CN104023012A - Method, device and system for scheduling service in cluster - Google Patents
Method, device and system for scheduling service in cluster Download PDFInfo
- Publication number
- CN104023012A CN104023012A CN201410239488.3A CN201410239488A CN104023012A CN 104023012 A CN104023012 A CN 104023012A CN 201410239488 A CN201410239488 A CN 201410239488A CN 104023012 A CN104023012 A CN 104023012A
- Authority
- CN
- China
- Prior art keywords
- secure
- server
- terminal equipment
- security server
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention brings forward a method, device and system for scheduling a service in a cluster. The method comprises: a first server receiving a first scheduling request sent by other devices for scheduling a first service, wherein the first scheduling request comprises a first security identification, and the first security identification is used for verifying the validity of the first scheduling request; the first server, according to the first security identification, obtaining first user information corresponding to the first security identification; and if the first user information satisfies a preset rule, the first server executing the first scheduling request. The method can realize authority distribution and verification in the cluster.
Description
Technical field
The present invention relates to cluster safe practice field, relate in particular to the method, apparatus and system of calling service in a kind of cluster.
Background technology
In cluster, can comprise a plurality of services, a service can be by other services or client call, and in order to guarantee the fail safe of cluster, the caller that need to call service has corresponding authority.
In cluster, may relate to multi-tier authentication, for example, when a service of client call, this service may be called another service when carrying out again.Therefore, need to solve the authority distribution in cluster and the problem of verifying.
Summary of the invention
The present invention is intended to solve at least to a certain extent one of technical problem in correlation technique.
For this reason, one object of the present invention is to propose to call in a kind of cluster the method for service, and the method can realize authority distribution and the checking in cluster.
Another object of the present invention is to propose a kind of server.
Another object of the present invention is to propose a kind of communication system.
For achieving the above object, in the cluster that first aspect present invention embodiment proposes, call the method for service, comprising: first server receives the first call request of calling first service that other equipment send, and in described the first call request, comprises the first secure ID; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request; First server, according to described the first secure ID, is obtained the first user information corresponding with described the first secure ID; If described first user information meets default rule, first server is carried out described the first call request.
In the cluster that first aspect present invention embodiment proposes, call the method for service, first server adopts the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
For achieving the above object, the first server that second aspect present invention embodiment proposes, comprising: receiver module, and the first call request of calling first service sending for receiving other equipment, comprises the first secure ID in described the first call request; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request; Acquisition module, for according to the first secure ID, obtains the first user information corresponding with described the first secure ID; Processing module, for when described first user information meets preset regular, carries out described the first call request.
The first server that second aspect present invention embodiment proposes, the secure ID of employing security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
For achieving the above object, the communication system that third aspect present invention embodiment proposes, comprise: first server, terminal equipment and security server that second aspect embodiment proposes, wherein: described terminal equipment, for sending secure ID to security server, obtain request, the described secure ID request of obtaining comprises user ID and the security password of the IP address of described terminal equipment, described terminal equipment; Receive the first secure ID that security server sends; Described security server, for terminal equipment being verified according to the user ID of this terminal equipment and security password, after being verified, according to the user ID of terminal equipment, obtain the user profile of terminal equipment, and according to the IP address of terminal equipment and the user profile of terminal equipment, adopt default cryptographic algorithm to obtain the first secure ID.
The communication system that third aspect present invention embodiment proposes, first server adopts the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
For achieving the above object, the communication system that fourth aspect present invention embodiment proposes, comprise: first server, second server and security server as described in second aspect present invention embodiment, wherein: described second server, for the second secure ID that the second call request receiving is comprised and the secure ID of second server, send to security server, receive the first secure ID that security server sends; Described security server, for according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID.
The communication system that fourth aspect present invention embodiment proposes, first server adopts the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
For achieving the above object, the server that fifth aspect present invention embodiment proposes, comprising: housing, processor, memory, circuit board and power circuit, and wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are arranged on circuit board; Power circuit, is used to each circuit or the device power supply of this system; Memory is for stores executable programs code; Processor moves the program corresponding with executable program code by the executable program code of storing in read memory, for carrying out: receive the first call request of calling first service that other equipment send, comprise the first secure ID in described the first call request; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request; According to described the first secure ID, obtain the first user information corresponding with described the first secure ID; If described first user information meets default rule, first server is carried out described the first call request.
The server that fifth aspect present invention embodiment proposes, the secure ID of employing security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
The aspect that the present invention is additional and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or the additional aspect of the present invention and advantage will become from the following description of the accompanying drawings of embodiments and obviously and easily understand, wherein:
Fig. 1 calls the schematic flow sheet of the method for service in the cluster that proposes of one embodiment of the invention;
Fig. 2 is a kind of specific implementation schematic flow sheet of S12 in the embodiment of the present invention;
Fig. 3 a is the another kind of specific implementation schematic flow sheet of S12 in the embodiment of the present invention;
Fig. 3 b is the another kind of specific implementation schematic flow sheet of S12 in the embodiment of the present invention;
Fig. 4 calls the schematic flow sheet of the method for service in the cluster that proposes of another embodiment of the present invention;
Fig. 5 is a kind of specific implementation schematic flow sheet of S10 in the embodiment of the present invention;
Fig. 6 is the another kind of specific implementation schematic flow sheet of S10 in the embodiment of the present invention;
Fig. 7 is the structural representation of the first server of one embodiment of the invention proposition;
Fig. 8 a is the structural representation of the first server of another embodiment of the present invention proposition;
Fig. 8 b is the structural representation of the first server of another embodiment of the present invention proposition;
Fig. 8 c is the structural representation of the first server of another embodiment of the present invention proposition;
Fig. 9 is the structural representation of the communication system of one embodiment of the invention proposition;
Figure 10 is the structural representation of the communication system of another embodiment of the present invention proposition.
Embodiment
Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of identical or similar functions from start to finish.Below by the embodiment being described with reference to the drawings, be exemplary, only for explaining the present invention, and can not be interpreted as limitation of the present invention.On the contrary, embodiments of the invention comprise spirit and all changes within the scope of intension, modification and the equivalent that falls into additional claims.
Fig. 1 calls the schematic flow sheet of the method for service in the cluster that proposes of one embodiment of the invention, the method comprises:
S11: first server receives the first call request of calling first service that other equipment send, and comprises the first secure ID in described the first call request; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request.
Wherein, first server can be the some servers in group system, moves at least one service, comprising by first service in first server.
Other equipment can be terminal equipment, for example, and mobile phone, PC (Personal Computer, PC) or panel computer etc.Or other equipment can be certain server in cluster, for example, the server of operation second service etc.
Concrete, when other equipment are terminal equipment, this first secure ID is the secure ID of terminal equipment.
When other equipment are the server in cluster, be assumed to be second server, this first secure ID is according to the secure ID of second server and the sign that sends to the second secure ID of comprising in the second call request of second server to generate.
Optionally, in a specific implementation of the present invention, can, according to the IP address of equipment and the user profile of equipment, by security server, adopt default cryptographic algorithm to obtain secure ID in advance; Wherein, the algorithm of encryption can be data encryption standard (Data Encryption Standard, DES) algorithm or Advanced Encryption Standard (Advanced Encryption Standard, AES) algorithm.
Security server is a server in group system, has moved security service on it, and security service is used to other delivery of services secure ID that move in terminal equipment or cluster, and the secure ID from other services is verified.
The user profile of equipment can comprise: the authority information of equipment and/or the user ID of equipment.For example, authority information can be administrator right and domestic consumer, and domestic consumer can comprise visitor, one-level user, secondary user etc.; User ID can be the user name of equipment.
S12: according to the first secure ID comprising in described the first call request, obtain the first user information corresponding with described the first secure ID.
S13: if described first user information meets default rule, carry out described the first call request.
Optionally, above-mentioned default rule can be: keeper can call first service.Corresponding, when the authority information comprising when first user information is administrator right, just can carry out this first call request.Or above-mentioned default rule can be: the user ID group of appointment can be called first service.When the user ID comprising when first user information so belongs to this user ID group, just can carry out this first call request.
Optionally, in an embodiment of the present invention, if first service is carried out the first call request, can call successfully and reply to other equipment feedbacks.Certainly, if described first user information does not meet preset rules, can refuse to carry out described the first call request, to other equipment feedback, have no right to call and reply or call error is replied.
Optionally, as shown in Figure 2, in a specific implementation of the present invention, according to the first secure ID comprising in described the first call request, obtain the first user information (S12) corresponding with described the first secure ID, can comprise:
S121: first server sends to security server by described the first secure ID, so that described security server is verified described other equipment according to described the first secure ID;
S122: if described other equipment pass through checking, first server receives the authorization information that described security server sends, and described authorization information comprises the first user information that the first safety label is corresponding.
Optionally, as shown in Figure 3 a, in another specific implementation of the present invention, after above-mentioned S122, above-mentioned S12 can also comprise:
S123: first server is kept at this locality by described authorization information.
Optionally, in above-mentioned authorization information, can also comprise secure ID and expired time, first server can be by the corresponding preservation of secure ID, user profile and expired time.
Exemplary, security server can carry out safety verification to other equipment in the following way:
Adopt default decipherment algorithm to be decrypted the first secure ID, if successful decryption obtains an IP address and first user information from the information deciphering; According to the IP address of equipment corresponding with this first secure ID and equipment user's information of preserving in advance on security server, whether an IP address and first user information that definite deciphering obtains is accurate, if accurately, described other equipment are by checking, otherwise described other equipment are not by checking.For example, if it is inaccurate to decipher the corresponding relation of an IP address unsuccessful or that deciphering obtains and first user information and the first secure ID, described other equipment are not by checking.
Optionally, as shown in Figure 3 b, in another specific implementation of the present invention, according to the first secure ID comprising in described the first call request, obtain the first user information (S12) corresponding with described the first secure ID, can comprise:
S124: according to the first secure ID, search in the local authorization information of preserving of first server;
S125: if find, judge that according to expired time whether the authorization information that the first secure ID is corresponding is expired;
S126: if described authorization information is not out of date, obtain the first user information corresponding with described the first secure ID the authorization information of preserving from this locality.
Optionally, as shown in Figure 4, in another embodiment of the present invention, before above-mentioned S11, the method for calling service in cluster can also comprise:
S10: other equipment obtain the first secure ID from security server.
Exemplary, when other equipment are while calling the second server of first service, as shown in Figure 5, above-mentioned S10 can comprise:
S51: second server sends to security server by the second secure ID comprising in the second call request receiving and the secure ID of second server.
S52: security server, according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID.
Wherein, security server can be decrypted two secure ID that receive respectively, obtain the 2nd IP address and the second user profile that the second secure ID is corresponding, and, corresponding the 3rd IP address and the 3rd user profile of secure ID of second server, security server can be encrypted the 2nd IP address, the second user profile and the 3rd user profile, generates above-mentioned the first secure ID.
S53: second server receives the first secure ID that security server sends.
Exemplary, referring to Fig. 6, when other equipment are terminal equipment, above-mentioned S10 can comprise
S61: terminal equipment sends secure ID to security server and obtains request, and the described secure ID request of obtaining comprises user ID and the security password of the IP address of described terminal equipment, described terminal equipment.
S62: security server is verified terminal equipment according to the user ID of this terminal equipment and security password.
S63: after being verified, security server obtains the user profile of terminal equipment according to the user ID of terminal equipment, for example, and user right, and according to the IP address of terminal equipment and the user profile of terminal equipment, adopt default cryptographic algorithm to obtain above-mentioned the first secure ID; Wherein, the user profile of terminal equipment comprises the user ID of terminal equipment and/or the user right of terminal equipment.
In an embodiment of the present invention, the user right corresponding to user ID of all right pre-configured each equipment in security server, therefore, security server can, according to configuration in advance, obtain the user right corresponding to user ID of other equipment.
User right can be used character string identification, and for example, when authority is divided into administrator right and domestic consumer's authority, administrator right can represent with 1, and domestic consumer's authority can represent with 2.
S64: terminal equipment receives the first secure ID that security server sends.
In an embodiment of the present invention, first server, second server, security server etc., be the name from functional perspective, may be deployed on same entity device; Also may be deployed on different entity devices.Embodiments of the invention are not specifically limited this.
In the present embodiment, first server adopts the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
Fig. 7 is the structural representation of the first server of one embodiment of the invention proposition, and this first server comprises receiver module 71, acquisition module 72 and processing module 73.
The first call request of calling first service that receiver module 71 sends for receiving other equipment, comprises the first secure ID in described the first call request; Wherein, described in described the first secure ID the first secure ID for verifying the legitimacy of described the first call request;
Acquisition module 72, for according to the first secure ID, obtains the first user information corresponding with described the first secure ID;
Processing module 73, for when described first user information meets preset regular, is carried out described the first call request.
Optionally, in one embodiment of the invention, as shown in Figure 8 a, described acquisition module 72 can comprise:
Send submodule 721, for described the first secure ID is sent to security server, so that described security server is verified described other equipment according to described the first secure ID;
Receive submodule 722, if described other equipment pass through checking, the authorization information sending for receiving described security server, described authorization information comprises the first user information that the first secure ID is corresponding.
Further, as shown in Figure 8 b, described acquisition module 72 can also comprise:
Preserve submodule 723, for described authorization information is kept to this locality.
Optionally, in yet another embodiment of the present invention, as shown in Figure 8 c, described acquisition module 72 can also comprise:
Search submodule 724, for according to the first secure ID, in the local authorization information of preserving of described first server, search; If find, trigger checking submodule 725;
Checking submodule 725, obtains the first user information corresponding with described the first secure ID the authorization information of preserving from this locality.
The concrete function of this first server can, referring to the description to first server in said method, not repeat them here.
In the present embodiment, by adopting the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
The embodiment of the present invention has also proposed a kind of communication system, as shown in Figure 9, comprises first server 91, terminal equipment 92 and security server 93, wherein:
First server 91 can be the equipment as shown in arbitrary in Fig. 7-Fig. 8 c.
Terminal equipment 92 obtains request for sending secure ID to security server 93, and the described secure ID request of obtaining comprises the IP address of described terminal equipment 92, user ID and the security password of described terminal equipment 92; Receive the first secure ID that security server 93 sends.
Security server 93 is for verifying terminal equipment 92 according to the user ID of this terminal equipment 92 and security password, after being verified, according to the user ID of terminal equipment 92, obtain the user profile of terminal equipment 92, for example, user right, and according to the user profile of the IP address of terminal equipment 92 and terminal equipment 92, adopt default cryptographic algorithm to obtain the first secure ID.
The embodiment of the present invention has also proposed another kind of communication system, as shown in figure 10, comprises first server 101, second server 102 and security server 103, wherein:
First server 101 can be the equipment as shown in arbitrary in Fig. 7-Fig. 8 c.
Second server 102 sends to security server 103 for the second secure ID that the second call request receiving is comprised and the secure ID of second server 102, receives the first secure ID that security server 103 sends.
Security server 103, for according to the second secure ID receiving and the secure ID of second server 102, generates above-mentioned the first secure ID.
For example, security server 103 can be decrypted two secure ID that receive respectively, obtain the 2nd IP address and the second user profile that the second secure ID is corresponding, and, corresponding the 3rd IP address and the 3rd user profile of secure ID of second server 102, security server 103 can be encrypted the 2nd IP address, the second user profile and the 3rd user profile, generates above-mentioned the first secure ID.
The embodiment of the present invention also provides a kind of first server, and this first server comprises housing, processor, memory, circuit board and power circuit, and wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are arranged on circuit board; Power circuit, is used to each circuit or the device power supply of first server; Memory is for stores executable programs code; Processor moves the program corresponding with executable program code by the executable program code of storing in read memory, for carrying out:
S11 ': receive the first call request of calling first service that other equipment send, comprise the first secure ID in described call request; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request.
Wherein, first server can be the some servers in group system, moves at least one service, comprising by first service in first server.
Other equipment can be terminal equipment, for example, and mobile phone, PC (Personal Computer, PC) or panel computer etc.Or other equipment can be certain server in cluster, for example, the server of operation second service etc.
Concrete, when other equipment are terminal equipment, this first secure ID is the secure ID of terminal equipment.
When other equipment are the server in cluster, be assumed to be second server, this first secure ID is according to the secure ID of second server and the sign that sends to the second secure ID of comprising in the second call request of second server to generate.
Optionally, in a specific implementation of the present invention, can, according to the IP address of equipment and the user profile of equipment, by security server, adopt default cryptographic algorithm to obtain secure ID in advance; Wherein, the algorithm of encryption can be data encryption standard (Data Encryption Standard, DES) algorithm or Advanced Encryption Standard (Advanced Encryption Standard, AES) algorithm.
Security server is a server in group system, has moved security service on it, and security service is used to other delivery of services secure ID that move in terminal equipment or cluster, and the secure ID from other services is verified.
The user profile of equipment can comprise: the authority information of equipment and/or the user ID of equipment.For example, authority information can be administrator right and domestic consumer, and domestic consumer can comprise visitor, one-level user, secondary user etc.; User ID can be the user name of equipment.
S12 ': according to the first secure ID comprising in described the first call request, obtain the first user information corresponding with described the first secure ID.
S13 ': if described first user information meets default rule, carry out described the first call request.
Optionally, above-mentioned default rule can be: keeper can call first service.Corresponding, when the authority information comprising when first user information is administrator right, just can carry out this first call request.Or above-mentioned default rule can be: the user ID group of appointment can be called first service.When the user ID comprising when first user information so belongs to this user ID group, just can carry out this first call request.
Optionally, in an embodiment of the present invention, if first service is carried out the first call request, can call successfully and reply to other equipment feedbacks.Certainly, if described first user information does not meet preset rules, can refuse to carry out described the first call request, to other equipment feedback, have no right to call and reply or call error is replied.
Optionally, in a specific implementation of the present invention, according to the first secure ID comprising in described the first call request, obtain the first user information (S12) corresponding with described the first secure ID, can comprise:
S121 ': first server sends to security server by described the first secure ID, so that described security server is verified described other equipment according to described the first secure ID;
S122 ': if described other equipment pass through checking, first server receives the authorization information that described security server sends, and described authorization information comprises the first user information that the first safety label is corresponding.
Optionally, in another specific implementation of the present invention, after above-mentioned S122, above-mentioned S12 can also comprise:
S123 ': first server is kept at this locality by described authorization information.
Optionally, in above-mentioned authorization information, can also comprise secure ID and expired time, first server can be by the corresponding preservation of secure ID, user profile and expired time.
Exemplary, security server can carry out safety verification to other equipment in the following way:
Adopt default decipherment algorithm to be decrypted the first secure ID, if successful decryption obtains an IP address and first user information from the information deciphering; According to the IP address of equipment corresponding with this first secure ID and equipment user's information of preserving in advance on security server, whether an IP address and first user information that definite deciphering obtains is accurate, if accurately, described other equipment are by checking, otherwise described other equipment are not by checking.For example, if it is inaccurate to decipher the corresponding relation of an IP address unsuccessful or that deciphering obtains and first user information and the first secure ID, described other equipment are not by checking.
Optionally, in another specific implementation of the present invention, according to the first secure ID comprising in described the first call request, obtain the first user information (S12) corresponding with described the first secure ID, can comprise:
S124 ': according to the first secure ID, search in the local authorization information of preserving of first server;
S125 ': if find, judge that according to expired time whether the authorization information that the first secure ID is corresponding is expired;
S126 ': if described authorization information is not out of date, obtain the first user information corresponding with described the first secure ID the authorization information of preserving from this locality.
Optionally, in another embodiment of the present invention, before, the method for calling service in cluster can also comprise above-mentioned S11 ':
S10 ': other equipment obtain the first secure ID from security server.
Exemplary, when other equipment are that while calling the second server of first service, above-mentioned S10 ' can comprise:
S51 ': second server sends to security server by the second secure ID comprising in the second call request receiving and the secure ID of second server.
S52 ': security server, according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID.
Wherein, security server can be decrypted two secure ID that receive respectively, obtain the 2nd IP address and the second user profile that the second secure ID is corresponding, and, corresponding the 3rd IP address and the 3rd user profile of secure ID of second server, security server can be encrypted the 2nd IP address, the second user profile and the 3rd user profile, generates above-mentioned the first secure ID.
S53 ': second server receives the first secure ID that security server sends.
Exemplary, when other equipment are terminal equipment, above-mentioned S10 ' can comprise
S61 ': terminal equipment sends secure ID to security server and obtains request, and the described secure ID request of obtaining comprises user ID and the security password of the IP address of described terminal equipment, described terminal equipment.
S62 ': security server is verified terminal equipment according to the user ID of this terminal equipment and security password.
S63 ': after being verified, security server obtains the user profile of terminal equipment according to the user ID of terminal equipment, for example, and user right, and according to the IP address of terminal equipment and the user profile of terminal equipment, adopt default cryptographic algorithm to obtain above-mentioned the first secure ID; Wherein, the user profile of terminal equipment comprises the user ID of terminal equipment and/or the user right of terminal equipment.
In an embodiment of the present invention, the user right corresponding to user ID of all right pre-configured each equipment in security server, therefore, security server can, according to configuration in advance, obtain the user right corresponding to user ID of other equipment.
User right can be used character string identification, and for example, when authority is divided into administrator right and domestic consumer's authority, administrator right can represent with 1, and domestic consumer's authority can represent with 2.
S64 ': terminal equipment receives the first secure ID that security server sends.
In an embodiment of the present invention, first server, second server, security server etc., be the name from functional perspective, may be deployed on same entity device; Also may be deployed on different entity devices.Embodiments of the invention are not specifically limited this.
In the present embodiment, first server adopts the secure ID of security service distribution in cluster, and according to this secure ID, by security service, caller was verified before carrying out call request, can realize authority distribution and checking in cluster, guarantee the fail safe of cluster.
It should be noted that, in description of the invention, term " first ", " second " etc. are only for describing object, and can not be interpreted as indication or hint relative importance.In addition,, in description of the invention, except as otherwise noted, the implication of " a plurality of " is two or more.
In flow chart or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, modification, replacement and modification.
Claims (14)
1. in cluster, call a method for service, it is characterized in that, comprising:
First server receives the first call request of calling first service that other equipment send, and in described the first call request, comprises the first secure ID; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request;
First server, according to described the first secure ID, is obtained the first user information corresponding with described the first secure ID;
If described first user information meets default rule, first server is carried out described the first call request.
2. method according to claim 1, is characterized in that, described according to described the first secure ID, obtains the first user information corresponding with described the first secure ID, comprising:
Described the first secure ID is sent to security server, so that described security server is verified described other equipment according to described the first secure ID;
If described other equipment, by checking, receive the authorization information that described security server sends, described authorization information comprises described first user information.
3. method according to claim 1, is characterized in that, described according to described the first secure ID, obtains the first user information corresponding with described the first secure ID, comprising:
According to the first secure ID, in the local authorization information of preserving of first server, search; Wherein, described local authorization information of preserving comprises: secure ID, user profile and corresponding expired time;
If find, according to expired time, judge that whether the authorization information that the first secure ID is corresponding is expired;
If described authorization information is not out of date, the authorization information of preserving from this locality, obtain the first user information corresponding with described the first secure ID.
4. according to the method described in claim 1-3 any one, it is characterized in that, receive first call request of calling first service of other equipment transmissions in first server before, also comprise:
Described other equipment obtain the first secure ID from security server.
5. method according to claim 4, is characterized in that, if described other equipment are the second servers that call described first service, described other equipment obtain the first secure ID from security server, comprising:
Described second server sends to security server by the second secure ID comprising in the second call request receiving and the secure ID of second server;
Security server, according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID;
Second server receives the first secure ID that security server sends.
6. method according to claim 5, is characterized in that, security server, according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID, comprising:
Security server is decrypted the second secure ID receiving and the secure ID of second server respectively, obtain the 2nd IP address and the second user profile that the second secure ID is corresponding, and, corresponding the 3rd IP address and the 3rd user profile of secure ID of second server;
Security server is encrypted described the 2nd IP address, the second user profile and the 3rd user profile, generates described the first secure ID.
7. method according to claim 4, is characterized in that, if described other equipment are terminal equipments, described other equipment obtain the first secure ID from security server, comprising:
Described terminal equipment sends secure ID to security server and obtains request, and the described secure ID request of obtaining comprises user ID and the security password of the IP address of described terminal equipment, described terminal equipment;
Security server is verified described terminal equipment according to the user ID of described terminal equipment and security password;
After being verified, security server obtains the user profile of terminal equipment according to the user ID of terminal equipment, and according to the IP address of terminal equipment and the user profile of terminal equipment, adopts default cryptographic algorithm to obtain described the first secure ID;
Described terminal equipment receives described the first secure ID that security server sends.
8. first server, is characterized in that, comprising:
Receiver module, the first call request of calling first service sending for receiving other equipment, comprises the first secure ID in described the first call request; Wherein, described the first secure ID is for verifying the legitimacy of described the first call request;
Acquisition module, for according to the first secure ID, obtains the first user information corresponding with described the first secure ID;
Processing module, for when described first user information meets preset regular, carries out described the first call request.
9. first server according to claim 8, is characterized in that, described acquisition module comprises:
Send submodule, for described the first secure ID is sent to security server, so that described security server is verified described other equipment according to described the first secure ID;
Receive submodule, if described other equipment pass through checking, the authorization information sending for receiving described security server, described authorization information comprises the first user information that the first secure ID is corresponding.
10. first server according to claim 9, is characterized in that, described acquisition module also comprises:
Preserve submodule, for described authorization information is kept to this locality.
11. first servers according to claim 8, is characterized in that, described acquisition module comprises:
Search submodule, for according to the first secure ID, in the local authorization information of preserving of described first server, search; If find, trigger checking submodule;
Checking submodule, obtains the first user information corresponding with described the first secure ID the authorization information of preserving from this locality.
12. 1 kinds of communication systems, is characterized in that, comprising: first server, terminal equipment and security server as described in claim 8-11 any one, wherein:
Described terminal equipment, obtains request for sending secure ID to security server, and the described secure ID request of obtaining comprises user ID and the security password of the IP address of described terminal equipment, described terminal equipment; Receive the first secure ID that security server sends;
Described security server, for terminal equipment being verified according to the user ID of this terminal equipment and security password, after being verified, according to the user ID of terminal equipment, obtain the user profile of terminal equipment, and according to the IP address of terminal equipment and the user profile of terminal equipment, adopt default cryptographic algorithm to obtain the first secure ID.
13. 1 kinds of communication systems, is characterized in that, comprising: first server, second server and security server as described in claim 8-11 any one, wherein:
Described second server, sends to security server for the second secure ID that the second call request receiving is comprised and the secure ID of second server, receives the first secure ID that security server sends;
Described security server, for according to the second secure ID receiving and the secure ID of second server, generates above-mentioned the first secure ID.
14. communication systems according to claim 13, it is characterized in that, described security server, specifically for respectively the second secure ID receiving and the secure ID of second server being decrypted, obtain the 2nd IP address and the second user profile that the second secure ID is corresponding, and, corresponding the 3rd IP address and the 3rd user profile of secure ID of second server, security server can be encrypted the 2nd IP address, the second user profile and the 3rd user profile, generates above-mentioned the first secure ID.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410239488.3A CN104023012B (en) | 2014-05-30 | 2014-05-30 | The method, apparatus and system of service are called in cluster |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410239488.3A CN104023012B (en) | 2014-05-30 | 2014-05-30 | The method, apparatus and system of service are called in cluster |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104023012A true CN104023012A (en) | 2014-09-03 |
| CN104023012B CN104023012B (en) | 2017-05-31 |
Family
ID=51439582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410239488.3A Active CN104023012B (en) | 2014-05-30 | 2014-05-30 | The method, apparatus and system of service are called in cluster |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104023012B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790307A (en) * | 2017-03-28 | 2017-05-31 | 联想(北京)有限公司 | Network safety managing method and server |
| CN106921673A (en) * | 2017-03-28 | 2017-07-04 | 联想(北京)有限公司 | Network safety managing method and server |
| CN106992976A (en) * | 2017-03-24 | 2017-07-28 | 联想(北京)有限公司 | Network safety managing method and server |
| CN107046567A (en) * | 2017-02-14 | 2017-08-15 | 广州云晫信息科技有限公司 | A kind of distributed cloud computing system for the centralized management being made up of thin cloud system |
| CN107070891A (en) * | 2017-03-10 | 2017-08-18 | 腾讯科技(深圳)有限公司 | Service calling method and device |
| CN107105003A (en) * | 2017-02-14 | 2017-08-29 | 广州云晫信息科技有限公司 | Cloud system is melted automatically in the super fusion thin cloud data center of one kind |
| WO2018161851A1 (en) * | 2017-03-10 | 2018-09-13 | 腾讯科技(深圳)有限公司 | Device control method, storage medium, and computer device |
| CN110278133A (en) * | 2019-07-31 | 2019-09-24 | 中国工商银行股份有限公司 | Inspection method, device, calculating equipment and the medium executed by server |
| CN106992978B (en) * | 2017-03-28 | 2020-08-25 | 联想(北京)有限公司 | Network security management method and server |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729514A (en) * | 2008-10-23 | 2010-06-09 | 华为技术有限公司 | Method, device and system for implementing service call |
| CN102685086A (en) * | 2011-04-14 | 2012-09-19 | 天脉聚源(北京)传媒科技有限公司 | File access method and system |
-
2014
- 2014-05-30 CN CN201410239488.3A patent/CN104023012B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729514A (en) * | 2008-10-23 | 2010-06-09 | 华为技术有限公司 | Method, device and system for implementing service call |
| CN102685086A (en) * | 2011-04-14 | 2012-09-19 | 天脉聚源(北京)传媒科技有限公司 | File access method and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107046567A (en) * | 2017-02-14 | 2017-08-15 | 广州云晫信息科技有限公司 | A kind of distributed cloud computing system for the centralized management being made up of thin cloud system |
| CN107105003A (en) * | 2017-02-14 | 2017-08-29 | 广州云晫信息科技有限公司 | Cloud system is melted automatically in the super fusion thin cloud data center of one kind |
| CN107070891A (en) * | 2017-03-10 | 2017-08-18 | 腾讯科技(深圳)有限公司 | Service calling method and device |
| WO2018161851A1 (en) * | 2017-03-10 | 2018-09-13 | 腾讯科技(深圳)有限公司 | Device control method, storage medium, and computer device |
| US11657224B2 (en) | 2017-03-10 | 2023-05-23 | Tencent Technology (Shenzhen) Company Limited | Device control method, storage medium, and computer device |
| CN106992976A (en) * | 2017-03-24 | 2017-07-28 | 联想(北京)有限公司 | Network safety managing method and server |
| CN106992976B (en) * | 2017-03-24 | 2020-08-25 | 联想(北京)有限公司 | Network security management method and server |
| CN106790307A (en) * | 2017-03-28 | 2017-05-31 | 联想(北京)有限公司 | Network safety managing method and server |
| CN106921673A (en) * | 2017-03-28 | 2017-07-04 | 联想(北京)有限公司 | Network safety managing method and server |
| CN106992978B (en) * | 2017-03-28 | 2020-08-25 | 联想(北京)有限公司 | Network security management method and server |
| CN110278133A (en) * | 2019-07-31 | 2019-09-24 | 中国工商银行股份有限公司 | Inspection method, device, calculating equipment and the medium executed by server |
| CN110278133B (en) * | 2019-07-31 | 2021-08-13 | 中国工商银行股份有限公司 | Checking method, device, computing equipment and medium executed by server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104023012B (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104023012A (en) | Method, device and system for scheduling service in cluster | |
| CN110264182B (en) | Electronic certificate management system | |
| US9867051B2 (en) | System and method of verifying integrity of software | |
| US8619986B2 (en) | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier | |
| CN103235906B (en) | A kind of application program encryption, decryption method and encryption, decryption device | |
| CN102625297B (en) | For identity management method and the device of mobile terminal | |
| EP3429243A1 (en) | Remote management method and device | |
| CA2820502C (en) | Key agreement using a key derivation key | |
| US8707444B2 (en) | Systems and methods for implementing application control security | |
| CN101651714B (en) | Downloading method and related system and equipment | |
| CN103095457A (en) | Login and verification method for application program | |
| CN105812332A (en) | Data protection method | |
| CN105007577A (en) | Virtual SIM card parameter management method, mobile terminal and server | |
| CN103188221A (en) | Application login method, application login device and mobile terminal | |
| CN102857408A (en) | Stateless application notifier | |
| CN103281340A (en) | Method, system, client-side, releasing server and cloud server for two-dimension code verification | |
| CN104412273A (en) | Method and system for activation | |
| CN104079581A (en) | Identity authentication method and device | |
| US20170230365A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| CN104199657A (en) | Call method and device for open platform | |
| CN111259356B (en) | Authorization method, auxiliary authorization component, management server and computer readable medium | |
| CN112632521A (en) | Request response method and device, electronic equipment and storage medium | |
| US11128455B2 (en) | Data encryption method and system using device authentication key | |
| CN104935435A (en) | Login methods, terminal and application server | |
| KR102292007B1 (en) | Network node security using short range communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100041 room 1592A, building, No. 3 West Road, Badachu hi tech park, Beijing, Shijingshan District, China Patentee after: BEIJING LIEBAO NETWORK TECHNOLOGY CO., LTD. Address before: 100041 room 1592A, building, No. 3 West Road, Badachu hi tech park, Beijing, Shijingshan District, China Patentee before: Beijing Kingsoft Internet Science and Technology Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder |