the plurality of node servers through the heartbeat connection.
S407, receiving the changed authority configuration file sent by the central server, and adopting the changed authority configuration file to perform authority configuration again.
After each node server receives the changed authority configuration file sent by the central server, the target authority configuration information belonging to the node server can be searched from the changed authority configuration file according to the identification information again, and the authority configuration is carried out again.
In the embodiment of the application, whether the authority configuration file is changed or not is judged through heartbeat information, and the changed authority configuration file can be found out timely and quickly; after the authority configuration file is changed, the central server can also send the changed authority configuration file to each node server in time, each node server finds out target authority configuration information belonging to the central server again and carries out authority configuration again, and the changed authority configuration file can be guaranteed to take effect at the node server side in time.
For the convenience of understanding, the authority configuration method of the present application is described below by a complete example with reference to the drawings.
Fig. 5 is a schematic diagram of a communication architecture between a central server and a node server according to an embodiment of the present application. In fig. 5, the NameServer is a central server in the distributed cluster configured with the rockmq service, and the NameServer can uniformly manage each Broker end, that is, a node server in the distributed cluster. Meanwhile, in order to ensure the high availability of the system, both the Broker end and the NameServer can exist in a master backup mode. That is, each of the Broker ends has a main Broker (Broker-master) and a corresponding spare Broker (Broker-slave); the NameServer may also include a primary server (NameServer-master) and a backup server (NameServer-slave).
Fig. 6 is a schematic diagram illustrating a data interaction flow among a central server, a node server, and a client according to an embodiment of the present application. According to the flow shown in fig. 6, between the NameServer and the Broker end, the Broker end firstly registers in the NameServer and obtains the ACL permission configuration file, the two keep long connection through the heartbeat mechanism, and when the NameServer finds that the ACL permission configuration file changes in the heartbeat information, the latest ACL permission configuration file needs to be sent to each Broker end. Between the NameServer and the client, the client also needs to register to the NameServer, acquire the Broker end information recorded in the NameServer and find out the Broker end for subsequently sending and consuming messages. Then, between the client and the Broker end, when the client sends a message or a consumption message to the corresponding Broker end, the Broker end can check the user authority of the client according to the ACL authority configuration file acquired from the NameServer in advance. If the user does not have the corresponding authority, the message can not be sent or consumed through the Broker terminal.
That is, initially, when the NameServer starts up, the ACL rights configuration file may be loaded from the configuration file first. And the ACL authority configuration file in the configuration file records authority information corresponding to each Broker terminal. Then, after loading the ACL authority configuration file, the NameServer can convert the ACL authority configuration file into an object according to the set field, and store the object in the memory. Meanwhile, the NameServer can also calculate the MD5 value of the ACL permission configuration file and store the MD5 value in the memory. And after the NameServer loads the changed ACL permission configuration file, the NameServer needs to recalculate the MD5 value of the changed ACL permission configuration file and update the MD5 value stored in the memory.
The Broker terminal needs to register with the NameServer when starting. In the registration process, the Broker terminal can register the IP address and the topic information of the Broker terminal into the NameServer, and the subsequent client can find the corresponding Broker according to the information in the NameServer to perform corresponding operation. The long connection between the Broker terminal and the NameServer can be maintained through a heartbeat mechanism.
Based on the heartbeat connection, the NameServer can send the ACL permission configuration file to the currently registered Broker end. When the Broker terminal verifies the authority of the client, only the part belonging to the Broker terminal needs to be verified, so the ACL authority configuration file sent by the NameServer does not need to distinguish the respective authority configuration information of each Broker terminal. That is, ACL authority configuration information of a plurality of subscribers can be managed in the same file.
The Broker terminal can automatically find out the authority configuration information belonging to the Broker terminal according to the identification information carried in the ACL authority configuration file and carry out corresponding authority configuration. Meanwhile, the Broker terminal can also calculate the MD5 value of the received ACL permission configuration file and record the MD5 value in the memory.
Similar to the Broker end, the client needs to register with the NameServer when starting up, and the NameServer allocates the corresponding Broker end for the client, so that the subsequent client can send the goods consumption message through the Broker end. Of course, before processing the message sent by the client, the Broker terminal needs to perform permission verification on the client, and only the message sent by the client with the corresponding permission is processed by the Broker terminal. If a certain client does not have the authority of the Broker end, the Broker end refuses the data processing request of the client.
Since the NameServer can maintain long connection with each Broker terminal through a heartbeat mechanism. Therefore, the Broker end needs to return heartbeat information to the NameServer according to the set frequency. The heartbeat information carries MD5 values of ACL authority configuration files sent to each Broker terminal. After receiving the heartbeat information, the NameServer can extract the MD5 value and compare the MD5 value with the MD5 value currently stored in the memory of the NameServer. If the two are the same, the ACL authority configuration file is not changed, other processing is not needed, and the current processing mode can be kept unchanged. If the two are different, the ACL permission configuration file in the NameServer is changed, and the permission configuration of each Broker end needs to be carried out again. At this time, the NameServer can read the changed ACL configuration file in the memory and send the ACL configuration file to all Broker terminals, and each Broker terminal searches out the authority configuration information belonging to itself from the changed ACL configuration file again, and performs the authority configuration again.
It should be noted that, the sequence numbers of the steps in the foregoing embodiments do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of the process, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Referring to fig. 7, a schematic diagram of an authority configuration apparatus according to an embodiment of the present application is shown, where the apparatus is suitable for a central server, and the apparatus may specifically include the following modules:
an obtaining module 701, configured to obtain an authority configuration file for a plurality of node servers, where the authority configuration file carries identification information of the plurality of node servers;
a receiving module 702, configured to receive a registration request of a target node server;
a connection module 703, configured to establish a heartbeat connection with the target node server according to the registration request;
a sending module 704, configured to send the permission configuration file to the target node server based on the heartbeat connection, where the permission configuration file is used to instruct the target node server to identify, according to the identification information, target permission configuration information that belongs to the target node server from the permission configuration file, and perform permission configuration by using the target permission configuration information.
In this embodiment of the present application, the obtaining module 701 may specifically include the following sub-modules:
the configuration file loading submodule is used for loading a preset configuration file when receiving a starting instruction aiming at the central server;
and the permission configuration file reading submodule is used for reading permission configuration files aiming at the plurality of node servers from the configuration files.
In this embodiment, the apparatus may further include the following modules:
the characteristic value calculating and storing module is used for calculating and storing the characteristic value of the authority configuration file;
and the characteristic value updating module is used for updating the characteristic value according to the changed authority configuration file if the changed authority configuration file is obtained.
In this embodiment, the apparatus may further include the following modules:
and the permission configuration file changing module is used for sending the changed permission configuration files to the plurality of node servers through the heartbeat connection when detecting that the permission configuration files are changed, and the changed permission configuration files are used for indicating the plurality of node servers to adopt the changed permission configuration files to carry out permission configuration again.
In this embodiment of the present application, the permission configuration file modification module may specifically include the following sub-modules:
the heartbeat information receiving submodule is used for receiving heartbeat information returned by any node server, and the heartbeat information carries a characteristic value of an authority configuration file sent to the node server;
a characteristic value detection submodule, configured to detect whether a characteristic value carried in the heartbeat information is the same as a characteristic value currently stored by the central server;
and the permission configuration file changing submodule is used for judging that the permission configuration file is changed if the permission configuration file is not changed, and sending the changed permission configuration file to the plurality of node servers through the heartbeat connection.
Referring to fig. 8, a schematic diagram of another permission configuration apparatus according to an embodiment of the present application is shown, where the apparatus is applicable to any node server in a distributed cluster, and the apparatus may specifically include the following modules:
a registration module 801, configured to send a registration request to a central server, where the registration request is used to instruct the central server to establish a heartbeat connection with a node server;
a receiving module 802, configured to receive, based on the heartbeat connection, an authority configuration file sent by the central server, where the authority configuration file carries identification information of multiple node servers;
a configuration module 803, configured to identify, according to the identifier information, target permission configuration information belonging to the current node server from the permission configuration file, and perform permission configuration by using the target permission configuration information.
In this embodiment, the apparatus may further include the following modules:
the heartbeat information sending module is used for sending heartbeat information to the central server according to a preset frequency, wherein the heartbeat information carries a characteristic value of the authority configuration file, and the characteristic value is used for indicating the central server to send the changed authority configuration file to a plurality of node servers when the characteristic value is different from a characteristic value currently stored by the central server;
and the permission configuration file changing submodule is used for receiving the changed permission configuration file sent by the central server and adopting the changed permission configuration file to carry out permission configuration again.
In this embodiment, the apparatus may further include the following modules:
the data processing request receiving module is used for receiving a data processing request sent by a client;
the user authority verification module is used for verifying whether the client has corresponding user authority or not based on the target authority configuration information;
and the data processing module is used for processing the data processing request if the client has the user right.
For the apparatus embodiment, since it is substantially similar to the method embodiment, it is described relatively simply, and reference may be made to the description of the method embodiment section for relevant points.
Referring to fig. 9, a schematic diagram of a server of one embodiment of the present application is shown. As shown in fig. 9, the server 900 of the present embodiment includes: a processor 910, a memory 920, and a computer program 921 stored in the memory 920 and operable on the processor 910. The processor 910 implements the steps in the various embodiments of the authority configuration method described above, such as steps S101 to S103 shown in fig. 1, steps S301 to S303 shown in fig. 3, and the like, when executing the computer program 921. Alternatively, the processor 910 implements the functions of the modules/units in the above-mentioned device embodiments, such as the functions of the modules 701 to 704 shown in fig. 7 or the functions of the modules 801 to 803 shown in fig. 8, when executing the computer program 921.
Illustratively, the computer program 921 may be partitioned into one or more modules/units, which are stored in the memory 920 and executed by the processor 910 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which may be used to describe the execution of the computer program 921 in the server 900. For example, when the server is a central server in a distributed cluster, the computer program 921 may be divided into an acquisition module, a receiving module, a connection module, and a sending module, and the specific functions of the modules are as follows:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring authority configuration files aiming at a plurality of node servers, and the authority configuration files carry identification information of the node servers;
the receiving module is used for receiving a registration request of a target node server;
the connection module is used for establishing heartbeat connection with the target node server aiming at the registration request;
and the sending module is used for sending the authority configuration file to the target node server based on the heartbeat connection, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
Alternatively, when the server is a node server in a distributed cluster, the computer program 921 may be further divided into a registration module, a receiving module, and a configuration module, where specific functions of the modules are as follows:
the system comprises a registration module, a node server and a central server, wherein the registration module is used for sending a registration request to the central server, and the registration request is used for indicating the central server to establish heartbeat connection with the node server;
a receiving module, configured to receive an authority configuration file sent by the central server based on the heartbeat connection, where the authority configuration file carries identification information of multiple node servers;
and the configuration module is used for identifying target authority configuration information belonging to the current node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
The server 900 may be a desktop computer, a notebook, a cloud server, or other computing device. The server 900 may include, but is not limited to, a processor 910, a memory 920. Those skilled in the art will appreciate that fig. 9 is merely an example of a server 900 and is not intended to limit the server 900 and may include more or fewer components than those shown, or some components may be combined, or different components, e.g., the server 900 may also include input-output devices, network access devices, buses, etc.
The Processor 910 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 920 may be an internal storage unit of the server 900, such as a hard disk or a memory of the server 900. The memory 920 may also be an external storage device of the server 900, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the server 900. Further, the memory 920 may also include both an internal storage unit and an external storage device of the server 900. The memory 920 is used for storing the computer program 921 and other programs and data required by the server 900. The memory 920 may also be used to temporarily store data that has been output or is to be output.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. An authority configuration method, applied to a central server, includes:
acquiring authority configuration files aiming at a plurality of node servers, wherein the authority configuration files carry identification information of the node servers;
receiving a registration request of a target node server, and establishing heartbeat connection with the target node server aiming at the registration request;
and sending the authority configuration file to the target node server based on the heartbeat connection, wherein the authority configuration file is used for indicating the target node server to identify target authority configuration information belonging to the target node server from the authority configuration file according to the identification information and carrying out authority configuration by adopting the target authority configuration information.
2. The method of claim 1, wherein the step of obtaining permission profiles for a plurality of node servers comprises:
when a starting instruction for the central server is received, loading a preset configuration file;
and reading the authority configuration files aiming at the plurality of node servers from the configuration files.
3. The method of claim 1, after the step of obtaining the authority configuration files for the plurality of node servers, further comprising:
calculating and storing a characteristic value of the authority configuration file;
and if the changed authority configuration file is obtained, updating the characteristic value according to the changed authority configuration file.
4. The method of claim 3, further comprising:
and when detecting that the authority configuration file is changed, sending the changed authority configuration file to the plurality of node servers through the heartbeat connection, wherein the changed authority configuration file is used for indicating the plurality of node servers to adopt the changed authority configuration file to carry out authority configuration again.
5. The method of claim 4, wherein the step of sending the changed authority configuration file to the plurality of node servers through the heartbeat connection when detecting that the authority configuration file is changed comprises:
receiving heartbeat information returned by any node server, wherein the heartbeat information carries a characteristic value of an authority configuration file sent to the node server;
detecting whether the characteristic value carried in the heartbeat information is the same as the characteristic value currently stored by the central server or not;
if not, the permission configuration file is judged to be changed, and the changed permission configuration file is sent to the plurality of node servers through the heartbeat connection.
6. An authority configuration method, applied to any node server in a distributed cluster, includes:
sending a registration request to a central server, wherein the registration request is used for indicating the central server to establish heartbeat connection with a node server;
receiving an authority configuration file sent by the central server based on the heartbeat connection, wherein the authority configuration file carries identification information of a plurality of node servers;
and identifying target authority configuration information belonging to the current node server from the authority configuration file according to the identification information, and performing authority configuration by adopting the target authority configuration information.
7. The method of claim 6, further comprising:
sending heartbeat information to the central server according to a preset frequency, wherein the heartbeat information carries a characteristic value of the authority configuration file, and the characteristic value is used for indicating the central server to send the changed authority configuration file to a plurality of node servers when the characteristic value is different from a characteristic value currently stored by the central server;
and receiving the changed authority configuration file sent by the central server, and adopting the changed authority configuration file to carry out authority configuration again.
8. The method of claim 6, further comprising:
receiving a data processing request sent by a client;
verifying whether the client has corresponding user authority or not based on the target authority configuration information;
and if the client has the user authority, processing the data processing request.
9. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the rights configuration method according to any of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the rights configuration method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010055711.4A CN111259376A (en) | 2020-01-17 | 2020-01-17 | Authority configuration method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010055711.4A CN111259376A (en) | 2020-01-17 | 2020-01-17 | Authority configuration method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111259376A true CN111259376A (en) | 2020-06-09 |
Family
ID=70954234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010055711.4A Pending CN111259376A (en) | 2020-01-17 | 2020-01-17 | Authority configuration method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111259376A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835789A (en) * | 2020-07-28 | 2020-10-27 | 北京金山云网络技术有限公司 | Service authentication method, device, equipment, system and storage medium |
| CN113419745A (en) * | 2021-06-24 | 2021-09-21 | 中国建设银行股份有限公司 | Application instance number management method and device, electronic equipment and computer readable medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060048227A1 (en) * | 2004-08-25 | 2006-03-02 | Ntt Docomo, Inc. | Client apparatus, server apparatus and authority control method |
| CN101360121A (en) * | 2007-07-31 | 2009-02-04 | 华为技术有限公司 | Authority control method, system and terminal in apparatus management |
| CN104796445A (en) * | 2014-01-21 | 2015-07-22 | 航天信息股份有限公司 | Resource synchronization method and device by server nodes |
| CN105426718A (en) * | 2015-11-16 | 2016-03-23 | 北京奇虎科技有限公司 | Methods and apparatuses for controlling right of smart wearable device |
| US20170345042A1 (en) * | 2015-03-27 | 2017-11-30 | Tencent Technology (Shenzhen) Company Limited | Service processing method, terminal and server |
| CN108614976A (en) * | 2018-04-28 | 2018-10-02 | 苏州科达科技股份有限公司 | Authority configuring method, device and storage medium |
| CN109194584A (en) * | 2018-08-13 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of flux monitoring method, device, computer equipment and storage medium |
| CN109684820A (en) * | 2018-12-28 | 2019-04-26 | 天津卓朗科技发展有限公司 | Service Privileges acquisition methods, device and electronic equipment |
| CN109697075A (en) * | 2017-10-20 | 2019-04-30 | 北京京东尚科信息技术有限公司 | File updating method, system and device |
| CN110381131A (en) * | 2019-07-15 | 2019-10-25 | 北京奇艺世纪科技有限公司 | Implementation method, mobile terminal, server and the storage medium of MEC node identification |
-
2020
- 2020-01-17 CN CN202010055711.4A patent/CN111259376A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060048227A1 (en) * | 2004-08-25 | 2006-03-02 | Ntt Docomo, Inc. | Client apparatus, server apparatus and authority control method |
| CN101360121A (en) * | 2007-07-31 | 2009-02-04 | 华为技术有限公司 | Authority control method, system and terminal in apparatus management |
| CN104796445A (en) * | 2014-01-21 | 2015-07-22 | 航天信息股份有限公司 | Resource synchronization method and device by server nodes |
| US20170345042A1 (en) * | 2015-03-27 | 2017-11-30 | Tencent Technology (Shenzhen) Company Limited | Service processing method, terminal and server |
| CN105426718A (en) * | 2015-11-16 | 2016-03-23 | 北京奇虎科技有限公司 | Methods and apparatuses for controlling right of smart wearable device |
| CN109697075A (en) * | 2017-10-20 | 2019-04-30 | 北京京东尚科信息技术有限公司 | File updating method, system and device |
| CN108614976A (en) * | 2018-04-28 | 2018-10-02 | 苏州科达科技股份有限公司 | Authority configuring method, device and storage medium |
| CN109194584A (en) * | 2018-08-13 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of flux monitoring method, device, computer equipment and storage medium |
| CN109684820A (en) * | 2018-12-28 | 2019-04-26 | 天津卓朗科技发展有限公司 | Service Privileges acquisition methods, device and electronic equipment |
| CN110381131A (en) * | 2019-07-15 | 2019-10-25 | 北京奇艺世纪科技有限公司 | Implementation method, mobile terminal, server and the storage medium of MEC node identification |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835789A (en) * | 2020-07-28 | 2020-10-27 | 北京金山云网络技术有限公司 | Service authentication method, device, equipment, system and storage medium |
| CN111835789B (en) * | 2020-07-28 | 2021-12-03 | 北京金山云网络技术有限公司 | Service authentication method, device, equipment, system and storage medium |
| WO2022022253A1 (en) * | 2020-07-28 | 2022-02-03 | 北京金山云网络技术有限公司 | Service authentication method, apparatus, device and system, and storage medium |
| CN113419745A (en) * | 2021-06-24 | 2021-09-21 | 中国建设银行股份有限公司 | Application instance number management method and device, electronic equipment and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11646939B2 (en) | Network function NF management method and NF management device | |
| CN107483538B (en) | Method and device for processing access request packet on node of micro-service cluster | |
| US10146848B2 (en) | Systems and methods for autonomous, scalable, and distributed database management | |
| CN107819891B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN107800565B (en) | Inspection method, inspection device, inspection system, computer equipment and storage medium | |
| CN111324363A (en) | Equipment upgrading method, upgrading terminal, equipment and storage medium | |
| CN113595788B (en) | API gateway management method and device based on plug-in | |
| CN113778463B (en) | Business service deployment method and device | |
| CN113835844A (en) | Management method and device of container cluster and cloud computing platform | |
| CN111259376A (en) | Authority configuration method, device, server and storage medium | |
| CN109445988B (en) | Heterogeneous disaster recovery method, device, system, server and disaster recovery platform | |
| US10091205B2 (en) | Zeroconf profile transferring to enable fast roaming | |
| WO2023056713A1 (en) | Cloud platform binding method and system for internet of things card, and device and medium | |
| CN108733477B (en) | Method, device and device for data clustering processing | |
| CN104410511B (en) | A kind of server management method and system | |
| WO2019232677A1 (en) | Permission management method, system, mobile terminal, shared charging device, and server | |
| CN114070889B (en) | Configuration method, traffic forwarding device, storage medium, and program product | |
| CN106936643B (en) | Equipment linkage method and terminal equipment | |
| CN116208600A (en) | File transfer protocol request processing method, device, equipment and storage medium | |
| CN116743762A (en) | Service registration cluster flow switching method, flow switching device and storage medium | |
| CN111464395B (en) | Method and device for creating blockchain and readable storage medium | |
| CN116962185A (en) | Gateway management and control method, device, electronic equipment and computer program product | |
| US9184996B2 (en) | Thin client system, management server, client environment management method and program | |
| CN114585035A (en) | Voice call method, device and computer readable storage medium | |
| CN109472124B (en) | Method, device, equipment and medium for matching interface use permission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |