CN109756557A - User right server and method of servicing and system based on user right - Google Patents

User right server and method of servicing and system based on user right Download PDF

Info

Publication number
CN109756557A
CN109756557A CN201811406515.6A CN201811406515A CN109756557A CN 109756557 A CN109756557 A CN 109756557A CN 201811406515 A CN201811406515 A CN 201811406515A CN 109756557 A CN109756557 A CN 109756557A
Authority
CN
China
Prior art keywords
user
node
user right
opc
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811406515.6A
Other languages
Chinese (zh)
Other versions
CN109756557B (en
Inventor
杨耕田
侯丽丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN201811406515.6A priority Critical patent/CN109756557B/en
Publication of CN109756557A publication Critical patent/CN109756557A/en
Application granted granted Critical
Publication of CN109756557B publication Critical patent/CN109756557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention proposes a kind of user right server and method of servicing and system based on user right, wherein method includes: to receive the information acquisition request that user right service equipment is sent according to rights service demand by OPC UA browse interface;Node data information corresponding with information acquisition request is determined in OPC UA node space, and node data information is fed back into user right service equipment;It by OPC UA method call interface, receives user right service equipment and is requested according to the rights service of node data information input, and determine method node corresponding with rights service request in OPC UA node space;According to method Node registers to user right service unit, so that user right service unit executes method corresponding with method node and provides corresponding user right service.Hereby it is achieved that user right services the decoupling of related intermodule, system workload is alleviated, and improves flexibility and user right reliability of service and the scalability of system.

Description

User right server and method of servicing and system based on user right
Technical field
The present invention relates to rail communication technical field more particularly to a kind of user right server and based on user right Method of servicing and system.
Background technique
Track traffic synthetic monitoring system is to modernize network technology, computer technology, automation and information technology and be The unified calculation machine integrated platform of fundamental construction, the system by using General Open hardware interface and soft communication agreement, Carry out information exchange with each access system in a manner of being integrally interconnected, it is final realize to the Centralized Monitoring function of each professional equipment and Information sharing and coordination and interaction function between each system.Wherein, user right service is the important composition portion of comprehensive monitoring system Point, for being the moulds such as configuration instrument, man-machine interface (Human Machine Interface, HMI), real time service, history service Block provides unified user right access control, guarantees the safety of system access.
In the related technology, comprehensive monitoring system uses Common Object Request Broker Architecture (Common Object Request Broker Architecture, CORBA) technology as system service bus, also would generally by user right service It is realized using based on CORBA technology, realizes that above-mentioned user logs in, permission is tested using the remote object server technology of CORBA The service such as card, and realizes user right service based on CORBA technology, each service module (including configuration instrument, man-machine interface The modules such as (Human Machine Interface, HMI), real time service, history service) between need according to manufacturer and production The difference of platform, customizes different interfaces, larger workload and flexibility is lower.
Summary of the invention
The present invention provides a kind of user right server and method of servicing and system based on user right, existing to solve The degree of coupling is higher between user right service modules in technology and system needs the device customizing pair based on different vendor's offer The communication interface answered leads to larger workload and the lower technical problem of flexibility.
One aspect of the present invention embodiment provides a kind of method of servicing based on user right, comprising the following steps: passes through OPC UA browse interface receives the information acquisition request that user right service equipment is sent according to rights service demand;In OPC UA node Node data information corresponding with the information acquisition request is determined in space, and by the node data information described in OPC UA browse interface feeds back to the user right service equipment;By OPC UA method call interface, the user is received Rights service equipment is requested according to the rights service of the node data information input, and is determined in the OPC UA node space Method node corresponding with rights service request;According to the method Node registers to user right service unit, so that The user right service unit executes corresponding with the method node method offer user corresponding with rights service request Rights service.
Another aspect of the present invention embodiment provides a kind of user right server, comprising: receiving module, for passing through OPC UA browse interface receives the information acquisition request that user right service equipment is sent according to rights service demand;First determines mould Block, for determining node data information corresponding with the information acquisition request in OPC UA node space;Feedback module is used In the node data information is fed back to the user right service equipment by the OPC UA browse interface;Second determines Module, for receiving the user right service equipment according to the node data information by OPC UA method call interface The rights service of input is requested, and determines method section corresponding with rights service request in the OPC UA node space Point;Execution module is used for according to the method Node registers to user right service unit, so that user right service is single Member executes user right service corresponding with rights service request with the corresponding method offer of the method node.
Another aspect of the invention embodiment provides a kind of service system based on user right, including user right service is set Standby and user right server, wherein the user right server includes that OPC UA service unit and user right service are single Member, the user right server are used to execute the method for servicing based on user right as described in first aspect embodiment, institute It states OPC UA service unit and the user right service unit communicates to connect, the user right service equipment passes through described The OPC UA standard interface and the OPC UA service unit that OPC UA service unit provides communicate to connect.
Technical solution disclosed by the invention, has the following beneficial effects:
The acquisition of information that user right service equipment is sent according to rights service demand is received by OPC UA browse interface Request, determines corresponding with information acquisition request node data information in OPC UA node space, and by node data information User right service equipment is fed back to by OPC UA browse interface, in turn, by OPC UA method call interface, receives user Rights service equipment is requested according to the rights service of node data information input, and is determined in OPC UA node space and taken with permission Corresponding method node is requested in business, finally, according to method Node registers to user right service unit, so that user right service Unit executes method corresponding with method node and provides corresponding user right service.Hereby it is achieved that user right service is related Intermodule decoupling, alleviate system workload, and improve the flexibility and user right reliability of service of system And scalability.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments Obviously and it is readily appreciated that, in which:
Fig. 1 is the application scenarios schematic diagram of the method for servicing based on user right according to prior art;
Fig. 2 is the application scenarios schematic diagram of the method for servicing according to an embodiment of the invention based on user right;
Fig. 3 is the flow chart of the method for servicing according to an embodiment of the invention based on user right;
Fig. 4 is the flow chart of the method for servicing based on user right accord to a specific embodiment of that present invention;
Fig. 5 is the structural schematic diagram of user right server according to an embodiment of the invention;
Fig. 6 is the structural schematic diagram of user right server in accordance with another embodiment of the present invention;
Fig. 7 is the structural schematic diagram of the service system according to an embodiment of the invention based on user right.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings the user right server of the embodiment of the present invention and the method for servicing based on user right are described And system.
Before being illustrated to technical solution of the present invention, the present invention is understood for the ease of those skilled in the art, Some technical terms of the present invention are explained herein:
Open platform communicates unified shader (OLE for Process Control Unified Architecture, OPC UA): i.e. OPC unified shader is a kind of consensus standard of the industrial automatic control proposed by OPC foundation, using typical C/S (Client/Server, client/server) mode.OPC UA provides safety, reliably and independently of manufacturer, realizes former Beginning data and pretreated information are from manufacture level to production plan or ERP (Enterprise Resource Planning, enterprise Industry resource planning) level transmission.Since OPC UA has thus obscured the otherness between different vendor independently of manufacturer.
Man-machine interface (Human Machine Interface, HMI): also it is man-machine interface.Man-machine interface (also known as user Interface or user interface) it is the medium interacted between system and user with information exchange, it realizes the inside shape of information Formula and the mankind can receive the conversion between form.All there is man-machine interfaces in the field of all participant's machine information exchanges.
Common Object Request Broker Architecture (Common Object Request Broker Architecture, CORBA): being answered by a kind of object-oriented of Object Management Organization (Object Management Group, OMG) standard worked out With procedure system specification, to solve in distributed processing environment, the interconnection of Hardware & software system.
As analyzing above, in the prior art, as shown in Figure 1, being based on CORBA skill when carrying out user right service Art is directly interactive with the interface communication of corresponding server, for example, where the user rights service equipment such as HMI and configuration instrument Client needs to service the difference of the production firm in relation to equipment according to user right, compiles different communication interfaces and carries out with it It is of coupled connections, larger workload and flexibility is lower.
And the present invention has the function of providing the technical characterstic of unified shader in view of OPC UA, based on it independently of manufacturer Property, by OPC UA bus by user right service related equipment and real-time server, history server, HMI etc. carry out Decoupling, provides a kind of comprehensively monitoring user right service system based on OPC UA, and internal system is real using database technology The storage of existing data realizes the user rights such as user management, Role Management, LoginLogout, Authority Verification using independent logical layer Service externally provides OPC UA standard interface, for example, the interfaces such as browse interface, read-write interface, method call are unified for outside Client provides access access.
Technical solution provided by the invention is specific as shown in Fig. 2, in such as Fig. 2, provides data storage clothes using database Business, which can be used relevant database or Lightweight Database etc., for storing the relevant relation data of every user, Such as the configuration of user information data, user password, user right, log and audit information etc., in addition, being based on user right service Unit supports the relevant core business of such as user and permission to realize, mainly includes that user management (is increased newly, modified, deactivating, opening With), Role Management (newly-increased, modification, delete, permission increases and deletes), user's login, cancellation, Authority Verification, log and behavior The function of audit etc., wherein according to the standard of OPC UA, provide the clothes that unified node space is realized to external equipment Business can create user node tree, role node tree etc. in inside, and in following all user nodes of user node tree and right The method node answered, including the methods of login, cancellation, increase, deletion, deactivated, log recording, Authority Verification node.In role Increase all role node and corresponding method node, including newly-increased role, modification role, deletion role, power under node tree The methods of limit management node, OPC UA node space is using interfaces such as OPC UA standard browser interface, read-write interface, method calls It is unified for external equipment and access access is provided, wherein external equipment mentioned above can be understood as completing associated user's permission The user right service equipment of service can be HMI and configuration instrument etc., wherein login, the cancellation, power of HMI realization user The services such as limit verifying, password modification, user behaviors log record, configuration instrument realize newly-increased user, modification, deactivate, enable, role's Management and the configuration of permission etc..
Specifically, Fig. 3 is the flow chart of the method for servicing according to an embodiment of the invention based on user right, such as Shown in Fig. 3, this method comprises:
Step 101, receive what user right service equipment was sent according to rights service demand by OPC UA browse interface Information acquisition request.
Wherein, user right service equipment may include configuration instrument, history server, real-time server and HMI etc..
It should be understood that can be got information about for the ease of user right service equipment, needed with its rights service Related information is sought, OPC UA provides browse interface and receives the information that user right service equipment is sent based on rights service demand Acquisition request, wherein when permission demand for services is user's newly increased requirement, then corresponding information acquisition request may include obtaining The acquisition request of all user node information determines in order to which user right service equipment is according to all user node information Whether newly-increased user node has existed.
In practical applications, need to construct the node space of OPC UA, in order to mention based on the function that node space is realized For OPC UA standard interface.
In one embodiment of the invention, user information, user right information and right management method information are obtained, In, user information, user right information and right management method information can be stored in related server or database, Wherein, user information reflects user login name, user password etc., and user right information includes customer administrator's permission, common User right etc., right management method information include the management method information for user, for example, Add User, modify user, Delete user, rights management etc., wherein between right management method and user information and user right information, according to affiliated User has adduction relationship.The modeling of OPC UA is actually the reference between node and node, and node can be according to different Purposes belongs to different node classifications in OPC UA, most important node class, variable and method.Object can be gathered around There are variable and method, and user authority management event can be triggered.
In an embodiment of the present invention, based on the creation principle of above-mentioned node space, OPC UA is based on by user information, use Family authority information and right management method information are loaded into node space in a manner of node, and establish node space and user's power Limit the OPC UA standard interface that service equipment carries out communication interaction.Using the user's name in user information as Object node, with Authority information of user information etc. is used as variable node (attribute node), and using rights management as method node, method node is full Sufficient user right service equipment requests to execute counterparty to corresponding user right service unit request according to the rights service of input Method simultaneously returns to implementing result.
Step 102, node data information corresponding with information acquisition request is determined in OPC UA node space, and will section Point data information feeds back to user right service equipment by OPC UA browse interface.
Specifically, it after receiving information acquisition request, based on the composed structure of OPC UA node space, is saved in OPC UA Node data information corresponding with information acquisition request is determined in the space of points, for example, node ID, node attribute information etc., in turn, Node data information is based on OPC UA browse interface and feeds back to user right service equipment, in order to user right service equipment Corresponding user right service is executed based on node data information.
In some possible embodiments, when user right service equipment be configuration instrument, and rights service demand be use When the newly increased requirement of family, then when OPC UA browse interface receives the acquisition request of all user informations sent based on the demand When, determine the node data information of all user node in OPC UA node space, such as user node user's name, The node data information is based on OPC UA browse interface and feeds back to user right service equipment by user right etc. in turn, if It waits for that newly-increased user does not have corresponding node in node space based on node data INFORMATION DISCOVERY, then receives user in configuration The details to Add User, such as user's name of tool typing etc., in order to further provide for the rights service that Adds User.
In other possible embodiments, when user right service equipment is HMI, and rights service demand is stepped on for user When record demand, then when OPC UA browse interface receives the login user nodal information acquisition request based on demand transmission, The node data information in detail such as user node ID corresponding with login user is determined in OPC UA node space, and in detail by this Node data information feeds back to HMI, the login etc. in order to HMI based on node data information progress login user.
Step 103, by OPC UA method call interface, it is defeated according to node data information to receive user right service equipment The rights service request entered, and determine method node corresponding with rights service request in OPC UA node space.
Wherein, OPC UA method call interface can be understood as the CALL calling interface often referred in art technology.
Specifically, after getting node data information, user right service equipment is based on OPC UA method call interface Sending permission service request, wherein it include parameter required for implementing permission service request in rights service request, for example, It include that user name and user login code etc. are saved based on OPC UA in turn in rights service request when implementing user's logging request The implementation principle of the space of points determines method node corresponding with rights service request in OPC UA node space, for example, determine with The corresponding user of the newly-increased request of user increases method node newly, for another example, determines under login user corresponding with user's logging request Login method node etc..
Step 104, according to method Node registers to user right service unit so that user right service unit execute with The corresponding method of method node provides user right service corresponding with user's full powers limit service request.
Specifically, according to method Node registers to user right service unit, so that user right service unit is realized Related rights service executes user right service corresponding with method node, for example, user management (is increased newly, modified, deactivating, opening With), Role Management (newly-increased, modification, delete, permission increases and deletes), user's login, cancellation, Authority Verification, log and behavior The function of audit etc., wherein next operation is carried out for the ease of user right service equipment, in user right service It, will by OPC UA method call interface after unit execution method corresponding with method node provides corresponding user right service Implementing result feeds back to user right service equipment.
In an embodiment of the present invention, user right service unit realizes user authority management as independent logical layer Core business, user right service unit complete the service of corresponding user right based on the information exchange with database.
In some possible embodiments, when permission service request, which is that user is newly-increased, requests, user right service equipment When for configuration instrument, then information acquisition request includes all user node information acquisition requests, and node data information includes all The node data information (nodename, node ID including all user nodes etc.) of user node, gets in configuration instrument After node data information, administrator can be determined newly-increased based on already existing nodename in present node space and node ID Whether user has existed, if not existing, Adding User for administrator's input is received on the interface that configuration instrument provides User information, including the user's name etc. to Add User.
In turn, configuration instrument is based on OPC UA method call interface and sends the newly-increased request of user, passes through OPC UA method tune OPC is determined after receiving configuration instrument according to the newly-increased request of the user of the node data information input of all user nodes with interface The method node that Adds User corresponding with the newly-increased request of user in UA node space, to be arrived according to the method Node registers that Add User User right service unit, so that the execution of user right service unit Adds User, method creates the user information to Add User Into database.
In other possible embodiments, when permission service request is user's logging request, user right service equipment When for equipment comprising man-machine interface, then information acquisition request includes target login user nodal information acquisition request, number of nodes It is believed that breath includes the node data information (node ID, nodename including target user etc.) of target login user node, people The node datas information such as node of the machine interface based on the target login user send target to the method call interface of OPC UA Login user logging request, wherein the target comprising relevant operation personnel input in the logging request of the target login user is stepped on Employ the login password at family.
By OPC UA method call interface, the equipment comprising man-machine interface is received according to the section of target login user node After the target login user logging request of point data information input, determines in OPC UA node space and logged in target login user Corresponding user login method node is requested, according to user login method Node registers to user right service unit, to use Family rights service unit executes user login method with to the system password of data base querying target login user, and controls user Rights service unit is tested according to the system password of the target login user inquired and the comparison result feedback of user login code Demonstrate,prove result.Wherein, when system password is consistent with user login code, the verification result of feedback is to be verified, when system is close When code is inconsistent with user login code, the verification result of feedback is that verifying does not pass through.
In other possible embodiment, when permission service request is the request of target user's Authority Verification, user right When service equipment is history server, then information acquisition request includes target user's nodal information acquisition request, in node space The node data information corresponding with target user's nodal information acquisition request of middle determination includes the node of target user's node Data information (ID etc. including target user's node), in turn, in the node datas information such as node ID for receiving destination node Afterwards, history server sends user right checking request by OPC UA method call interface, wherein the user in the present embodiment Authority Verification request refers to whether verifying current target node has certain user's operation permission, for example, active user is under When published article part, corresponding user's operation permission is download permission, for example, when user is when deleting file, corresponding user's operation Permission is to delete file permission.
By OPC UA method call interface, it is defeated according to the node data information of target user's node to receive history server After the target user's Authority Verification request entered, wherein identified in the request of target user's rights service including target user and above-mentioned Target user's operating right determines user right verifying corresponding with the request of target user's Authority Verification in OPC UA node space Method node, with according to user right verification method Node registers to user right service unit, so that user right service is single Member executes user right verification method, to identify the authority information to data base querying target user according to target user, and controls User right service unit processed is according to the authority information of the target user inquired and the comparison result of user's operation Authority Verification Feedback permission warrant is as a result, when including user's operation permission in the authority information for inquiring target user according to target user's mark When, then it feeds back Authority Verification and passes through as a result, when not including in the authority information for inquiring target user according to target user's mark When user's operation permission, then the unacceptable result of Authority Verification is fed back.The clothes based on user right of the embodiment of the present invention as a result, Business method is executed using OPC UA technology, OPC UA technology as it is a set of reliably for applying in industrial system between Data exchange standard, OPC UA, which can allow between different operating system and the equipment of different manufacturer, can carry out data friendship It changes, additionally has the characteristics that strong security, high availability, scalability, also, using the standard interface of OPC UA, first By browsing the node ID of service acquisition user, corresponding function is then completed by the method under the calling node ID, such as Then the login password for modifying user Zhang San, the node ID for needing that browse interface is called to obtain Zhang San pass through CALL method call Modify password method under Zhang San's node ID is realized, realizes the decoupling of intermodule, strong security, High Availabitity based on OPC UA Property, high-performance, scalability, be greatly improved the reliability and applicability of comprehensive monitoring system, be easier to realize comprehensively monitoring The linkage of the information mutual communication of system and external user permission equipment room, service uses the OPC UA standard interface of standard, as long as meeting The external user permission equipment of OPC UA can be conveniently called, and each intermodule of the service system based on user right is convenient for real The existing system integration, the scalability of the service system based on user right is there has also been biggish improve, and user right service system System is realized using OPC UA technology, so that entire comprehensive monitoring system Technical Architecture is unified.
In order to enable those skilled in the art can more be apparent from the embodiment of the present invention based on user right Method of servicing execution process, be respectively below configuration instrument and HMI, rights service demand point with user right service equipment Not Wei user is newly-increased, user is illustrated for logging in, be described as follows:
As shown in figure 4, receiving configuration work based on OPC UA browse interface when having the rights service demand to Add User Have the information acquisition request sent, determine the node data information of all nodes in OPC UA node space, and by all sections The node data information of point feeds back to configuration instrument, knowing how not having user node to be increased in present node, then manages Member inputs the details to Add User at the interface that configuration instrument provides, and in turn, calls OPC UA method call interface, input Rights service request comprising the details that Add User, calls user to increase method section newly by OPC UA method call interface Point adds user to system, i.e., increases method Node registers newly to user right service unit, so that user right based on user Service unit executes user and increases method newly, and database saves newly-increased User Detail, in turn, is based on OPC UA method call Interface or notification interface etc. will increase successful message feedback newly to configuration instrument.
With continued reference to Fig. 4, HMI system provides system login interface to operator, and operator inputs user name and password, HMI calls the browse interface of OPC UA, and the detailed node data of the user in node space, such as node are obtained according to user name ID etc., HMI call the login method node of the user node by OPC UA method call interface, sending permission service request, Wherein, rights service request includes the password etc. of operator's input, and the login method Node registers of OPC UA take to user right Business unit, user right service unit are adopted to database and initiate inquiry operation, obtain the system password of the user, user is inputted Password and system password are verified, and verification result is returned, and after HMI receives user's login result, carry out subsequent operation.
To sum up, the method for servicing based on user right of the embodiment of the present invention receives user by OPC UA browse interface The information acquisition request that rights service equipment is sent according to rights service demand, determination is obtained with information in OPC UA node space The corresponding node data information of request is taken, and node data information is fed back into user right service by OPC UA browse interface Equipment by OPC UA method call interface, receives user right service equipment according to the power of node data information input in turn Service request is limited, and determines method node corresponding with rights service request in OPC UA node space, finally, according to method section Point logs on to user right service unit, so that user right service unit execution method offer corresponding with method node is corresponding User right service.Hereby it is achieved that user right services the decoupling of related intermodule, improve user right service can By property and scalability.
In order to realize above-described embodiment, the invention also provides a kind of user right server, Fig. 5 is according to the present invention one The structural schematic diagram of the user right server of a embodiment, as shown in figure 5, the user right server includes: receiving module 110, the first determining module 120, feedback module 130, the second determining module 140 and execution module 150.
Wherein, receiving module 110 take for receiving user right service equipment by OPC UA browse interface according to permission The information acquisition request that business demand is sent.
First determining module 120, for determining number of nodes corresponding with information acquisition request in OPC UA node space It is believed that breath.
Feedback module 130 is set for node data information to be fed back to user right service by OPC UA browse interface It is standby.
In one embodiment of the invention, feedback module 130 are also used to according to method Node registers to user right Service unit, so that user right service unit execution method corresponding with method node, which provides corresponding user right, services it Afterwards, implementing result is fed back to by user right service equipment by OPC UA method call interface.Second determining module 140 is used In by OPC UA method call interface, receives user right service equipment and asked according to the rights service of node data information input It asks, and determines method node corresponding with rights service request in OPC UA node space.
Execution module 150 is used for according to method Node registers to user right service unit, so that user right service is single Member executes user right service corresponding with rights service request with the corresponding method offer of method node.
In one embodiment of the invention, when permission service request, which is that user is newly-increased, requests, execution module 150, tool Body is used to be increased newly to user right service unit so that user right service unit executes according to the method Node registers that Add User User method creates the user information to Add User in database.
In one embodiment of the invention, when permission service request is user's logging request, user right service equipment When for equipment comprising man-machine interface, then information acquisition request includes target login user nodal information acquisition request, number of nodes It is believed that breath includes the node data information of target login user node, execution module 150 is specifically used for according to user login method Node registers are to user right service unit, so that user right service unit executes user login method with to data base querying The system password of target login user, and it is close according to the system of the target login user inquired to control user right service unit The comparison result feedback validation result of code and the login password of target login user.
In one embodiment of the invention, as shown in fig. 6, on the basis of as shown in Figure 5, the user right server It further include obtaining module 160 and interface creation module 170, wherein
Module 160 is obtained, for obtaining user information, user right information and right management method information.
Interface creation module 170, for being believed user information, user right information and right management method based on OPC UA Breath is loaded into node space in a manner of node, and establishes node space and carry out communication interaction with user right service equipment OPC UA standard interface.
It should be noted that the aforementioned explanation for concentrating on the method for servicing embodiment based on user right, is also applied for this The user right server of inventive embodiments, realization principle is similar, and details are not described herein.
To sum up, the user right server of the embodiment of the present invention receives user right service by OPC UA browse interface The information acquisition request that equipment is sent according to rights service demand, the determining and information acquisition request pair in OPC UA node space The node data information answered, and node data information is fed back into user right service equipment by OPC UA browse interface, into And by OPC UA method call interface, user right service equipment is received according to the rights service of node data information input Request, and determine method node corresponding with rights service request in OPC UA node space, finally, according to method Node registers To user right service unit, so that user right service unit executes method corresponding with method node and provides corresponding user's power Limit service.Hereby it is achieved that user right services the decoupling of related intermodule, improve user right reliability of service and Scalability.
In order to realize above-described embodiment, the invention also provides a kind of service systems based on user right, such as Fig. 7 institute Show, which includes: user right server 100, user right service equipment 200, wherein user right server 100 wraps Include OPC UA service unit 110 and user right service unit 120, user right server 100, for executing above-described embodiment The described method of servicing based on user right, OPC UA service unit 110 are connect with user right service unit 120, are used The OPC UA standard interface and OPC UA service unit 110 that family rights service equipment 200 is provided by OPC UA service unit 110 Communication connection.
It should be noted that the aforementioned method of servicing concentrated on based on user right surveys the embodiment of description, it is also applied for The present invention is based on the service system embodiment of user right, implementing principle and technical effect class this, details are not described herein.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples It closes and combines.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three It is a etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes It is one or more for realizing custom logic function or process the step of executable instruction code module, segment or portion Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage Or firmware is realized.Such as, if realized with hardware in another embodiment, following skill well known in the art can be used Any one of art or their combination are realized: have for data-signal is realized the logic gates of logic function from Logic circuit is dissipated, the specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene can compile Journey gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although having been shown and retouching above The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, and should not be understood as to limit of the invention System, those skilled in the art can be changed above-described embodiment, modify, replace and become within the scope of the invention Type.

Claims (13)

1. a kind of method of servicing based on user right, which is characterized in that the method is applied to user right server, including Following steps:
The information acquisition request that user right service equipment is sent according to rights service demand is received by OPC UA browse interface;
Determine corresponding with information acquisition request node data information in OPC UA node space, and by the number of nodes It is believed that breath feeds back to the user right service equipment by the OPC UA browse interface;
By OPC UA method call interface, the user right service equipment is received according to the node data information input Rights service request, and determine method node corresponding with rights service request in the OPC UA node space;
According to the method Node registers to user right service unit so that the user right service unit execute with it is described The corresponding method of method node provides user right service corresponding with rights service request.
2. the method as described in claim 1, which is characterized in that receive user right clothes by OPC UA browse interface described Before the information acquisition request that business equipment is sent according to rights service demand, further includes:
Obtain user information, user right information and right management method information;
The user information, user right information and right management method information are added in a manner of node based on OPC UA standard It is downloaded to OPC UA node space, and establishes the OPC UA node space and user right service equipment progress communication interaction OPC UA standard interface.
3. the method as described in claim 1, which is characterized in that it is requested when rights service request is that user is newly-increased, it is described When user right service equipment is configuration instrument, then the information acquisition request includes all user node information acquisition requests, The node data information includes the node data information of all user nodes,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space It includes:
By the OPC UA method call interface, the configuration instrument is received according to the node data of all user nodes The newly-increased request of the user of information input, wherein comprising the user information to Add User in the newly-increased request of the user, and determine institute State the method node that Adds User corresponding with the newly-increased request of the user in OPC UA node space.
4. method as claimed in claim 3, which is characterized in that
It is described according to the method Node registers to user right service unit so that the user right service unit execute with The corresponding method of the method node provides corresponding user right service, comprising:
According to the method Node registers that Add User to the user right service unit, so that user right service is single Member executes the method that Adds User and creates the user information to Add User in database.
5. the method as described in claim 1, which is characterized in that it requests to be user's logging request when the rights service, it is described When user right service equipment is the equipment comprising man-machine interface, then the information acquisition request includes target login user node Information acquisition request, the node data information include the node data information of the target login user node,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space It includes:
By the OPC UA method call interface, the equipment comprising man-machine interface is received according to the target login user The target login user logging request of the node data information input of node, wherein in the target login user logging request Login password comprising target login user, and determine in the OPC UA node space and asked with target login user login Seek corresponding user login method node.
6. method as claimed in claim 5, which is characterized in that described according to the method Node registers to user right service Unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes Business, comprising:
According to the user login method Node registers to the user right service unit, so that user right service is single Member executes user login method with to the system password of data base querying target login user, and controls the user right service Unit is according to the comparison of the system password of the target login user inquired and the login password of the target login user As a result feedback validation result.
7. the method as described in claim 1, which is characterized in that when rights service request is that target user's Authority Verification is asked It asks, when the user right service equipment is history server, then the information acquisition request includes target user's nodal information Acquisition request, the node data information include the node data information of target user's node,
It is described by OPC UA method call interface, it is defeated according to the node data information to receive the user right service equipment The rights service request entered, and determine method node packet corresponding with rights service request in the OPC UA node space It includes:
By the OPC UA method call interface, the history server is received according to the number of nodes of target user's node It is requested according to target user's Authority Verification of information input, wherein include target user in target user's rights service request Mark and target user's operating right, and determine in the OPC UA node space with target user's Authority Verification request pair The user right verification method node answered.
8. the method for claim 7, which is characterized in that described according to the method Node registers to user right service Unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes Business, comprising:
According to the user right verification method Node registers to the user right service unit, so that the user right takes Business unit executes user right verification method, to identify the power to target user described in data base querying according to the target user Limit information, and control authority information and the user of the user right service unit according to the target user inquired The comparison result of operating right verifying feeds back permission warrant result.
9. the method as described in claim 1, which is characterized in that taken described according to the method Node registers to user right Business unit, so that the user right service unit executes method corresponding with the method node and provides corresponding user right clothes After business, further includes:
Implementing result is fed back into the user right service equipment by the OPC UA method call interface.
10. a kind of user right server characterized by comprising
Receiving module, for receiving what user right service equipment was sent according to rights service demand by OPC UA browse interface Information acquisition request;
First determining module, for determining corresponding with information acquisition request number of nodes in OPC UA node space it is believed that Breath;
Feedback module takes for the node data information to be fed back to the user right by the OPC UA browse interface Business equipment;
Second determining module, for receiving the user right service equipment according to by OPC UA method call interface The rights service of node data information input is requested, and determine in the OPC UA node space with rights service request pair The method node answered;
Execution module is used for according to the method Node registers to user right service unit, so that the user right service Unit executes user right service corresponding with rights service request with the corresponding method offer of the method node.
11. user right server as claimed in claim 10, which is characterized in that further include:
Module is obtained, for obtaining user information, user right information and right management method information;
Interface creation module, for being based on OPC UA for the user information, user right information and right management method information It is loaded into node space in a manner of node, and establishes the node space and carries out communication friendship with the user right service equipment Mutual OPC UA standard interface.
12. user right server as claimed in claim 10, which is characterized in that the feedback module is also used to described According to the method Node registers to user right service unit, so that the user right service unit executes and the method It is by the OPC UA method call interface that implementing result is anti-after the corresponding method of node provides corresponding user right service It is fed to the user right service equipment.
13. a kind of service system based on user right, which is characterized in that taken including user right service equipment and user right Business device, wherein the user right server includes OPC UA service unit and user right service unit, the user right Server is used to execute the method for servicing based on user right as described in claim 1-9 is any, and the OPC UA service is single First to communicate to connect with the user right service unit, the user right service equipment is mentioned by the OPC UA service unit The OPC UA standard interface of confession and the OPC UA service unit communicate to connect.
CN201811406515.6A 2018-11-23 2018-11-23 User authority server and service method and system based on user authority Active CN109756557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811406515.6A CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811406515.6A CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Publications (2)

Publication Number Publication Date
CN109756557A true CN109756557A (en) 2019-05-14
CN109756557B CN109756557B (en) 2019-12-10

Family

ID=66403368

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811406515.6A Active CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Country Status (1)

Country Link
CN (1) CN109756557B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159693A (en) * 2019-12-28 2020-05-15 西安精雕软件科技有限公司 Electronic equipment permission verification method, device and system and readable medium
CN111651639A (en) * 2020-04-27 2020-09-11 宁波吉利汽车研究开发有限公司 Address space management method, device, equipment and medium
CN114390100A (en) * 2020-10-21 2022-04-22 沈阳中科数控技术股份有限公司 Working method of OPC UA server based on numerical control system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103738369A (en) * 2013-12-26 2014-04-23 北京交控科技有限公司 ATS device and system based on OPC UA technology
CN104168268A (en) * 2014-07-24 2014-11-26 广东电网公司电力科学研究院 Power grid object access control device capable of realizing safety configuration and access of power grid model data
CN106550052A (en) * 2016-12-08 2017-03-29 南京富岛信息工程有限公司 A kind of data acquisition unit and method based on OPC UA
CN107070891A (en) * 2017-03-10 2017-08-18 腾讯科技(深圳)有限公司 Service calling method and device
US20180088548A1 (en) * 2015-03-27 2018-03-29 Bühler AG Method and system for process controlling of plants in an opc-ua based machine-to-machine network
CN108459574A (en) * 2018-03-27 2018-08-28 重庆邮电大学 It is a kind of that system is managed based on the semantic field device information with OPC UA

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103738369A (en) * 2013-12-26 2014-04-23 北京交控科技有限公司 ATS device and system based on OPC UA technology
CN104168268A (en) * 2014-07-24 2014-11-26 广东电网公司电力科学研究院 Power grid object access control device capable of realizing safety configuration and access of power grid model data
US20180088548A1 (en) * 2015-03-27 2018-03-29 Bühler AG Method and system for process controlling of plants in an opc-ua based machine-to-machine network
CN106550052A (en) * 2016-12-08 2017-03-29 南京富岛信息工程有限公司 A kind of data acquisition unit and method based on OPC UA
CN107070891A (en) * 2017-03-10 2017-08-18 腾讯科技(深圳)有限公司 Service calling method and device
CN108459574A (en) * 2018-03-27 2018-08-28 重庆邮电大学 It is a kind of that system is managed based on the semantic field device information with OPC UA

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159693A (en) * 2019-12-28 2020-05-15 西安精雕软件科技有限公司 Electronic equipment permission verification method, device and system and readable medium
CN111651639A (en) * 2020-04-27 2020-09-11 宁波吉利汽车研究开发有限公司 Address space management method, device, equipment and medium
CN111651639B (en) * 2020-04-27 2023-06-23 宁波吉利汽车研究开发有限公司 Address space management method, device, equipment and medium
CN114390100A (en) * 2020-10-21 2022-04-22 沈阳中科数控技术股份有限公司 Working method of OPC UA server based on numerical control system
CN114390100B (en) * 2020-10-21 2023-07-11 沈阳中科数控技术股份有限公司 Working method of OPC UA server based on numerical control system

Also Published As

Publication number Publication date
CN109756557B (en) 2019-12-10

Similar Documents

Publication Publication Date Title
US20240179103A1 (en) Network slice configuration
Martínez et al. A big data-centric architecture metamodel for Industry 4.0
US10580013B2 (en) Method and apparatus for autonomous services composition
CN109756557A (en) User right server and method of servicing and system based on user right
US20100262559A1 (en) Modelling Computer Based Business Process And Simulating Operation
US20050043979A1 (en) Process for executing approval workflows and fulfillment workflows
CN111861140A (en) Service processing method, device, storage medium and electronic device
CN108737467A (en) A kind of server log inspection method, device and system
US8095959B2 (en) Method and system for integrating policies across systems
CN109787807B (en) Self-service system based on Openstack architecture cloud platform workflow
EP3167366A1 (en) Virtualized execution across distributed nodes
CN108597564A (en) Medical data sharing method and system
CN111385124A (en) Gateway service implementation method, control device and gateway
Cremonini et al. Coordination and access control in open distributed agent systems: The TuCSoN approach
CN108153532A (en) A kind of cloud application dispositions method based on Web log mining
US8326588B2 (en) Fair path selection during simulation of decision nodes
US20050044099A1 (en) Process for creating an information services catalog
CN109918152A (en) Task executing method, device, server and storage medium based on policy flow
CN109743349A (en) File management method, system and its equipment based on rail traffic
US20120240103A1 (en) Method and system for implementing self-configurable software components
Moyano et al. A model-driven approach for engineering trust and reputation into software services
CN109670608A (en) A kind of IT O&M comprehensive management platform of task based access control record
US20050198614A1 (en) Management platform and evironment
Quenum et al. Towards executable specifications for microservices
CN109743249A (en) Forming method, integrated gateway and the integrated system of the integrated gateway of passenger information system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant