CN108011862A - The mandate of mirror image warehouse, access, management method and server and client side - Google Patents

The mandate of mirror image warehouse, access, management method and server and client side Download PDF

Info

Publication number
CN108011862A
CN108011862A CN201610978489.9A CN201610978489A CN108011862A CN 108011862 A CN108011862 A CN 108011862A CN 201610978489 A CN201610978489 A CN 201610978489A CN 108011862 A CN108011862 A CN 108011862A
Authority
CN
China
Prior art keywords
mirror image
authorization
access
user
warehouse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201610978489.9A
Other languages
Chinese (zh)
Inventor
谭珊珊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610978489.9A priority Critical patent/CN108011862A/en
Priority to PCT/CN2017/107525 priority patent/WO2018077169A1/en
Publication of CN108011862A publication Critical patent/CN108011862A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of mandate of mirror image warehouse, access, management method and server, mirror image warehouse client, mirror image warehouse client sends certification request to mirror image warehouse authorization server, identity information and default identity information of the mirror image warehouse authorization server in certification request carry out authorization identifying with user role mapping table to user, and wherein different user role corresponds to different access rights;And after user's authorization identifying success, the authorization token of feedback;Mirror image warehouse client is based on the authorization token and sends mirror image resources access request to mirror image warehouse server, mirror image warehouse server judge the mirror image resources access request for authorization requests when, just further to being accessed according to the corresponding authorization token of mirror image resources access request to the mirror image resources access request processing.The present invention, which is realized, control effectively the access rights for accessing the different user in mirror image warehouse according to different user role, mirror image warehouse can be given to provide fine-grained access control.

Description

The mandate of mirror image warehouse, access, management method and server and client side
Technical field
The present invention relates to the communications field, more particularly to a kind of mandate of mirror image warehouse, access, management method and server and visitor Family end.
Background technology
Docker is an engine increased income, can easily for any application create it is lightweight, transplantable, Self-centered container.Docker provides a publicly-owned warehouse, is known as Docker Hub, for storing Docker mirror images, appoints The mirror image resources what uploads to public warehouse contributes to open free use.Therefore publicly-owned warehouse is not suitable for Enterprise Project etc. The various application scenarios not exclusively opened to the outside world.Therefore the establishment and management in privately owned mirror image warehouse are used and are just particularly important. The current implementation for having many privately owned mirror image warehouses, such as Docker Registry.Even but privately owned mirror image warehouse, The user that different user role can be still related to accesses the mirror image resources wherein stored, such as administrator or research and development people Member either infrastructural support personnel etc..And current either privately owned mirror image warehouse or publicly-owned mirror image warehouse, all lack basis Different user role carries out effective way to manage to the access rights of different user, causes the management in mirror image warehouse to lack rationally Property, and there are some potential safety problems.
The content of the invention
A kind of mandate of mirror image warehouse, access, management method and server and client side provided in an embodiment of the present invention, principal solution Technical problem certainly is:Solving existing image warehouse does not have the access rights of different user according to different user role The problem of effect control.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse authorization method, including:
Receive mirror is used to access the certification request in mirror image warehouse as what warehouse client was sent, in the certification request at least Identity information comprising user;
According to the identity information and default identity information and user role mapping table, the user is authorized Certification, different user role correspond to different access rights;
During authorization identifying success, to the mirror image warehouse client feedback authorization token, for the mirror image warehouse client End group accesses the mirror image warehouse in the authorization token.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse access method, including:
Certification request is sent to mirror image warehouse authorization server, the identity that user is included at least in the certification request is believed Breath;
Mirror image warehouse authorization server is received according to the identity information and default identity information and user role pair After relation table is answered to user's authorization identifying success, the authorization token of feedback;
Mirror image resources access request is sent to mirror image warehouse server based on the authorization token.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse management method, including:
The mirror image resources access request that receive mirror is sent as warehouse client;
Judge the mirror image resources access request for unauthorized request when, to mirror image warehouse client send authorization identifying Instruction notice, the authorization identifying instruction notice include mirror image warehouse authorization server address information;
Judge the mirror image resources access request for authorization requests when, according to the corresponding mandate of mirror image resources access request Token accesses the mirror image resources access request processing.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse authorization server, including:
Certification receiving module, the certification request for being used to access mirror image warehouse sent for receive mirror as warehouse client, The identity information of user is included at least in the certification request;
Authorization identifying module, for according to the identity information and default identity information and user role mapping table, Authorization identifying is carried out to the user, different user role corresponds to different access rights;
Certification feedback module, in authorization identifying success, to the mirror image warehouse client feedback authorization token, with Accessed for mirror image warehouse client based on the authorization token to the mirror image warehouse.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse client, including:
Identification processing module, for sending certification request to mirror image warehouse authorization server, in the certification request at least Identity information comprising user, and receive mirror image warehouse authorization server and believed according to the identity information and default identity After breath and user role mapping table are successful to user's authorization identifying, the authorization token of feedback;
Resource access module, please for sending mirror image resources access to mirror image warehouse server based on the authorization token Ask.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of mirror image warehouse server, including:
Access receiving module, the mirror image resources access request sent for receive mirror as warehouse client;
Control module, for judge the mirror image resources access request for unauthorized request when, to the mirror image warehouse client End sends authorization identifying instruction notice, and the authorization identifying instruction notice includes mirror image warehouse authorization server address information;With And for judge the mirror image resources access request for authorization requests when, according to the corresponding warrant of mirror image resources access request Board accesses the mirror image resources access request processing.
The embodiment of the present invention also provides a kind of computer-readable storage medium, and computer is stored with the computer-readable storage medium Executable instruction, the computer executable instructions are used to perform foregoing mirror image warehouse mandate, access, management method.
The beneficial effects of the invention are as follows:
The mandate of mirror image warehouse, access, management method and server, client and the calculating provided according to embodiments of the present invention Machine storage medium, mirror image warehouse client send certification request, mirror image warehouse authorization server to mirror image warehouse authorization server Identity information and default identity information in certification request carry out authorization identifying with user role mapping table to user, Wherein different user role corresponds to different access rights;And after user's authorization identifying success, to mirror image warehouse client Hold the authorization token of feedback;And then mirror image warehouse client is based on the authorization token and sends mirror image resources to mirror image warehouse server Access request, mirror image warehouse server judge the mirror image resources access request for authorization requests when, just further to according to mirror As the corresponding authorization token of resource access request accesses the mirror image resources access request processing.Therefore the present invention realizes It is control effectively according to different user role to the access rights for accessing the different user in mirror image warehouse, mirror image warehouse can be given Fine-grained access control is provided, improves the practicality, security and the reasonability of management in mirror image warehouse.
Brief description of the drawings
Fig. 1 is the mirror image warehouse access method flow diagram in the embodiment of the present invention one;
Fig. 2 is that the authorization identifying in the embodiment of the present invention one indicates flow diagram;
Fig. 3 is the mirror image warehouse authorization method flow diagram in the embodiment of the present invention one;
Fig. 4 is the mirror image warehouse management method flow diagram in the embodiment of the present invention one;
Fig. 5 is the mirror image warehouse client terminal structure schematic diagram in the embodiment of the present invention two;
Fig. 6 is the mirror image warehouse authorization server structure diagram in the embodiment of the present invention two;
Fig. 7 is the mirror image warehouse server structure diagram in the embodiment of the present invention two;
Fig. 8-1 is the identity identifying method schematic diagram in the embodiment of the present invention three;
Fig. 8-2 is the authorization and authentication method schematic diagram in the embodiment of the present invention three;
Fig. 9 is the authorization identifying flow diagram in the embodiment of the present invention three;
Figure 10 is the configuration information schematic diagram in the embodiment of the present invention three.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment in the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work Embodiment, belongs to the scope of protection of the invention.
Embodiment one:
Mirror image warehouse client in the present embodiment sends certification request to mirror image warehouse authorization server, and mirror image warehouse is awarded Identity information and default identity information of the server in certification request is weighed to carry out user with user role mapping table Authorization identifying, wherein different user role correspond to different access rights, and after the success of user's authorization identifying, to mirror image warehouse The authorization token of client feedback;And then mirror image warehouse client is based on the authorization token and sends mirror image to mirror image warehouse server Resource access request, mirror image warehouse server judge the mirror image resources access request for authorization requests when, just further to root Access according to the corresponding authorization token of mirror image resources access request to the mirror image resources access request processing.Realize according to not It control effectively with user role to the access rights for accessing the different user in mirror image warehouse, mirror image warehouse can be given to provide thin The access control of granularity, improves the practicality, security and the reasonability of management in mirror image warehouse.In order to be better understood from this Invention, the present embodiment to mirror image warehouse client, mirror image warehouse server and three end of mirror image warehouse authorization server respectively into Row is schematically illustrate.
For mirror image warehouse client, it can send mirror according to the command request that user sends to mirror image warehouse server Sent as resource access request, and according to the mirror image repository service that mirror image warehouse server is fed back to mirror image warehouse authorization server Certification request;Can also when learning the address of mirror image warehouse authorization server, directly according to user send command request to Mirror image warehouse authorization server sends certification request.Specific implementation can flexibly select to use according to concrete application scene. A kind of mirror image warehouse access method provided in this embodiment is shown in Figure 1, including:
S101:Mirror image warehouse client sends certification request to mirror image warehouse authorization server, in the certification request at least Identity information comprising user.
As described above, the certification request in the present embodiment can be mirror image warehouse client according to mirror image warehouse server What instruction is sent or mirror image warehouse client was directly sent according to the instruction of user.
S102:Mirror image warehouse client receive mirror is as identity information of the warehouse authorization server in certification request and pre- After if identity information and user role mapping table are to the success of user's authorization identifying, the authorization token of feedback.
Identity information and user role mapping table can be pre-configured in mirror image warehouse mandate clothes in the present embodiment Business device local, naturally it is also possible to be disposed on other mirror image warehouse authorization servers and be able to access that in the database of acquisition.And Different user role corresponds to different access rights in the present embodiment, user role and corresponding access rights in the present embodiment Setting can flexibly be set according to concrete application scene.
S103:Mirror image warehouse client is based on authorization token and sends mirror image resources access request to mirror image warehouse server.
It should be appreciated that the mirror image warehouse client in the present embodiment sends certification request and mirror image resources is accessed and asked The mode and used specific agreement asked can flexibly be set according to specific requirements.And the mirror image warehouse bag in embodiment Include but be not limited to Docker mirror images warehouse.
Such as above-mentioned analysis, in the present embodiment, before the certification that mirror image warehouse client is sent to mirror image warehouse server, It can also include the following steps shown in Fig. 2:
S201:Mirror image warehouse client sends mirror image resources access request to mirror image warehouse server.
After mirror image warehouse server receives the mirror image resources access request, it can first judge that the mirror image resources access request is It is no it is authorized authenticated, if so, just performing subsequent access step, otherwise prompt mirror image warehouse client to carry out authorization identifying.
S202:When mirror image warehouse client receives the authorization identifying instruction notice of mirror image warehouse server return, according to Mirror image warehouse authorization server address information in authorization identifying instruction notice, recognizes to described in the transmission of mirror image warehouse authorization server Card request.
Mirror image warehouse authorization server address information in the present embodiment can configure on mirror image warehouse server in advance.
In the present embodiment, mirror image warehouse client can include not to the certification request that mirror image warehouse authorization server is sent Same information, is illustrated with two kinds of sample situations below.
Example one:The identity information of user can be only included in the certification request that mirror image warehouse client is sent, to complete Authorization identifying, authorization identifying at this time is then can be only according to the whether legal mandate for being authenticated, issuing of the identity information In token all access rights of user role can be corresponded to (including but not limited to user role in access rights comprising the user Allow the action type scope of the mirror image resources scope and permission accessed);In order to further lift security, the certification request In can also include user cipher, before mirror image warehouse authorization server carries out authorization identifying according to certification request to user, also Can first according to identity information, user cipher and default identity information and user cipher correspondence configuration file, to the user into Row authentication.
Example two:The identity information of user, current accessed can be included in the certification request that mirror image warehouse client is sent Mirror image resources information (can be the type of the mirror image resources address of current accessed or the mirror image resources of current accessed And title) and current access request action type;Whether authorization identifying at this time is then that can be closed according to the identity information Method, and the mirror image resources information of current accessed and the action type of current access request whether the user user role Allow access mirror image resources in the range of (can be mirror image resources address realm or mirror image resources Type Range and Title) and the action type that allows in the range of carry out authorization identifying.Certainly, in order to further lift security, which please User cipher can also be included in asking, before mirror image warehouse authorization server carries out authorization identifying according to certification request to user, Can also be first according to identity information, user cipher and default identity information and user cipher correspondence configuration file, to the user Carry out authentication.
It should be appreciated that the authorization identifying and the specific implementation of authentication that are carried out in the present embodiment to user are simultaneously It is not limited to above-mentioned example mode.
In the present embodiment, after user's authorization identifying success in certification request, the authorization token issued includes permission The mirror image resources that user accesses (can be the corresponding all mirrors for allowing to access of user role of the user in above-mentioned example one As the user in resource or above-mentioned example two user role currently allow access mirror image resources), action type (it can be the action type of the corresponding all permissions of user role of the user in above-mentioned example one or above-mentioned show The action type that the user role of the user in example two currently allows, can also further comprise token effective time, the token The setting of effective time can flexibly be set according to specific requirements, such as is arranged to 10 minutes, 30 minutes etc..
Mirror image warehouse client is based on authorization token can adopt to mirror image warehouse server transmission mirror image resources access request Any one mode in the following methods:
Mode one:The authorization token got is first individually sent to mirror image warehouse server, then to mirror image repository service Device sends corresponding mirror image resources access request.
Mode two:Mirror image resources, action type and the warrant of token effective time for allowing user to access will be included After board is added in mirror image resources access request, mirror image warehouse server is issued.
In the present embodiment, the mirror image warehouse authorization method process that mirror image warehouse authorization server side performs is shown in Figure 3, Including:
S301:Receive mirror is used to access the certification request in mirror image warehouse as what warehouse client was sent, in the certification request Including at least the identity information (including but not limited to user name) of user;
S302:Identity information and default identity information in certification request and user role mapping table, to Family carries out authorization identifying, and different user role corresponds to different access rights;
S303:During authorization identifying success, to mirror image warehouse client feedback authorization token, for mirror image warehouse client's end group Access in the authorization token to the mirror image warehouse., then can be anti-to mirror image warehouse client when authorization identifying fails Feedback is unsuccessfully prompted, or does not do any feedback.
Such as above-mentioned analysis, in order to further lift security, the certification that mirror image warehouse client is sent in the present embodiment please User cipher can also be included in asking;User of the mirror image warehouse authorization server in certification request carry out authorization identifying it Before, can also be first according to identity information and user cipher, with reference to pre-set identity information and user cipher correspondence Configuration file, authentication is carried out to user.Only in authentication by rear, follow-up authorization identifying process is just performed, it is no Do not perform follow-up authorization identifying process then, and to mirror image warehouse client feedback authentification failure.
As above analyze, the authorization identifying mode in the present embodiment may include but be not limited to following two way of example:
Example one:The identity information of user can be only included in the certification request that mirror image warehouse client is sent.Mirror at this time As warehouse server authorization identifying then can be only according to the identity information, with reference to default identity information pass corresponding with user role It is that table carries out authorization identifying to the user, such as checks the identity information in identity information with being in user role mapping table No presence, in this way then authorization identifying success, can in the authorization token issued to mirror image warehouse client after authorization identifying success (allow to access including but not limited to user role in access rights to correspond to all access rights of user role comprising the user Mirror image resources scope and permission action type scope).
Example two:The identity information of user, current accessed can be included in the certification request that mirror image warehouse client is sent Mirror image resources information (can be the type of the mirror image resources address of current accessed or the mirror image resources of current accessed And title) and current access request action type;At this time mirror image warehouse server authorization identifying be then can be according to the body Whether part information is legal, and whether the mirror image resources information of current accessed and the action type of current access request are in the use (can be mirror image resources address realm or mirror image resources in the range of the mirror image resources that the user role at family allows to access Type Range and title) and the action type that allows in the range of carry out authorization identifying.
In access rights in the present embodiment include but not limited to user role allow access mirror image resources scope and The action type scope of permission, action type includes but not limited to upload, downloads, deletes, inquiry, such as comes for administrator Say, it can also have the authority for setting user role and corresponding access rights.Below to the corresponding operation class of user role Type scope is illustrated.Referring to shown in table 1 below.
Table 1
Identity information User role Action type scope
User name 1 Administrator All action types
User name 2 Administrator All action types
User name 3 First user role Upload, download, deleting, inquiry
User name 4 Second user role Upload, download, inquiry
User name 5 First user role Upload, download, deleting, inquiry
User name 6 3rd user role Upload, download, delete
User name 7 Fourth user role Upload, download
User name 8 5th user role Download
User name 9 6th user role Inquiry
For mirror image resources scope, can be set respectively for different user role, which shows in one kind It can be defined in example by limiting mirror image resources address realm (such as which of which mirror image warehouse address), can also It is defined by the type and title of mirror image resources, or combines the two and be defined.
Based on above-mentioned table 1, it is assumed that be authenticated with the authentication mode of above-mentioned example two, mirror image warehouse authentication service at this time The process that device carries out authorization identifying includes:Identity information in certification request is corresponding with user role in default identity information The corresponding user role of the user is found in relation table, judges the mirror image resources information of current accessed whether at the user angle Color allow access mirror image resources in the range of, and the action type of current access request whether permission action type scope It is interior, if so, authorization identifying success;Otherwise, authorization identifying fails.
For example, it is assumed that the identity information in certification request is user name 4, current action type to download, it is current to visit The mirror image resources information asked is the image file that resource type is the entitled test/my-app of repository.Mirror image storehouse at this time The process that storehouse certificate server carries out authorization identifying includes:The corresponding role's second user role of user name 4 is found in table 1, Judge to be loaded in the range of the action type of permission under current operation type, and the mirror image resources of current accessed is in the model for allowing to access In enclosing, authorization identifying success.
In another example, it is assumed that the identity information in certification request is user name 7, current action type to delete, currently The mirror image resources information of access is the image file that resource type is the entitled test/my-app of repository.Mirror image at this time The process that warehouse certificate server carries out authorization identifying includes:The corresponding role's fourth user angle of user name 7 is found in table 1 Color, judges that current operation type is deleted not in the range of the action type of permission, authorization identifying failure.
In another example, it is assumed that the identity information in certification request is user name 10, current action type for inquiry, currently The mirror image resources information of access is the image file that resource type is the entitled test/my-app of repository.Mirror image at this time The process that warehouse certificate server carries out authorization identifying includes:User name 7, authorization identifying failure are not found in table 1.
In the present embodiment, the mirror image warehouse management method process that mirror image warehouse server side performs is shown in Figure 4, bag Include:
S401:The mirror image resources access request that receive mirror is sent as warehouse client.
S402:Judge whether the mirror image resources access request is authorization requests, if not, going to S403;Otherwise, go to S404。
In the present embodiment, mirror image warehouse server is receiving a mirror image resources access request for including authorization token When, after having handled the mirror image resources access request, also the authorization token is stored.What is so continued upon receipt does not include During the mirror image resources access request of authorization token, it can judge that the mirror image resources is visited according to the authorization token of local storage before Ask whether request is authorization requests.
S403:Authorization identifying instruction notice is sent to mirror image warehouse client, authorization identifying instruction notice includes mirror image storehouse Storehouse authorization server address information, when carrying out authorization identifying using above-mentioned example two, can also further comprise the mirror of current accessed As resource information and action type, these information are added when generating certification request for mirror image warehouse client.
S404:Accessed according to the corresponding authorization token of mirror image resources access request to the mirror image resources access request Processing, such as carry out corresponding download, upload, delete and inquire about etc..
Corresponding above two example authentication mode, according to the corresponding warrant of mirror image resources access request in the present embodiment Access to the mirror image resources access request mode of processing of board also includes:
Judge whether the authorization token is currently effective according to mirror image resources access request corresponding token effective time, such as nothing Effect, authorization identifying instruction notice is sent again to mirror image warehouse client;As effectively, judged that mirror image resources access request is currently visited The mirror image resources information asked whether allow access mirror image resources in the range of, and the action type of current access request whether In the range of the action type of permission, if so, performing access;Otherwise, denied access or to mirror image warehouse client send award again Weigh certification instruction notice.
It should be appreciated that mirror image warehouse client, mirror image warehouse server and the mandate of mirror image warehouse in the present embodiment The interactive mode of various message can flexibly be set between server.The present embodiment is realized according to different user role to accessing The access rights of the different user in mirror image warehouse control effectively, and mirror image warehouse can be given to provide fine-grained access control, Improve the practicality, security and the reasonability of management in mirror image warehouse.
Embodiment two:
A kind of mirror image warehouse client is present embodiments provided, it is shown in Figure 5, including:
Identification processing module 51, for sending certification request to mirror image warehouse authorization server, is at least wrapped in certification request Identity information containing user;And for receive mirror as warehouse authorization server is according to the identity information and default identity information After succeeding with user role mapping table to user's authorization identifying, the authorization token of feedback;
Identification processing module 51 can send mirror image resources according to the command request that user sends to mirror image warehouse server Access request, and certification is sent to mirror image warehouse authorization server according to the mirror image repository service that mirror image warehouse server is fed back and is asked Ask;Can also be when learning the address of mirror image warehouse authorization server, the command request directly sent according to user is to mirror image storehouse Storehouse authorization server sends certification request.
Identity information and user role mapping table can be pre-configured in mirror image warehouse mandate clothes in the present embodiment Business device local, naturally it is also possible to be disposed on other mirror image warehouse authorization servers and be able to access that in the database of acquisition.And Different user role corresponds to different access rights in the present embodiment, user role and corresponding access rights in the present embodiment Setting can flexibly be set according to concrete application scene.
Resource access module 52, for sending mirror image resources access request to mirror image warehouse server based on authorization token.
Identification processing module 51 can include different information to the certification request that mirror image warehouse authorization server is sent, under Face is illustrated with two kinds of sample situations.
Example one:The identity information of user can be only included in the certification request that identification processing module 51 is sent, to complete Authorization identifying, authorization identifying at this time is then can be only according to the whether legal mandate for being authenticated, issuing of the identity information In token all access rights of user role can be corresponded to (including but not limited to user role in access rights comprising the user Allow the action type scope of the mirror image resources scope and permission accessed);
Example two:The identity information of user, current accessed can be included in the certification request that identification processing module 51 is sent Mirror image resources information (can be the type of the mirror image resources address of current accessed or the mirror image resources of current accessed And title) and current access request action type;Whether authorization identifying at this time is then that can be closed according to the identity information Method, and the mirror image resources information of current accessed and the action type of current access request whether the user user role Allow access mirror image resources in the range of (can be mirror image resources address realm or mirror image resources Type Range and Title) and the action type that allows in the range of carry out authorization identifying.
In order to further lift security, user cipher, mirror image warehouse authorization service can also be included in the certification request Before device carries out authorization identifying according to certification request to user, can also first it be believed according to identity information, user cipher and default identity Breath and user cipher correspondence configuration file, authentication is carried out to the user.
In the present embodiment, after user's authorization identifying success in certification request, the authorization token issued includes permission The mirror image resources that user accesses (can be the corresponding all mirrors for allowing to access of user role of the user in above-mentioned example one As the user in resource or above-mentioned example two user role currently allow access mirror image resources), action type (it can be the action type of the corresponding all permissions of user role of the user in above-mentioned example one or above-mentioned show The action type that the user role of the user in example two currently allows, can also further comprise token effective time, the token The setting of effective time can flexibly be set according to specific requirements, such as is arranged to 20 minutes, 30 minutes etc..
Resource access module 52 is based on authorization token can adopt to mirror image warehouse server transmission mirror image resources access request Any one mode in the following methods:
Mode one:The authorization token got is first individually sent to mirror image warehouse server by resource access module 52, then Corresponding mirror image resources access request is sent to mirror image warehouse server.
Mode two:Resource access module 52 will have comprising the mirror image resources, action type and the token that allow user to access After imitating in the authorization token addition mirror image resources access request of time, mirror image warehouse server is issued.
The present embodiment additionally provides a kind of mirror image warehouse authorization server, shown in Figure 6, including:
Certification receiving module 61, for receive mirror as the certification for being used to access mirror image warehouse that warehouse client is sent please Ask, including at least the identity information (including but not limited to user name) of user in the certification request;
Authorization identifying module 62 is right for according to identity information and default identity information and user role mapping table The user carries out authorization identifying, and different user role corresponds to different access rights;
Certification feedback module 63, in authorization identifying success, to mirror image warehouse client feedback authorization token, for Mirror image warehouse client accesses the mirror image warehouse based on authorization token., then can be to mirror image when authorization identifying fails Warehouse client feedback is unsuccessfully prompted, or does not do any feedback.
In order to further lift security, can also be wrapped in the certification request that mirror image warehouse client is sent in the present embodiment Containing user cipher;Shown in Figure 6, mirror image warehouse authorization server further includes authentication module 64, for being asked to certification , can also be first according to identity information and user cipher, with reference to pre-set body before the user asked carries out authorization identifying Part information and user cipher correspondence configuration file, authentication is carried out to user.Only in authentication by rear, mandate Authentication module just performs follow-up authorization identifying process, does not otherwise perform follow-up authorization identifying process, and objective to mirror image warehouse Feed back authentification failure in family end.
As above analyze, the authorization identifying mode in the present embodiment may include but be not limited to following two way of example:
Example one:The identity information of user can be only included in the certification request that mirror image warehouse client is sent.Award at this time Weighing 62 authorization identifying of authentication module then can be only according to the identity information, with reference to default identity information pass corresponding with user role It is that table carries out authorization identifying to the user, such as checks the identity information in identity information with being in user role mapping table No presence, in this way then authorization identifying success, can in the authorization token issued to mirror image warehouse client after authorization identifying success (allow to access including but not limited to user role in access rights to correspond to all access rights of user role comprising the user Mirror image resources scope and permission action type scope).
Example two:The identity information of user, current accessed can be included in the certification request that mirror image warehouse client is sent Mirror image resources information (can be the type of the mirror image resources address of current accessed or the mirror image resources of current accessed And title) and current access request action type;At this time 62 authorization identifying of authorization identifying module be then can be according to the body Whether part information is legal, and whether the mirror image resources information of current accessed and the action type of current access request are in the use (can be mirror image resources address realm or mirror image resources in the range of the mirror image resources that the user role at family allows to access Type Range and title) and the action type that allows in the range of carry out authorization identifying.
In access rights in the present embodiment include but not limited to user role allow access mirror image resources scope and The action type scope of permission, action type includes but not limited to upload, downloads, deletes, inquiry, such as comes for administrator Say, it can also have the authority for setting user role and corresponding access rights.
The present embodiment additionally provides a kind of mirror image warehouse server, shown in Figure 7, including:
Access receiving module 71, the mirror image resources access request sent for receive mirror as warehouse client;
Control module 72, for judge the mirror image resources access request for unauthorized request when, to mirror image warehouse client Authorization identifying instruction notice is sent, authorization identifying instruction notice includes mirror image warehouse authorization server address information, and use is above-mentioned When example two carries out authorization identifying, it can also further comprise the mirror image resources information and action type of current accessed, for mirror These information are added when generating certification request as warehouse client;And for judging that the mirror image resources access request is to have authorized During request, accessed according to the corresponding authorization token of mirror image resources access request to the mirror image resources access request processing.
In the present embodiment, control module 72 is when receiving a mirror image resources access request for including authorization token, place After having managed the mirror image resources access request, also the authorization token is stored.Not including for so continuing upon receipt authorizes During the mirror image resources access request of token, it can be asked according to the authorization token of local storage before to judge that the mirror image resources accesses No Seeking Truth is authorization requests.
Control module 72 is specifically used for judging whether the authorization token is currently effective according to the token effective time, such as It is invalid, send again authorization identifying instruction notice to mirror image warehouse client;As effectively, judged, the mirror image resources accesses The mirror image resources information of current accessed is asked whether in the range of the mirror image resources for allowing to access, and the current access request Whether action type is in the range of the action type of permission, if so, performing access;Otherwise, denied access or to the mirror image storehouse Storehouse client sends again authorization identifying instruction notice.
The function of above-mentioned each module in the present embodiment can be realized by the circuit in microcontroller or code.And obviously, Namely each module of the embodiment of the present invention or each step can realize that they can concentrate on single with general computing device Computing device on, or be distributed on the network that multiple computing devices are formed, alternatively, they can with computing device The program code of execution is realized, it is thus possible to be stored in computer-readable storage medium (ROM/RAM, magnetic disc, CD) Performed by computing device, and in some cases, can be with the step shown or described by being performed different from order herein Suddenly, they are either fabricated to each integrated circuit modules respectively or the multiple modules or step in them are fabricated to list A integrated circuit modules are realized.So the present invention is not restricted to any specific hardware and software and combines.
Embodiment three:
In order to be better understood from the present invention, below using mirror image warehouse be Docker mirror images warehouse as example, show with reference to above-mentioned The mode of example two illustrates.
The function of authentication module is to receive the certification request of Docker in the present embodiment, passes through specified authentication method Carry out authentication.Certification request in the present embodiment can use HTTPS (Hyper Text Transfer Protocol Over Secure Socket Layer), HTTP (hypertext transfer protocol, HyperText Transfer for safety Protocol) data transfer.
As shown in Fig. 8-1, authentication module can support a variety of authentication methods, such as include but not limited to:
Static file configures;LDAP (Light Directory Access Protocol, Lightweight Directory Access ) and multitype database Protocol.Wherein:
Static file configuration mode is that user name and encrypted password are placed in the file of configuration, authorization device operation When be loaded into the configuration file, configuration file is configured with active user and password, and wherein password employs Bcrypt (Blowfish File Encryption, a cross-platform file encryption instrument) encryption, which is implemented simple.
LDAP (Lightweight Directory Access Protocol, Light Directory Access Protocol), i.e., with tree-shaped Hierarchical structure come store data, it is necessary to start one operation ldap server container, then, authorization device is by configuring text Part mode, configures address and the other information of above-mentioned ldap server.
Multitype database, when authorization device starts, is loaded with the configuration text of the information such as the address port of configuration database Part, the operation each time in mirror image warehouse, is authenticated by the user data of reading database storage.
The function of authorization identifying module in the present embodiment is when authentication is by according to the user in hair certification request Token is issued with the requested scope of authority (including the resource type of access, title and concrete operations type), the token Generated by JWT (JSON Web Token) certificate scheme, which contains token types (i.e. JWT), what token was used Signature algorithm, the publisher of token, term of validity of token etc..As shown in Fig. 8-2, authorization and authentication method includes but not limited to: ACL (accesses control list, Access Control List), LDAP, and multitype database.Wherein:
ACL authorization methods can be used with static file compound and cooperation above, in configuration file, description user name and its tool Some extents of competence.
The mandate of LDAP can coordinate ldap authentication to use.
The authorization method of database, can match somebody with somebody and be used together with database certification above, pass through database purchase number There is more rich usage scenario according to authorize, user can voluntarily select type of database as needed.
Fig. 9 illustrates the complete process of authorization identifying, including:
S901:Mirror image warehouse client initiates resource access request to mirror image warehouse server;
S902:Mirror image warehouse server returns to authorized address and the scope of authority generated according to the address of request;
S903:Mirror image warehouse client carries username and password and sends certification request to mirror image warehouse authorization server;
S904:Mirror image warehouse authorization server is first authenticated user information and request scope, and certification is by rear, hair Authorization token token is sent to give mirror image warehouse client;
S905:Mirror image warehouse client carries the token and initiates resource access request to mirror image warehouse server again;
S906:Mirror image warehouse server responds request resource after receiving resource access request.
Below by taking image download as an example, general Docker mirror images warehouse authorization server is introduced to Docker mirror images warehouse It is as follows that server is authenticated licensing process:
Ensure that Docker mirror images warehouse server normally starts first, mirror image warehouse is configured with wherein starting to be loaded with Authorization server information, such as Figure 10, include following information:Including mirror image warehouse authorization server address, the name in mirror image warehouse Title is referred to as service name, the publisher of mirror image warehouse authorization server title, that is, token, and the absolute path of public key (coordinating HTTPS uses).Mirror image warehouse authorization server will also start, and loading includes token configuration informations, wherein authorization device Title with the configuration of Docker mirror images warehouse server above must be consistent, also to configure the term of validity of token.
Mirror image warehouse client in Docker mirror images warehouse receives the command request that user sends.Such as with Docker Exemplified by Registry mirror images warehouse, mirror image warehouse client using username and password log in Docker Registry, such as when Before have user test, use order docker login 10.11.21.22:5000,10.11.21.22:5000 i.e. Docker The address of Registry,
After logining successfully, docker pull 10.11.21.22 are performed:5000:Test/my-app orders mirror image from The locally downloading Docker of mirror image warehouse server.
Docker mirror images warehouse server is because the resource access request returns to a shape without authorization server mandate State code is 401 http response, and the address of authorization device, service name, for Docker are contained on response head Registry, server-side title could be provided as DIS-Registry, meanwhile, it further comprises the scope of operation, response message head In, the value of WWW-Authenticate header fields is similar to following form:Bearerrealm=" https://ip:port/auth", Service=" Docker-Registry ", scope=" repository:test/my-app:pull".Specifically, realm That is the address of authorization server, service, that is, service name, scope describe the resource type of request, resource name and operation Scope, Current resource type are repository, developer can extended resources type as needed, the resource name of request, Here it is the mirror image title to be downloaded, for test/my-app, it is necessary to which it is to download to perform operational motion, i.e. pull.Here operation Include three types:* (whole authorities with mirror image operation are represented), push, pull (represent that there is mirror image to upload the power of download Limit), pull (expression has image download authority).Scope can have it is multiple, can at the same time multiple resources are authorized.
Mirror image warehouse client sends an authentication request to mirror image warehouse authorization server, asks according to above-mentioned authorization message Address is asked similar to https://ip:port/authService=Docker-Registry&scope=repository: test/my-app:Pull, while using HTTP Basic Authentications input username and password, HTTPS request is sent to mirror image warehouse Authorization server, the mirror image warehouse authorization server first carry out the username and password of request according to the authentication method of configuration Certification, such as, authentication method uses PostgreSQL databases, and device is the username and password of request with database purchase User name password contrasts, meanwhile, for the resource type described in scope, title and operation carry out data-base content Inquiry contrast, unanimously continues with mandate, if inconsistent, as certification is not by returning to the response that conditional code is 401 and believing Breath, and the reason for certification does not pass through.
Mirror image warehouse authorization server returns to token according to above-mentioned required scope, and expression obtains access rights.Pass through HTTP returning responses message body, the token comprising generation.
Mirror image warehouse client retries transmission resource access request and is sent to Docker mirror image warehouse servers, in transmission Increase Authorization header fields in message header, i.e., Bearer and space is added before token values.
Docker mirror image warehouse servers receive the resource access request containing token, perform mirror image warehouse client request The required operation of resource, that is, download and be mirrored to local Docker.
For the identical request of mirror image warehouse client, in the token terms of validity, can directly perform, without recognizing again Card improves the efficiency of operation while security is ensured.
Mirror image warehouse authorization server can be integrated quickly and easily with Docker mirror images warehouse, and Docker mirror images warehouse leads to Cross above-mentioned a series of Certificate Authority step and reach fine-grained access control.
In conclusion general Docker authorization methods and device realize the access control to Docker mirror image warehouse operations System, is easily deployed in Docker by mirror-image fashion, further increases the efficiency of Docker mirror images warehouse exploitation.
Above content is to combine the further description that specific embodiment makees the embodiment of the present invention, it is impossible to is recognized The specific implementation of the fixed present invention is confined to these explanations.For general technical staff of the technical field of the invention, Without departing from the inventive concept of the premise, some simple deduction or replace can also be made, should all be considered as belonging to the present invention Protection domain.

Claims (13)

1. a kind of mirror image warehouse authorization method, including:
Receive mirror is used to access the certification request in mirror image warehouse as what warehouse client was sent, is included at least in the certification request The identity information of user;
According to the identity information and default identity information and user role mapping table, mandate is carried out to the user and is recognized Card, different user role correspond to different access rights;
During authorization identifying success, to the mirror image warehouse client feedback authorization token, for mirror image warehouse client's end group Access in the authorization token to the mirror image warehouse.
2. mirror image warehouse as claimed in claim 1 authorization method, it is characterised in that also close comprising user in the certification request Code;
Before carrying out authorization identifying to the user according to default identity information and user role mapping table, basis is further included The user cipher and default identity information and user cipher correspondence configuration file, authentication is carried out to the user.
3. mirror image warehouse as claimed in claim 1 or 2 authorization method, it is characterised in that further include and work as in the certification request The mirror image resources information of preceding access and the action type of current access request;Allow in the access rights comprising user role The mirror image resources scope of access and the action type scope of permission;The action type, which includes, to be uploaded, downloads, deleting, inquiring about;
According to the identity information and default identity information and user role mapping table, authorization identifying is carried out to the user Including:
The user couple is found in the default identity information and user role mapping table according to the identity information Whether the user role answered, judge the mirror image resources information of the current accessed allows the mirror image resources of access in the user role In the range of, and whether the action type of the current access request in the range of the action type of permission, if so, authorization identifying into Work(;Otherwise, authorization identifying fails.
4. a kind of mirror image warehouse access method, including:
Certification request is sent to mirror image warehouse authorization server, the identity information of user is included at least in the certification request;
Mirror image warehouse authorization server is received to close according to the identity information and default identity information are corresponding with user role It is the authorization token of feedback after table succeeds user's authorization identifying;
Mirror image resources access request is sent to mirror image warehouse server based on the authorization token.
5. mirror image warehouse as claimed in claim 4 access method, it is characterised in that send and recognize to mirror image warehouse authorization server Before card request, further include:
Mirror image resources access request is sent to mirror image warehouse server;
When receiving the authorization identifying instruction notice that the mirror image warehouse server returns, indicate to notify according to the authorization identifying In mirror image warehouse authorization server address information, send the certification request to mirror image warehouse authorization server.
6. mirror image warehouse access method as described in claim 4 or 5, it is characterised in that the authorization token, which includes, allows institute State mirror image resources, action type and the token effective time of user's access;Based on the authorization token to mirror image repository service Device, which sends mirror image resources access request, to be included:
The mirror image resources, action type and the authorization token of token effective time that allow the user to access are included by described After adding in mirror image resources access request, the mirror image warehouse server is issued.
7. a kind of mirror image warehouse management method, including:
The mirror image resources access request that receive mirror is sent as warehouse client;
Judge the mirror image resources access request for unauthorized request when, to mirror image warehouse client send authorization identifying instruction Notice, the authorization identifying instruction notice include mirror image warehouse authorization server address information;
Judge the mirror image resources access request for authorization requests when, according to the corresponding authorization token of mirror image resources access request Access the mirror image resources access request processing.
8. mirror image warehouse management method as claimed in claim 7, it is characterised in that the authorization token, which includes, allows user to visit Mirror image resources, action type and the token effective time asked;According to the corresponding authorization token pair of mirror image resources access request The mirror image resources access request processing that accesses includes:
Judge whether the authorization token is currently effective according to the token effective time, it is such as invalid, to mirror image warehouse visitor Family end sends again authorization identifying instruction notice;
As effectively, judged the mirror image resources information of the mirror image resources access request current accessed whether in the mirror image for allowing to access In scope of resource, and whether the action type of the current access request in the range of the action type of permission, if so, performing visit Ask;Otherwise, denied access or to mirror image warehouse client send again authorization identifying instruction notice.
9. a kind of mirror image warehouse authorization server, including:
Certification receiving module, the certification request for being used to access mirror image warehouse sent for receive mirror as warehouse client are described The identity information of user is included at least in certification request;
Authorization identifying module, for according to the identity information and default identity information and user role mapping table, to institute State user and carry out authorization identifying, different user role corresponds to different access rights;
Certification feedback module, for authorization identifying success when, to the mirror image warehouse client feedback authorization token, for institute Mirror image warehouse client is stated to access to the mirror image warehouse based on the authorization token.
10. mirror image warehouse as claimed in claim 9 authorization server, it is characterised in that further include and work as in the certification request The mirror image resources information of preceding access and the action type of current access request;Allow in the access rights comprising user role The mirror image resources scope of access and the action type scope of permission;The action type, which includes, to be uploaded, downloads, deleting, inquiring about;
The authorization identifying module is used for according to the identity information in the default identity information and user role correspondence The corresponding user role of the user is found in table, judges the mirror image resources information of the current accessed whether at the user angle Color allow access mirror image resources in the range of, and the action type of the current access request whether permission action type model In enclosing, if so, authorization identifying success;Otherwise, authorization identifying fails.
11. a kind of mirror image warehouse client, including:
Identification processing module, for sending certification request to mirror image warehouse authorization server, includes at least in the certification request The identity information of user, and receive mirror image warehouse authorization server according to the identity information and default identity information with After user role mapping table is to user's authorization identifying success, the authorization token of feedback;
Resource access module, for sending mirror image resources access request to mirror image warehouse server based on the authorization token.
12. a kind of mirror image warehouse server, including:
Access receiving module, the mirror image resources access request sent for receive mirror as warehouse client;
Control module, for judge the mirror image resources access request for unauthorized request when, to mirror image warehouse client send out Authorization identifying instruction notice is sent, the authorization identifying instruction notice includes mirror image warehouse authorization server address information;And use When it is authorization requests to judge the mirror image resources access request, according to the corresponding authorization token pair of mirror image resources access request The mirror image resources access request accesses processing.
13. mirror image warehouse server as claimed in claim 12, it is characterised in that the authorization token, which includes, allows user to visit Mirror image resources, action type and the token effective time asked;
The control module is used to judge whether the authorization token is currently effective according to the token effective time, such as invalid, Authorization identifying instruction notice is sent again to mirror image warehouse client;As effectively, judged the mirror image resources access request Whether the mirror image resources information of current accessed is in the range of the mirror image resources for allowing to access, and the operation of the current access request Whether type is in the range of the action type of permission, if so, performing access;Otherwise, denied access or objective to the mirror image warehouse Family end sends again authorization identifying instruction notice.
CN201610978489.9A 2016-10-31 2016-10-31 The mandate of mirror image warehouse, access, management method and server and client side Withdrawn CN108011862A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610978489.9A CN108011862A (en) 2016-10-31 2016-10-31 The mandate of mirror image warehouse, access, management method and server and client side
PCT/CN2017/107525 WO2018077169A1 (en) 2016-10-31 2017-10-24 Image repository authorization, access and management method, server, and client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610978489.9A CN108011862A (en) 2016-10-31 2016-10-31 The mandate of mirror image warehouse, access, management method and server and client side

Publications (1)

Publication Number Publication Date
CN108011862A true CN108011862A (en) 2018-05-08

Family

ID=62024415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610978489.9A Withdrawn CN108011862A (en) 2016-10-31 2016-10-31 The mandate of mirror image warehouse, access, management method and server and client side

Country Status (2)

Country Link
CN (1) CN108011862A (en)
WO (1) WO2018077169A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924101A (en) * 2018-06-20 2018-11-30 北京车和家信息技术有限公司 A kind of operating method and relevant device of database
CN109033774A (en) * 2018-08-31 2018-12-18 阿里巴巴集团控股有限公司 Acquisition, the method, apparatus of feedback user resource and electronic equipment
WO2019001110A1 (en) * 2017-06-30 2019-01-03 平安科技(深圳)有限公司 Authority authentication method, system, and device, and computer-readable storage medium
CN109657429A (en) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 Video resource management method, equipment, system and computer readable storage medium
CN110022294A (en) * 2019-02-27 2019-07-16 广州虎牙信息科技有限公司 A kind of proxy server, Docker system and its right management method, storage medium
CN110120979A (en) * 2019-05-20 2019-08-13 华为技术有限公司 A kind of dispatching method, device and relevant device
CN111190738A (en) * 2019-12-31 2020-05-22 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system
CN111966868A (en) * 2020-09-07 2020-11-20 航天云网数据研究院(广东)有限公司 Data management method based on identification analysis and related equipment
CN112182522A (en) * 2019-07-05 2021-01-05 北京地平线机器人技术研发有限公司 Access control method and device
CN112363806A (en) * 2020-11-23 2021-02-12 北京信安世纪科技股份有限公司 Cluster management method and device, electronic equipment and storage medium
CN112506613A (en) * 2020-12-11 2021-03-16 四川长虹电器股份有限公司 Method for automatically identifying Maven change submodule and pushing docker mirror image by Gitlab-ci
CN112639783A (en) * 2018-08-31 2021-04-09 美光科技公司 Simultaneous mirror measurement and execution
CN112667998A (en) * 2020-12-08 2021-04-16 中国科学院信息工程研究所 Safe access method and system for container mirror image warehouse
CN113190609A (en) * 2021-05-28 2021-07-30 腾讯科技(深圳)有限公司 Data warehouse management method, system, device, storage medium and electronic equipment
CN115460022A (en) * 2022-11-11 2022-12-09 广州中长康达信息技术有限公司 Resource management method for intelligent auxiliary platform
CN117034233A (en) * 2023-10-09 2023-11-10 统信软件技术有限公司 Application management method and device based on permission, computing equipment and storage medium
CN117118751A (en) * 2023-10-23 2023-11-24 城云科技(中国)有限公司 OAuth 2-based access control model expansion method and application thereof

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109783076A (en) * 2018-12-14 2019-05-21 深圳壹账通智能科技有限公司 Code administration method, apparatus, equipment and storage medium based on git
CN111130852A (en) * 2019-12-04 2020-05-08 上海交通大学包头材料研究院 Cloud application network automatic deployment method based on Docker
CN111241503A (en) * 2020-01-16 2020-06-05 上海上实龙创智慧能源科技股份有限公司 Js frame-based page button authorization method
CN113452652A (en) * 2020-03-24 2021-09-28 深圳法大大网络科技有限公司 Multi-system-based data interaction method and device, electronic equipment and storage medium
CN115174162B (en) * 2022-06-17 2023-10-24 青岛海尔科技有限公司 Authorization method, device, system and storage medium based on OAuth protocol
CN115174174B (en) * 2022-06-24 2024-04-12 百融至信(北京)科技有限公司 Method and device for controlling electronic management platform
CN117852005B (en) * 2024-03-08 2024-05-14 杭州悦数科技有限公司 Safety verification method and system between graph database and client

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506628A (en) * 2014-12-25 2015-04-08 深圳市科漫达智能管理科技有限公司 Plugin repository management method and system
US20160105402A1 (en) * 2014-07-22 2016-04-14 Harsh Kupwade-Patil Homomorphic encryption in a healthcare network environment, system and methods
CN105653901A (en) * 2015-12-29 2016-06-08 深圳市科漫达智能管理科技有限公司 Component repository management method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106845183A (en) * 2017-01-24 2017-06-13 郑州云海信息技术有限公司 A kind of application container engine management method and system
CN107239688B (en) * 2017-06-30 2019-07-23 平安科技(深圳)有限公司 The purview certification method and system in Docker mirror image warehouse

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160105402A1 (en) * 2014-07-22 2016-04-14 Harsh Kupwade-Patil Homomorphic encryption in a healthcare network environment, system and methods
CN104506628A (en) * 2014-12-25 2015-04-08 深圳市科漫达智能管理科技有限公司 Plugin repository management method and system
CN105653901A (en) * 2015-12-29 2016-06-08 深圳市科漫达智能管理科技有限公司 Component repository management method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨霆: "隔离公共数据库及分级安全管理方法", 《微计算机应用(2006年04期)》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019001110A1 (en) * 2017-06-30 2019-01-03 平安科技(深圳)有限公司 Authority authentication method, system, and device, and computer-readable storage medium
CN108924101A (en) * 2018-06-20 2018-11-30 北京车和家信息技术有限公司 A kind of operating method and relevant device of database
CN112639783A (en) * 2018-08-31 2021-04-09 美光科技公司 Simultaneous mirror measurement and execution
CN109033774A (en) * 2018-08-31 2018-12-18 阿里巴巴集团控股有限公司 Acquisition, the method, apparatus of feedback user resource and electronic equipment
CN109033774B (en) * 2018-08-31 2020-08-07 阿里巴巴集团控股有限公司 Method and device for acquiring and feeding back user resources and electronic equipment
CN109657429A (en) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 Video resource management method, equipment, system and computer readable storage medium
CN110022294A (en) * 2019-02-27 2019-07-16 广州虎牙信息科技有限公司 A kind of proxy server, Docker system and its right management method, storage medium
CN110120979A (en) * 2019-05-20 2019-08-13 华为技术有限公司 A kind of dispatching method, device and relevant device
CN110120979B (en) * 2019-05-20 2023-03-10 华为云计算技术有限公司 Scheduling method, device and related equipment
CN112182522A (en) * 2019-07-05 2021-01-05 北京地平线机器人技术研发有限公司 Access control method and device
CN111190738A (en) * 2019-12-31 2020-05-22 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system
CN111190738B (en) * 2019-12-31 2023-09-08 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system
CN111966868A (en) * 2020-09-07 2020-11-20 航天云网数据研究院(广东)有限公司 Data management method based on identification analysis and related equipment
CN112363806A (en) * 2020-11-23 2021-02-12 北京信安世纪科技股份有限公司 Cluster management method and device, electronic equipment and storage medium
CN112363806B (en) * 2020-11-23 2023-09-22 北京信安世纪科技股份有限公司 Cluster management method and device, electronic equipment and storage medium
CN112667998A (en) * 2020-12-08 2021-04-16 中国科学院信息工程研究所 Safe access method and system for container mirror image warehouse
CN112667998B (en) * 2020-12-08 2024-03-01 中国科学院信息工程研究所 Safe access method and system for container mirror image warehouse
CN112506613A (en) * 2020-12-11 2021-03-16 四川长虹电器股份有限公司 Method for automatically identifying Maven change submodule and pushing docker mirror image by Gitlab-ci
CN113190609A (en) * 2021-05-28 2021-07-30 腾讯科技(深圳)有限公司 Data warehouse management method, system, device, storage medium and electronic equipment
CN113190609B (en) * 2021-05-28 2023-11-03 腾讯科技(深圳)有限公司 Data warehouse management method, system, device, storage medium and electronic equipment
CN115460022B (en) * 2022-11-11 2023-03-07 广州中长康达信息技术有限公司 Resource management method for intelligent auxiliary platform
CN115460022A (en) * 2022-11-11 2022-12-09 广州中长康达信息技术有限公司 Resource management method for intelligent auxiliary platform
CN117034233A (en) * 2023-10-09 2023-11-10 统信软件技术有限公司 Application management method and device based on permission, computing equipment and storage medium
CN117034233B (en) * 2023-10-09 2024-01-23 统信软件技术有限公司 Application management method and device based on permission, computing equipment and storage medium
CN117118751A (en) * 2023-10-23 2023-11-24 城云科技(中国)有限公司 OAuth 2-based access control model expansion method and application thereof
CN117118751B (en) * 2023-10-23 2024-01-30 城云科技(中国)有限公司 OAuth 2-based access control model expansion method and application thereof

Also Published As

Publication number Publication date
WO2018077169A1 (en) 2018-05-03

Similar Documents

Publication Publication Date Title
CN108011862A (en) The mandate of mirror image warehouse, access, management method and server and client side
US11963006B2 (en) Secure mobile initiated authentication
US10939295B1 (en) Secure mobile initiated authentications to web-services
US11750609B2 (en) Dynamic computing resource access authorization
CN106471783B (en) Via the business system certification and authorization of gateway
CN113010911B (en) Data access control method, device and computer readable storage medium
CN107239688B (en) The purview certification method and system in Docker mirror image warehouse
CN105378744B (en) User and device authentication in business system
CN105659557B (en) The method and system of network-based Interface integration for single-sign-on
US9300653B1 (en) Delivery of authentication information to a RESTful service using token validation scheme
US8997196B2 (en) Flexible end-point compliance and strong authentication for distributed hybrid enterprises
Chadwick et al. Adding federated identity management to openstack
CN110463161A (en) For accessing the password state machine of locked resource
CN109165500B (en) Single sign-on authentication system and method based on cross-domain technology
EP2894891B1 (en) Mobile token
JP2017539017A (en) Identity infrastructure as a service
KR20040049272A (en) Methods and systems for authentication of a user for sub-locations of a network location
Laborde et al. A user-centric identity management framework based on the W3C verifiable credentials and the FIDO universal authentication framework
WO2021127577A1 (en) Secure mobile initiated authentications to web-services
CN110519285A (en) User authen method, device, computer equipment and storage medium
Ferry et al. Security evaluation of the OAuth 2.0 framework
Beltran Characterization of web single sign-on protocols
CN108027799A (en) The safety container platform for accessing and disposing for the resource in equipment that is unregulated and not protected
CN107005605A (en) Device identification in authorization of service
WO2021127575A1 (en) Secure mobile initiated authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180508

WW01 Invention patent application withdrawn after publication