CN109756557A - User right server and method of servicing and system based on user right - Google Patents
User right server and method of servicing and system based on user right Download PDFInfo
- Publication number
- CN109756557A CN109756557A CN201811406515.6A CN201811406515A CN109756557A CN 109756557 A CN109756557 A CN 109756557A CN 201811406515 A CN201811406515 A CN 201811406515A CN 109756557 A CN109756557 A CN 109756557A
- Authority
- CN
- China
- Prior art keywords
- user
- node
- user right
- opc
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of user right server and method of servicing and system based on user right, wherein method includes: to receive the information acquisition request that user right service equipment is sent according to rights service demand by OPC UA browse interface;Node data information corresponding with information acquisition request is determined in OPC UA node space, and node data information is fed back into user right service equipment;It by OPC UA method call interface, receives user right service equipment and is requested according to the rights service of node data information input, and determine method node corresponding with rights service request in OPC UA node space;According to method Node registers to user right service unit, so that user right service unit executes method corresponding with method node and provides corresponding user right service.Hereby it is achieved that user right services the decoupling of related intermodule, system workload is alleviated, and improves flexibility and user right reliability of service and the scalability of system.
Description
Technical field
The present invention relates to rail communication technical field more particularly to a kind of user right server and based on user right
Method of servicing and system.
Background technique
Track traffic synthetic monitoring system is to modernize network technology, computer technology, automation and information technology and be
The unified calculation machine integrated platform of fundamental construction, the system by using General Open hardware interface and soft communication agreement,
Carry out information exchange with each access system in a manner of being integrally interconnected, it is final realize to the Centralized Monitoring function of each professional equipment and
Information sharing and coordination and interaction function between each system.Wherein, user right service is the important composition portion of comprehensive monitoring system
Point, for being the moulds such as configuration instrument, man-machine interface (Human Machine Interface, HMI), real time service, history service
Block provides unified user right access control, guarantees the safety of system access.
In the related technology, comprehensive monitoring system uses Common Object Request Broker Architecture (Common Object
Request Broker Architecture, CORBA) technology as system service bus, also would generally by user right service
It is realized using based on CORBA technology, realizes that above-mentioned user logs in, permission is tested using the remote object server technology of CORBA
The service such as card, and realizes user right service based on CORBA technology, each service module (including configuration instrument, man-machine interface
The modules such as (Human Machine Interface, HMI), real time service, history service) between need according to manufacturer and production
The difference of platform, customizes different interfaces, larger workload and flexibility is lower.
Summary of the invention
The present invention provides a kind of user right server and method of servicing and system based on user right, existing to solve
The degree of coupling is higher between user right service modules in technology and system needs the device customizing pair based on different vendor's offer
The communication interface answered leads to larger workload and the lower technical problem of flexibility.
One aspect of the present invention embodiment provides a kind of method of servicing based on user right, comprising the following steps: passes through OPC
UA browse interface receives the information acquisition request that user right service equipment is sent according to rights service demand;In OPC UA node
Node data information corresponding with the information acquisition request is determined in space, and by the node data information described in
OPC UA browse interface feeds back to the user right service equipment;By OPC UA method call interface, the user is received
Rights service equipment is requested according to the rights service of the node data information input, and is determined in the OPC UA node space
Method node corresponding with rights service request;According to the method Node registers to user right service unit, so that
The user right service unit executes corresponding with the method node method offer user corresponding with rights service request
Rights service.
Another aspect of the present invention embodiment provides a kind of user right server, comprising: receiving module, for passing through OPC
UA browse interface receives the information acquisition request that user right service equipment is sent according to rights service demand;First determines mould
Block, for determining node data information corresponding with the information acquisition request in OPC UA node space;Feedback module is used
In the node data information is fed back to the user right service equipment by the OPC UA browse interface;Second determines
Module, for receiving the user right service equipment according to the node data information by OPC UA method call interface
The rights service of input is requested, and determines method section corresponding with rights service request in the OPC UA node space
Point;Execution module is used for according to the method Node registers to user right service unit, so that user right service is single
Member executes user right service corresponding with rights service request with the corresponding method offer of the method node.
Another aspect of the invention embodiment provides a kind of service system based on user right, including user right service is set
Standby and user right server, wherein the user right server includes that OPC UA service unit and user right service are single
Member, the user right server are used to execute the method for servicing based on user right as described in first aspect embodiment, institute
It states OPC UA service unit and the user right service unit communicates to connect, the user right service equipment passes through described
The OPC UA standard interface and the OPC UA service unit that OPC UA service unit provides communicate to connect.
Technical solution disclosed by the invention, has the following beneficial effects:
The acquisition of information that user right service equipment is sent according to rights service demand is received by OPC UA browse interface
Request, determines corresponding with information acquisition request node data information in OPC UA node space, and by node data information
User right service equipment is fed back to by OPC UA browse interface, in turn, by OPC UA method call interface, receives user
Rights service equipment is requested according to the rights service of node data information input, and is determined in OPC UA node space and taken with permission
Corresponding method node is requested in business, finally, according to method Node registers to user right service unit, so that user right service
Unit executes method corresponding with method node and provides corresponding user right service.Hereby it is achieved that user right service is related
Intermodule decoupling, alleviate system workload, and improve the flexibility and user right reliability of service of system
And scalability.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, in which:
Fig. 1 is the application scenarios schematic diagram of the method for servicing based on user right according to prior art;
Fig. 2 is the application scenarios schematic diagram of the method for servicing according to an embodiment of the invention based on user right;
Fig. 3 is the flow chart of the method for servicing according to an embodiment of the invention based on user right;
Fig. 4 is the flow chart of the method for servicing based on user right accord to a specific embodiment of that present invention;
Fig. 5 is the structural schematic diagram of user right server according to an embodiment of the invention;
Fig. 6 is the structural schematic diagram of user right server in accordance with another embodiment of the present invention;
Fig. 7 is the structural schematic diagram of the service system according to an embodiment of the invention based on user right.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings the user right server of the embodiment of the present invention and the method for servicing based on user right are described
And system.
Before being illustrated to technical solution of the present invention, the present invention is understood for the ease of those skilled in the art,
Some technical terms of the present invention are explained herein:
Open platform communicates unified shader (OLE for Process Control Unified Architecture, OPC
UA): i.e. OPC unified shader is a kind of consensus standard of the industrial automatic control proposed by OPC foundation, using typical
C/S (Client/Server, client/server) mode.OPC UA provides safety, reliably and independently of manufacturer, realizes former
Beginning data and pretreated information are from manufacture level to production plan or ERP (Enterprise Resource Planning, enterprise
Industry resource planning) level transmission.Since OPC UA has thus obscured the otherness between different vendor independently of manufacturer.
Man-machine interface (Human Machine Interface, HMI): also it is man-machine interface.Man-machine interface (also known as user
Interface or user interface) it is the medium interacted between system and user with information exchange, it realizes the inside shape of information
Formula and the mankind can receive the conversion between form.All there is man-machine interfaces in the field of all participant's machine information exchanges.
Common Object Request Broker Architecture (Common Object Request Broker Architecture,
CORBA): being answered by a kind of object-oriented of Object Management Organization (Object Management Group, OMG) standard worked out
With procedure system specification, to solve in distributed processing environment, the interconnection of Hardware & software system.
As analyzing above, in the prior art, as shown in Figure 1, being based on CORBA skill when carrying out user right service
Art is directly interactive with the interface communication of corresponding server, for example, where the user rights service equipment such as HMI and configuration instrument
Client needs to service the difference of the production firm in relation to equipment according to user right, compiles different communication interfaces and carries out with it
It is of coupled connections, larger workload and flexibility is lower.
And the present invention has the function of providing the technical characterstic of unified shader in view of OPC UA, based on it independently of manufacturer
Property, by OPC UA bus by user right service related equipment and real-time server, history server, HMI etc. carry out
Decoupling, provides a kind of comprehensively monitoring user right service system based on OPC UA, and internal system is real using database technology
The storage of existing data realizes the user rights such as user management, Role Management, LoginLogout, Authority Verification using independent logical layer
Service externally provides OPC UA standard interface, for example, the interfaces such as browse interface, read-write interface, method call are unified for outside
Client provides access access.
Technical solution provided by the invention is specific as shown in Fig. 2, in such as Fig. 2, provides data storage clothes using database
Business, which can be used relevant database or Lightweight Database etc., for storing the relevant relation data of every user,
Such as the configuration of user information data, user password, user right, log and audit information etc., in addition, being based on user right service
Unit supports the relevant core business of such as user and permission to realize, mainly includes that user management (is increased newly, modified, deactivating, opening
With), Role Management (newly-increased, modification, delete, permission increases and deletes), user's login, cancellation, Authority Verification, log and behavior
The function of audit etc., wherein according to the standard of OPC UA, provide the clothes that unified node space is realized to external equipment
Business can create user node tree, role node tree etc. in inside, and in following all user nodes of user node tree and right
The method node answered, including the methods of login, cancellation, increase, deletion, deactivated, log recording, Authority Verification node.In role
Increase all role node and corresponding method node, including newly-increased role, modification role, deletion role, power under node tree
The methods of limit management node, OPC UA node space is using interfaces such as OPC UA standard browser interface, read-write interface, method calls
It is unified for external equipment and access access is provided, wherein external equipment mentioned above can be understood as completing associated user's permission
The user right service equipment of service can be HMI and configuration instrument etc., wherein login, the cancellation, power of HMI realization user
The services such as limit verifying, password modification, user behaviors log record, configuration instrument realize newly-increased user, modification, deactivate, enable, role's
Management and the configuration of permission etc..
Specifically, Fig. 3 is the flow chart of the method for servicing according to an embodiment of the invention based on user right, such as
Shown in Fig. 3, this method comprises:
Step 101, receive what user right service equipment was sent according to rights service demand by OPC UA browse interface
Information acquisition request.
Wherein, user right service equipment may include configuration instrument, history server, real-time server and HMI etc..
It should be understood that can be got information about for the ease of user right service equipment, needed with its rights service
Related information is sought, OPC UA provides browse interface and receives the information that user right service equipment is sent based on rights service demand
Acquisition request, wherein when permission demand for services is user's newly increased requirement, then corresponding information acquisition request may include obtaining
The acquisition request of all user node information determines in order to which user right service equipment is according to all user node information
Whether newly-increased user node has existed.
In practical applications, need to construct the node space of OPC UA, in order to mention based on the function that node space is realized
For OPC UA standard interface.
In one embodiment of the invention, user information, user right information and right management method information are obtained,
In, user information, user right information and right management method information can be stored in related server or database,
Wherein, user information reflects user login name, user password etc., and user right information includes customer administrator's permission, common
User right etc., right management method information include the management method information for user, for example, Add User, modify user,
Delete user, rights management etc., wherein between right management method and user information and user right information, according to affiliated
User has adduction relationship.The modeling of OPC UA is actually the reference between node and node, and node can be according to different
Purposes belongs to different node classifications in OPC UA, most important node class, variable and method.Object can be gathered around
There are variable and method, and user authority management event can be triggered.
In an embodiment of the present invention, based on the creation principle of above-mentioned node space, OPC UA is based on by user information, use
Family authority information and right management method information are loaded into node space in a manner of node, and establish node space and user's power
Limit the OPC UA standard interface that service equipment carries out communication interaction.Using the user's name in user information as Object node, with
Authority information of user information etc. is used as variable node (attribute node), and using rights management as method node, method node is full
Sufficient user right service equipment requests to execute counterparty to corresponding user right service unit request according to the rights service of input
Method simultaneously returns to implementing result.
Step 102, node data information corresponding with information acquisition request is determined in OPC UA node space, and will section
Point data information feeds back to user right service equipment by OPC UA browse interface.
Specifically, it after receiving information acquisition request, based on the composed structure of OPC UA node space, is saved in OPC UA
Node data information corresponding with information acquisition request is determined in the space of points, for example, node ID, node attribute information etc., in turn,
Node data information is based on OPC UA browse interface and feeds back to user right service equipment, in order to user right service equipment
Corresponding user right service is executed based on node data information.
In some possible embodiments, when user right service equipment be configuration instrument, and rights service demand be use
When the newly increased requirement of family, then when OPC UA browse interface receives the acquisition request of all user informations sent based on the demand
When, determine the node data information of all user node in OPC UA node space, such as user node user's name,
The node data information is based on OPC UA browse interface and feeds back to user right service equipment by user right etc. in turn, if
It waits for that newly-increased user does not have corresponding node in node space based on node data INFORMATION DISCOVERY, then receives user in configuration
The details to Add User, such as user's name of tool typing etc., in order to further provide for the rights service that Adds User.
In other possible embodiments, when user right service equipment is HMI, and rights service demand is stepped on for user
When record demand, then when OPC UA browse interface receives the login user nodal information acquisition request based on demand transmission,
The node data information in detail such as user node ID corresponding with login user is determined in OPC UA node space, and in detail by this
Node data information feeds back to HMI, the login etc. in order to HMI based on node data information progress login user.
Step 103, by OPC UA method call interface, it is defeated according to node data information to receive user right service equipment
The rights service request entered, and determine method node corresponding with rights service request in OPC UA node space.
Wherein, OPC UA method call interface can be understood as the CALL calling interface often referred in art technology.
Specifically, after getting node data information, user right service equipment is based on OPC UA method call interface
Sending permission service request, wherein it include parameter required for implementing permission service request in rights service request, for example,
It include that user name and user login code etc. are saved based on OPC UA in turn in rights service request when implementing user's logging request
The implementation principle of the space of points determines method node corresponding with rights service request in OPC UA node space, for example, determine with
The corresponding user of the newly-increased request of user increases method node newly, for another example, determines under login user corresponding with user's logging request
Login method node etc..
Step 104, according to method Node registers to user right service unit so that user right service unit execute with
The corresponding method of method node provides user right service corresponding with user's full powers limit service request.
Specifically, according to method Node registers to user right service unit, so that user right service unit is realized
Related rights service executes user right service corresponding with method node, for example, user management (is increased newly, modified, deactivating, opening
With), Role Management (newly-increased, modification, delete, permission increases and deletes), user's login, cancellation, Authority Verification, log and behavior
The function of audit etc., wherein next operation is carried out for the ease of user right service equipment, in user right service
It, will by OPC UA method call interface after unit execution method corresponding with method node provides corresponding user right service
Implementing result feeds back to user right service equipment.
In an embodiment of the present invention, user right service unit realizes user authority management as independent logical layer
Core business, user right service unit complete the service of corresponding user right based on the information exchange with database.
In some possible embodiments, when permission service request, which is that user is newly-increased, requests, user right service equipment
When for configuration instrument, then information acquisition request includes all user node information acquisition requests, and node data information includes all
The node data information (nodename, node ID including all user nodes etc.) of user node, gets in configuration instrument
After node data information, administrator can be determined newly-increased based on already existing nodename in present node space and node ID
Whether user has existed, if not existing, Adding User for administrator's input is received on the interface that configuration instrument provides
User information, including the user's name etc. to Add User.
In turn, configuration instrument is based on OPC UA method call interface and sends the newly-increased request of user, passes through OPC UA method tune
OPC is determined after receiving configuration instrument according to the newly-increased request of the user of the node data information input of all user nodes with interface
The method node that Adds User corresponding with the newly-increased request of user in UA node space, to be arrived according to the method Node registers that Add User
User right service unit, so that the execution of user right service unit Adds User, method creates the user information to Add User
Into database.
In other possible embodiments, when permission service request is user's logging request, user right service equipment
When for equipment comprising man-machine interface, then information acquisition request includes target login user nodal information acquisition request, number of nodes
It is believed that breath includes the node data information (node ID, nodename including target user etc.) of target login user node, people
The node datas information such as node of the machine interface based on the target login user send target to the method call interface of OPC UA
Login user logging request, wherein the target comprising relevant operation personnel input in the logging request of the target login user is stepped on
Employ the login password at family.
By OPC UA method call interface, the equipment comprising man-machine interface is received according to the section of target login user node
After the target login user logging request of point data information input, determines in OPC UA node space and logged in target login user
Corresponding user login method node is requested, according to user login method Node registers to user right service unit, to use
Family rights service unit executes user login method with to the system password of data base querying target login user, and controls user
Rights service unit is tested according to the system password of the target login user inquired and the comparison result feedback of user login code
Demonstrate,prove result.Wherein, when system password is consistent with user login code, the verification result of feedback is to be verified, when system is close
When code is inconsistent with user login code, the verification result of feedback is that verifying does not pass through.
In other possible embodiment, when permission service request is the request of target user's Authority Verification, user right
When service equipment is history server, then information acquisition request includes target user's nodal information acquisition request, in node space
The node data information corresponding with target user's nodal information acquisition request of middle determination includes the node of target user's node
Data information (ID etc. including target user's node), in turn, in the node datas information such as node ID for receiving destination node
Afterwards, history server sends user right checking request by OPC UA method call interface, wherein the user in the present embodiment
Authority Verification request refers to whether verifying current target node has certain user's operation permission, for example, active user is under
When published article part, corresponding user's operation permission is download permission, for example, when user is when deleting file, corresponding user's operation
Permission is to delete file permission.
By OPC UA method call interface, it is defeated according to the node data information of target user's node to receive history server
After the target user's Authority Verification request entered, wherein identified in the request of target user's rights service including target user and above-mentioned
Target user's operating right determines user right verifying corresponding with the request of target user's Authority Verification in OPC UA node space
Method node, with according to user right verification method Node registers to user right service unit, so that user right service is single
Member executes user right verification method, to identify the authority information to data base querying target user according to target user, and controls
User right service unit processed is according to the authority information of the target user inquired and the comparison result of user's operation Authority Verification
Feedback permission warrant is as a result, when including user's operation permission in the authority information for inquiring target user according to target user's mark
When, then it feeds back Authority Verification and passes through as a result, when not including in the authority information for inquiring target user according to target user's mark
When user's operation permission, then the unacceptable result of Authority Verification is fed back.The clothes based on user right of the embodiment of the present invention as a result,
Business method is executed using OPC UA technology, OPC UA technology as it is a set of reliably for applying in industrial system between
Data exchange standard, OPC UA, which can allow between different operating system and the equipment of different manufacturer, can carry out data friendship
It changes, additionally has the characteristics that strong security, high availability, scalability, also, using the standard interface of OPC UA, first
By browsing the node ID of service acquisition user, corresponding function is then completed by the method under the calling node ID, such as
Then the login password for modifying user Zhang San, the node ID for needing that browse interface is called to obtain Zhang San pass through CALL method call
Modify password method under Zhang San's node ID is realized, realizes the decoupling of intermodule, strong security, High Availabitity based on OPC UA
Property, high-performance, scalability, be greatly improved the reliability and applicability of comprehensive monitoring system, be easier to realize comprehensively monitoring
The linkage of the information mutual communication of system and external user permission equipment room, service uses the OPC UA standard interface of standard, as long as meeting
The external user permission equipment of OPC UA can be conveniently called, and each intermodule of the service system based on user right is convenient for real
The existing system integration, the scalability of the service system based on user right is there has also been biggish improve, and user right service system
System is realized using OPC UA technology, so that entire comprehensive monitoring system Technical Architecture is unified.
In order to enable those skilled in the art can more be apparent from the embodiment of the present invention based on user right
Method of servicing execution process, be respectively below configuration instrument and HMI, rights service demand point with user right service equipment
Not Wei user is newly-increased, user is illustrated for logging in, be described as follows:
As shown in figure 4, receiving configuration work based on OPC UA browse interface when having the rights service demand to Add User
Have the information acquisition request sent, determine the node data information of all nodes in OPC UA node space, and by all sections
The node data information of point feeds back to configuration instrument, knowing how not having user node to be increased in present node, then manages
Member inputs the details to Add User at the interface that configuration instrument provides, and in turn, calls OPC UA method call interface, input
Rights service request comprising the details that Add User, calls user to increase method section newly by OPC UA method call interface
Point adds user to system, i.e., increases method Node registers newly to user right service unit, so that user right based on user
Service unit executes user and increases method newly, and database saves newly-increased User Detail, in turn, is based on OPC UA method call
Interface or notification interface etc. will increase successful message feedback newly to configuration instrument.
With continued reference to Fig. 4, HMI system provides system login interface to operator, and operator inputs user name and password,
HMI calls the browse interface of OPC UA, and the detailed node data of the user in node space, such as node are obtained according to user name
ID etc., HMI call the login method node of the user node by OPC UA method call interface, sending permission service request,
Wherein, rights service request includes the password etc. of operator's input, and the login method Node registers of OPC UA take to user right
Business unit, user right service unit are adopted to database and initiate inquiry operation, obtain the system password of the user, user is inputted
Password and system password are verified, and verification result is returned, and after HMI receives user's login result, carry out subsequent operation.
To sum up, the method for servicing based on user right of the embodiment of the present invention receives user by OPC UA browse interface
The information acquisition request that rights service equipment is sent according to rights service demand, determination is obtained with information in OPC UA node space
The corresponding node data information of request is taken, and node data information is fed back into user right service by OPC UA browse interface
Equipment by OPC UA method call interface, receives user right service equipment according to the power of node data information input in turn
Service request is limited, and determines method node corresponding with rights service request in OPC UA node space, finally, according to method section
Point logs on to user right service unit, so that user right service unit execution method offer corresponding with method node is corresponding
User right service.Hereby it is achieved that user right services the decoupling of related intermodule, improve user right service can
By property and scalability.
In order to realize above-described embodiment, the invention also provides a kind of user right server, Fig. 5 is according to the present invention one
The structural schematic diagram of the user right server of a embodiment, as shown in figure 5, the user right server includes: receiving module
110, the first determining module 120, feedback module 130, the second determining module 140 and execution module 150.
Wherein, receiving module 110 take for receiving user right service equipment by OPC UA browse interface according to permission
The information acquisition request that business demand is sent.
First determining module 120, for determining number of nodes corresponding with information acquisition request in OPC UA node space
It is believed that breath.
Feedback module 130 is set for node data information to be fed back to user right service by OPC UA browse interface
It is standby.
In one embodiment of the invention, feedback module 130 are also used to according to method Node registers to user right
Service unit, so that user right service unit execution method corresponding with method node, which provides corresponding user right, services it
Afterwards, implementing result is fed back to by user right service equipment by OPC UA method call interface.Second determining module 140 is used
In by OPC UA method call interface, receives user right service equipment and asked according to the rights service of node data information input
It asks, and determines method node corresponding with rights service request in OPC UA node space.
Execution module 150 is used for according to method Node registers to user right service unit, so that user right service is single
Member executes user right service corresponding with rights service request with the corresponding method offer of method node.
In one embodiment of the invention, when permission service request, which is that user is newly-increased, requests, execution module 150, tool
Body is used to be increased newly to user right service unit so that user right service unit executes according to the method Node registers that Add User
User method creates the user information to Add User in database.
In one embodiment of the invention, when permission service request is user's logging request, user right service equipment
When for equipment comprising man-machine interface, then information acquisition request includes target login user nodal information acquisition request, number of nodes
It is believed that breath includes the node data information of target login user node, execution module 150 is specifically used for according to user login method
Node registers are to user right service unit, so that user right service unit executes user login method with to data base querying
The system password of target login user, and it is close according to the system of the target login user inquired to control user right service unit
The comparison result feedback validation result of code and the login password of target login user.
In one embodiment of the invention, as shown in fig. 6, on the basis of as shown in Figure 5, the user right server
It further include obtaining module 160 and interface creation module 170, wherein
Module 160 is obtained, for obtaining user information, user right information and right management method information.
Interface creation module 170, for being believed user information, user right information and right management method based on OPC UA
Breath is loaded into node space in a manner of node, and establishes node space and carry out communication interaction with user right service equipment
OPC UA standard interface.
It should be noted that the aforementioned explanation for concentrating on the method for servicing embodiment based on user right, is also applied for this
The user right server of inventive embodiments, realization principle is similar, and details are not described herein.
To sum up, the user right server of the embodiment of the present invention receives user right service by OPC UA browse interface
The information acquisition request that equipment is sent according to rights service demand, the determining and information acquisition request pair in OPC UA node space
The node data information answered, and node data information is fed back into user right service equipment by OPC UA browse interface, into
And by OPC UA method call interface, user right service equipment is received according to the rights service of node data information input
Request, and determine method node corresponding with rights service request in OPC UA node space, finally, according to method Node registers
To user right service unit, so that user right service unit executes method corresponding with method node and provides corresponding user's power
Limit service.Hereby it is achieved that user right services the decoupling of related intermodule, improve user right reliability of service and
Scalability.
In order to realize above-described embodiment, the invention also provides a kind of service systems based on user right, such as Fig. 7 institute
Show, which includes: user right server 100, user right service equipment 200, wherein user right server 100 wraps
Include OPC UA service unit 110 and user right service unit 120, user right server 100, for executing above-described embodiment
The described method of servicing based on user right, OPC UA service unit 110 are connect with user right service unit 120, are used
The OPC UA standard interface and OPC UA service unit 110 that family rights service equipment 200 is provided by OPC UA service unit 110
Communication connection.
It should be noted that the aforementioned method of servicing concentrated on based on user right surveys the embodiment of description, it is also applied for
The present invention is based on the service system embodiment of user right, implementing principle and technical effect class this, details are not described herein.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance
Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three
It is a etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing custom logic function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.Such as, if realized with hardware in another embodiment, following skill well known in the art can be used
Any one of art or their combination are realized: have for data-signal is realized the logic gates of logic function from
Logic circuit is dissipated, the specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene can compile
Journey gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although having been shown and retouching above
The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, and should not be understood as to limit of the invention
System, those skilled in the art can be changed above-described embodiment, modify, replace and become within the scope of the invention
Type.
Claims (13)
1. a kind of method of servicing based on user right, which is characterized in that the method is applied to user right server, including
Following steps:
The information acquisition request that user right service equipment is sent according to rights service demand is received by OPC UA browse interface;
Determine corresponding with information acquisition request node data information in OPC UA node space, and by the number of nodes
It is believed that breath feeds back to the user right service equipment by the OPC UA browse interface;
By OPC UA method call interface, the user right service equipment is received according to the node data information input
Rights service request, and determine method node corresponding with rights service request in the OPC UA node space;
According to the method Node registers to user right service unit so that the user right service unit execute with it is described
The corresponding method of method node provides user right service corresponding with rights service request.
2. the method as described in claim 1, which is characterized in that receive user right clothes by OPC UA browse interface described
Before the information acquisition request that business equipment is sent according to rights service demand, further includes:
Obtain user information, user right information and right management method information;
The user information, user right information and right management method information are added in a manner of node based on OPC UA standard
It is downloaded to OPC UA node space, and establishes the OPC UA node space and user right service equipment progress communication interaction
OPC UA standard interface.
3. the method as described in claim 1, which is characterized in that it is requested when rights service request is that user is newly-increased, it is described
When user right service equipment is configuration instrument, then the information acquisition request includes all user node information acquisition requests,
The node data information includes the node data information of all user nodes,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment
The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space
It includes:
By the OPC UA method call interface, the configuration instrument is received according to the node data of all user nodes
The newly-increased request of the user of information input, wherein comprising the user information to Add User in the newly-increased request of the user, and determine institute
State the method node that Adds User corresponding with the newly-increased request of the user in OPC UA node space.
4. method as claimed in claim 3, which is characterized in that
It is described according to the method Node registers to user right service unit so that the user right service unit execute with
The corresponding method of the method node provides corresponding user right service, comprising:
According to the method Node registers that Add User to the user right service unit, so that user right service is single
Member executes the method that Adds User and creates the user information to Add User in database.
5. the method as described in claim 1, which is characterized in that it requests to be user's logging request when the rights service, it is described
When user right service equipment is the equipment comprising man-machine interface, then the information acquisition request includes target login user node
Information acquisition request, the node data information include the node data information of the target login user node,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment
The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space
It includes:
By the OPC UA method call interface, the equipment comprising man-machine interface is received according to the target login user
The target login user logging request of the node data information input of node, wherein in the target login user logging request
Login password comprising target login user, and determine in the OPC UA node space and asked with target login user login
Seek corresponding user login method node.
6. method as claimed in claim 5, which is characterized in that described according to the method Node registers to user right service
Unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes
Business, comprising:
According to the user login method Node registers to the user right service unit, so that user right service is single
Member executes user login method with to the system password of data base querying target login user, and controls the user right service
Unit is according to the comparison of the system password of the target login user inquired and the login password of the target login user
As a result feedback validation result.
7. the method as described in claim 1, which is characterized in that when rights service request is that target user's Authority Verification is asked
It asks, when the user right service equipment is history server, then the information acquisition request includes target user's nodal information
Acquisition request, the node data information include the node data information of target user's node,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment
The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space
It includes:
By the OPC UA method call interface, the history server is received according to the number of nodes of target user's node
It is requested according to target user's Authority Verification of information input, wherein include target user in target user's rights service request
Mark and target user's operating right, and determine in the OPC UA node space with target user's Authority Verification request pair
The user right verification method node answered.
8. the method for claim 7, which is characterized in that described according to the method Node registers to user right service
Unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes
Business, comprising:
According to the user right verification method Node registers to the user right service unit, so that the user right takes
Business unit executes user right verification method, to identify the power to target user described in data base querying according to the target user
Limit information, and control authority information and the user of the user right service unit according to the target user inquired
The comparison result of operating right verifying feeds back permission warrant result.
9. the method as described in claim 1, which is characterized in that taken described according to the method Node registers to user right
Business unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes
After business, further includes:
Implementing result is fed back into the user right service equipment by the OPC UA method call interface.
10. a kind of user right server characterized by comprising
Receiving module, for receiving what user right service equipment was sent according to rights service demand by OPC UA browse interface
Information acquisition request;
First determining module, for determining corresponding with information acquisition request number of nodes in OPC UA node space it is believed that
Breath;
Feedback module takes for the node data information to be fed back to the user right by the OPC UA browse interface
Business equipment;
Second determining module, for receiving the user right service equipment according to by OPC UA method call interface
The rights service of node data information input is requested, and determine in the OPC UA node space with rights service request pair
The method node answered;
Execution module is used for according to the method Node registers to user right service unit, so that the user right service
Unit executes user right service corresponding with rights service request with the corresponding method offer of the method node.
11. user right server as claimed in claim 10, which is characterized in that further include:
Module is obtained, for obtaining user information, user right information and right management method information;
Interface creation module, for being based on OPC UA for the user information, user right information and right management method information
It is loaded into node space in a manner of node, and establishes the node space and carries out communication friendship with the user right service equipment
Mutual OPC UA standard interface.
12. user right server as claimed in claim 10, which is characterized in that the feedback module is also used to described
According to the method Node registers to user right service unit, so that the user right service unit executes and the method
It is by the OPC UA method call interface that implementing result is anti-after the corresponding method of node provides corresponding user right service
It is fed to the user right service equipment.
13. a kind of service system based on user right, which is characterized in that taken including user right service equipment and user right
Business device, wherein the user right server includes OPC UA service unit and user right service unit, the user right
Server is used to execute the method for servicing based on user right as described in claim 1-9 is any, and the OPC UA service is single
First to communicate to connect with the user right service unit, the user right service equipment is mentioned by the OPC UA service unit
The OPC UA standard interface of confession and the OPC UA service unit communicate to connect.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811406515.6A CN109756557B (en) | 2018-11-23 | 2018-11-23 | User authority server and service method and system based on user authority |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811406515.6A CN109756557B (en) | 2018-11-23 | 2018-11-23 | User authority server and service method and system based on user authority |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109756557A true CN109756557A (en) | 2019-05-14 |
CN109756557B CN109756557B (en) | 2019-12-10 |
Family
ID=66403368
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811406515.6A Active CN109756557B (en) | 2018-11-23 | 2018-11-23 | User authority server and service method and system based on user authority |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109756557B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159693A (en) * | 2019-12-28 | 2020-05-15 | 西安精雕软件科技有限公司 | Electronic equipment permission verification method, device and system and readable medium |
CN111651639A (en) * | 2020-04-27 | 2020-09-11 | 宁波吉利汽车研究开发有限公司 | Address space management method, device, equipment and medium |
CN114390100A (en) * | 2020-10-21 | 2022-04-22 | 沈阳中科数控技术股份有限公司 | Working method of OPC UA server based on numerical control system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103738369A (en) * | 2013-12-26 | 2014-04-23 | 北京交控科技有限公司 | ATS device and system based on OPC UA technology |
CN104168268A (en) * | 2014-07-24 | 2014-11-26 | 广东电网公司电力科学研究院 | Power grid object access control device capable of realizing safety configuration and access of power grid model data |
CN106550052A (en) * | 2016-12-08 | 2017-03-29 | 南京富岛信息工程有限公司 | A kind of data acquisition unit and method based on OPC UA |
CN107070891A (en) * | 2017-03-10 | 2017-08-18 | 腾讯科技(深圳)有限公司 | Service calling method and device |
US20180088548A1 (en) * | 2015-03-27 | 2018-03-29 | Bühler AG | Method and system for process controlling of plants in an opc-ua based machine-to-machine network |
CN108459574A (en) * | 2018-03-27 | 2018-08-28 | 重庆邮电大学 | It is a kind of that system is managed based on the semantic field device information with OPC UA |
-
2018
- 2018-11-23 CN CN201811406515.6A patent/CN109756557B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103738369A (en) * | 2013-12-26 | 2014-04-23 | 北京交控科技有限公司 | ATS device and system based on OPC UA technology |
CN104168268A (en) * | 2014-07-24 | 2014-11-26 | 广东电网公司电力科学研究院 | Power grid object access control device capable of realizing safety configuration and access of power grid model data |
US20180088548A1 (en) * | 2015-03-27 | 2018-03-29 | Bühler AG | Method and system for process controlling of plants in an opc-ua based machine-to-machine network |
CN106550052A (en) * | 2016-12-08 | 2017-03-29 | 南京富岛信息工程有限公司 | A kind of data acquisition unit and method based on OPC UA |
CN107070891A (en) * | 2017-03-10 | 2017-08-18 | 腾讯科技(深圳)有限公司 | Service calling method and device |
CN108459574A (en) * | 2018-03-27 | 2018-08-28 | 重庆邮电大学 | It is a kind of that system is managed based on the semantic field device information with OPC UA |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159693A (en) * | 2019-12-28 | 2020-05-15 | 西安精雕软件科技有限公司 | Electronic equipment permission verification method, device and system and readable medium |
CN111651639A (en) * | 2020-04-27 | 2020-09-11 | 宁波吉利汽车研究开发有限公司 | Address space management method, device, equipment and medium |
CN111651639B (en) * | 2020-04-27 | 2023-06-23 | 宁波吉利汽车研究开发有限公司 | Address space management method, device, equipment and medium |
CN114390100A (en) * | 2020-10-21 | 2022-04-22 | 沈阳中科数控技术股份有限公司 | Working method of OPC UA server based on numerical control system |
CN114390100B (en) * | 2020-10-21 | 2023-07-11 | 沈阳中科数控技术股份有限公司 | Working method of OPC UA server based on numerical control system |
Also Published As
Publication number | Publication date |
---|---|
CN109756557B (en) | 2019-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240179103A1 (en) | Network slice configuration | |
Martínez et al. | A big data-centric architecture metamodel for Industry 4.0 | |
US10580013B2 (en) | Method and apparatus for autonomous services composition | |
CN109756557A (en) | User right server and method of servicing and system based on user right | |
US20100262559A1 (en) | Modelling Computer Based Business Process And Simulating Operation | |
US20050043979A1 (en) | Process for executing approval workflows and fulfillment workflows | |
CN111861140A (en) | Service processing method, device, storage medium and electronic device | |
CN108737467A (en) | A kind of server log inspection method, device and system | |
US8095959B2 (en) | Method and system for integrating policies across systems | |
CN109787807B (en) | Self-service system based on Openstack architecture cloud platform workflow | |
EP3167366A1 (en) | Virtualized execution across distributed nodes | |
CN108597564A (en) | Medical data sharing method and system | |
CN111385124A (en) | Gateway service implementation method, control device and gateway | |
Cremonini et al. | Coordination and access control in open distributed agent systems: The TuCSoN approach | |
CN108153532A (en) | A kind of cloud application dispositions method based on Web log mining | |
US8326588B2 (en) | Fair path selection during simulation of decision nodes | |
US20050044099A1 (en) | Process for creating an information services catalog | |
CN109918152A (en) | Task executing method, device, server and storage medium based on policy flow | |
CN109743349A (en) | File management method, system and its equipment based on rail traffic | |
US20120240103A1 (en) | Method and system for implementing self-configurable software components | |
Moyano et al. | A model-driven approach for engineering trust and reputation into software services | |
CN109670608A (en) | A kind of IT O&M comprehensive management platform of task based access control record | |
US20050198614A1 (en) | Management platform and evironment | |
Quenum et al. | Towards executable specifications for microservices | |
CN109743249A (en) | Forming method, integrated gateway and the integrated system of the integrated gateway of passenger information system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |