WO2021013033A1 - File operation method, apparatus, device, and system, and computer readable storage medium - Google Patents

File operation method, apparatus, device, and system, and computer readable storage medium Download PDF

Info

Publication number
WO2021013033A1
WO2021013033A1 PCT/CN2020/102319 CN2020102319W WO2021013033A1 WO 2021013033 A1 WO2021013033 A1 WO 2021013033A1 CN 2020102319 W CN2020102319 W CN 2020102319W WO 2021013033 A1 WO2021013033 A1 WO 2021013033A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
target
user
information
authority
Prior art date
Application number
PCT/CN2020/102319
Other languages
French (fr)
Chinese (zh)
Inventor
王和平
尹强
刘有
黄山
杨峙岳
邸帅
卢道和
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2021013033A1 publication Critical patent/WO2021013033A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Definitions

  • This application relates to the technical field of financial technology (Fintech), in particular to a file operation method, device, equipment, system and computer-readable storage medium.
  • the File System is a logical storage and recovery system for naming and placing files.
  • many services of financial institutions such as banks need to access each file system for related file operations.
  • each file system provides corresponding API (Application Programming Interface (application programming interface) for users to perform file-related operations, such as adding, deleting, reading and writing, etc.
  • API Application Programming Interface
  • turning on the super user authority for each user will make each user have the operation authority of all files, which will lead to uncontrollable user authority and security of file system operation access. Lower.
  • the main purpose of this application is to provide a file operation method, device, equipment, system, and computer-readable storage medium, aiming to improve the controllability of user authority management and the security of file system operation and access.
  • this application provides a file operation method, the file operation method includes:
  • the target remote file service is determined according to the target file storage path and preset rules
  • the user information includes user account information, token information, and Internet Protocol IP information
  • the user is authenticated based on the user information, the target file storage path, and the target operation.
  • the steps of operation authority verification include:
  • the step of determining the target remote file service according to the target file storage path and preset rules includes:
  • the remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.
  • the file operation method further includes:
  • the method further includes:
  • the file operation method further includes:
  • the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
  • the present application also provides a file operation device, the file operation device includes:
  • the first obtaining module is configured to obtain user information, target file storage path, and target operation according to the file operation request when a file operation request is received;
  • the user verification module is configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
  • the service determination module is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;
  • the operation execution module is used to obtain the super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and execute the target file corresponding to the target file storage path The target operation.
  • the present application also provides a file operation device, the file operation device includes: a memory, a processor, and a file operation program stored on the memory and running on the processor, so When the file operation program is executed by the processor, the steps of the file operation method described above are implemented.
  • the present application also provides a file operating system, the file operating system includes a file operating device and a user terminal; wherein,
  • the file operating device is the file operating device described above;
  • the user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information
  • the file system object of the agent is displayed; the file operation request triggered by the user based on the file system object of the agent is received, and the file operation request is sent to the file operation device.
  • the present application also provides a computer-readable storage medium having a file operation program stored on the computer-readable storage medium, and when the file operation program is executed by a processor, the file operation as described above is realized. Method steps.
  • This application provides a file operation method, device, equipment, system, and computer-readable storage medium.
  • a file operation request sent by a user When a file operation request sent by a user is received, user information, target file storage path, and target operation are obtained according to the file operation request, Then based on the obtained user information, target file storage path and target operation, the user is authenticated and the operation authority is verified; when both the identity verification and the operation authority verification are passed, the target is first determined according to the target file storage path and preset rules
  • the remote file service then obtains the super user authority through the target remote file service, and calls the target operation method corresponding to the target operation based on the super user authority, and performs the target operation on the target file corresponding to the target file storage path.
  • this application only needs to perform identity verification and operation authority verification on the user. After both the identity verification and the operation authority verification are passed, the super user authority can be obtained to operate the files of the proxy user (ie other users). Compared with the prior art, this application does not need to enable the super user authority for each user, which can realize complete control of user authority management and improve the security of operation and access to different file systems.
  • FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the application;
  • FIG. 2 is a schematic flowchart of the first embodiment of the application file operation method
  • FIG. 3 is a schematic diagram of functional modules of the first embodiment of the file operation device of this application.
  • FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the application.
  • the file operation device in the embodiment of this application can be a smart phone or a PC (Personal Computer, personal computer), tablet computer, portable computer and other terminal equipment.
  • the file operation device may include a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005.
  • the communication bus 1002 is used to implement connection and communication between these components.
  • the user interface 1003 may include a display screen (Display) and an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface.
  • the network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a Wi-Fi interface).
  • the memory 1005 may be a high-speed RAM memory, or a stable memory (non-volatile memory), such as a magnetic disk memory.
  • the memory 1005 may also be a storage device independent of the foregoing processor 1001.
  • the structure of the file operation device shown in FIG. 1 does not constitute a limitation on the file operation device, and may include more or less components than shown, or a combination of certain components, or different components Layout.
  • the memory 1005 which is a computer storage medium, may include an operating system, a network communication module, a user interface module, and a file operation program.
  • the network interface 1004 is mainly used to connect to a back-end server and communicate with the back-end server;
  • the user interface 1003 is mainly used to connect to a client and communicate with the client;
  • the processor 1001 can be used to Call the file operation program stored in the memory 1005 and perform the following operations:
  • the target remote file service is determined according to the target file storage path and preset rules
  • the processor 1001 can call a file operation program stored in the memory 1005, and also perform the following operations:
  • the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
  • the remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.
  • the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
  • the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
  • the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
  • the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
  • This application provides a file operation method.
  • FIG. 2 is a schematic flowchart of a first embodiment of a file operation method of this application.
  • the file operation method includes:
  • Step S10 when a file operation request is received, obtain user information, a target file storage path, and a target operation according to the file operation request;
  • the file operation method in this embodiment is implemented by a file operation device, and the device is described by taking a server as an example.
  • the device is equipped with an engine manager service (IO-EM, Input/Output-Engine Mamager) and remote file service (IO-Engine), and provide compatible API (Application Programming Interface, application programming interface) to receive file operation requests sent by users, among which IO-EM is used to receive file operation requests triggered by users , And obtain user information, target file storage path and target operation according to the file operation request, and then authenticate the user and verify the operation authority.
  • IO-EM engine manager service
  • IO-Engine Input/Output-Engine Mamager
  • IO-Engine remote file service
  • API Application Programming Interface, application programming interface
  • IO-Engine corresponds to the type of file system.
  • the file system can include local file system (local), distributed file system (HDFS) and other types of file systems, and each type of file system corresponds to The IO-Engine also includes multiple. Through this file operation device, remote access operations to multiple types of file systems can be realized.
  • the server receives, through IO-EM, a file operation request remotely sent by the client through its compatible API interface.
  • a file operation request sent by the client through IO-EM it obtains the user according to the file operation request.
  • Information, target file storage path and target operation, where user information may include but not limited to account information, Token (token) information, and IP (Internet Protocol, Internet Protocol) information.
  • Step S20 Perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
  • the IO-EM in the server verifies the user's identity and operation authority based on the user information, target file storage path, and target operation.
  • the user information includes user account information. , Token (token) information and IP (Internet Protocol, Internet Protocol) information, user account information is the user’s account name, Token information can be a fixed Token code pre-allocated to the user, or it can be allocated to the user.
  • the Token generating device generates a random Token code in real time, and the IP information is the IP address of the user end.
  • Step S20 includes:
  • Step a1 Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist to verify the user's identity ;
  • the verification Token For identity verification, first obtain the verification Token corresponding to the user account information.
  • the verification Token can be a pre-saved fixed Token code assigned to the user, or a random Token code synchronously sent by the Token generation device.
  • the Token information is compared with the verification Token, and it is checked whether the IP information is in the preset IP whitelist to authenticate the user.
  • the comparison result is that the Token information is the same as the verification Token, and the IP information is in the preset IP whitelist
  • the identity verification is passed.
  • the comparison result is that the Token information is not the same as the verification Token, and/or the IP information is not in the preset IP whitelist, the identity verification fails.
  • the user may be authenticated based on only one of Token information and IP information, and of course, the user may also be authenticated based on other information.
  • Step a2 Obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
  • the operation authority For the verification of the operation authority, first obtain the user's operation authority information according to the user account information, where the operation authority information may include which file systems and which files (folders) the user has for which other users (agent users) Operation authority.
  • the mapping relationship between user account information and operation authority information can be preset, and then the user's operation authority can be obtained according to the user account information and the mapping relationship between preset user account information and operation authority information. information.
  • the target file storage path corresponds to the target proxy user, target file system, and target file (folder), and the corresponding target proxy user, target file system, and target file (folder) can be determined according to the target file storage path.
  • the determined target file storage path, target operation and operation authority information determine whether the user has the corresponding operation authority.
  • the type of information required to determine whether the user has the operation authority can be determined according to the information type specifically defined by the operation authority information. For example, if the operation authority information only limits the operation authority Proxy users, file systems, and files (folders) without restricting the target operation, you can determine whether the user has the operation authority based on the target file storage path and operation authority information.
  • the execution order of steps a1 and a2 is in no particular order. It is understandable that when performing any of the steps a1 and a2, the result is that the verification fails, there is no need to perform another step, for example, when the identity verification is performed first, and the result is that the identity verification fails, there is no need to continue with the operation authority For verification, at this time, the corresponding prompt message can be directly generated and sent to the user end to prompt the user that the verification has failed.
  • management personnel can also customize the corresponding security verification rules according to actual needs, for example, only perform identity verification or operation authority verification, or use other security verification methods.
  • Step S30 when both the identity verification and the operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;
  • the IO-EM in the server determines the target remote file service according to the target file storage path and preset rules.
  • the step "determines according to the target file storage path and preset rules Target remote file services" include:
  • Step b1 Determine the target file system according to the target file storage path, and obtain the number of requests under each remote file service that has been started corresponding to the target file system, and record it as the first request number;
  • Step b2 Determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.
  • the target file system can be determined first according to the target file storage path, and the number of requests under each started remote file service corresponding to the target file system can be obtained.
  • you can The number of requests under each remote file service IO-Engine that has been started corresponding to the target file system is recorded as the first request number. Since the IO-Engine includes multiple, the corresponding first request number also includes multiple. Then, in order to achieve load balancing, the remote file service IO-Engine corresponding to the smallest value in the first request quantity may be determined as the target remote file service.
  • Step S40 Obtain super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and execute the target file on the target file corresponding to the target file storage path. operating.
  • the super user authority can be obtained through the target remote file service, and the target operation method corresponding to the target operation is called based on the super user authority, and the target operation is performed on the target file corresponding to the target file storage path .
  • the super user can start the target IO-Engine (that is, start the target IO-Engine after logging in with the super user account), and send the file operation request to
  • the target remote file service (target IO-Engine) enables the target IO-Engine to obtain the super user authority, and then the target IO-Engine can call the target operation method corresponding to the target operation based on the super user authority, and the target file storage path The corresponding target file executes the target operation.
  • this application In the file operation process of financial institutions such as banks, this application first performs identity verification and operation authority verification on the user after obtaining user information, target file storage path, and target operation. After the verification is passed, the target remote file service is determined. Then obtain the super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and perform the target operation on the target file corresponding to the target file storage path, without the need to open the super user for each user of the enterprise Permissions can realize the complete control of enterprise user permissions management, that is, improve the controllability of corporate user permissions, and at the same time, it can also improve the security of file system operation and access.
  • the embodiment of the application provides a file operation method.
  • a file operation request sent by a user When a file operation request sent by a user is received, user information, a target file storage path, and a target operation are obtained according to the file operation request, and then based on the user information and target operation obtained above.
  • File storage path and target operation verify user identity and operation authority; when both identity verification and operation authority verification pass, first determine the target remote file service according to the target file storage path and preset rules, and then pass the target remote file service Obtain the super user authority, call the target operation method corresponding to the target operation based on the super user authority, and execute the target operation on the target file corresponding to the target file storage path.
  • the super user authority can be obtained to operate the files of the proxy user (ie other users).
  • the embodiment of the present application does not need to enable the super user authority for each user, which can realize complete control of user authority management and improve the security of operation and access to different file systems.
  • the file operation method further includes:
  • Step A Obtain the current request quantity under each remote file service that has been started regularly, and record it as the second request quantity;
  • the server can monitor the load condition of each remote file service (IO-Engine) through the engine manager (IO-EM), and control the start and stop of the IO-Engine according to the load condition, so as to achieve the purpose of load balancing.
  • IO-EM can periodically obtain the current number of requests under each remote file service that has been started.
  • the obtained current number of requests under each remote file service that has been started can be recorded as the second The number of requests.
  • the current number of requests under the remote file service is the number of file operation requests that need to be processed under the remote file service.
  • the period can be set to once every 3 hours. Of course, it can also be set according to actual needs. There is no specific limitation here. Since the remote file service includes multiple, correspondingly, the second request quantity also includes multiple.
  • Step B detecting whether each value in the second request quantity is greater than a first preset threshold
  • the first preset threshold can be set to 10
  • the first preset threshold can be set to 10
  • Step C If each value in the second request quantity is greater than the first preset threshold, start a new remote file service.
  • each value of the second request quantity is greater than the first preset threshold, it indicates that all IO-Engines are overloaded. At this time, a new remote file service IO-Engine is started.
  • each remote file service IO-Engine corresponds to the type of file system
  • the file system may include the local file system (local), the distributed file system (HDFS), and other types of file systems.
  • local local
  • HDFS distributed file system
  • IO-Engines corresponding to file systems of different types. Therefore, in specific embodiments, the current remote file service IO-Engine of each type of file system that has been activated can also be obtained according to the type of file system.
  • Request quantity (respectively recorded as the third request quantity, the fourth request quantity,...the Nth request quantity), and then respectively detect whether each value in the third request quantity, the fourth request quantity,...the Nth request quantity is greater than The first preset threshold, if each value in a certain number of requests is greater than the first preset threshold, a new IO-Engine under the file system corresponding to the number of requests can be started.
  • the third request quantity corresponds to the local file system, and when it is detected that each value in the third request quantity is greater than the first preset threshold, a new IO-Engine corresponding to the local file system is started.
  • the file operation method may further include:
  • Step D detecting whether there is a value smaller than a second preset threshold in the second request quantity
  • step E stop the existing remote file service corresponding to the value smaller than the second preset threshold.
  • the second request quantity after the second request quantity is obtained, it can also be detected whether there is a value smaller than the second preset threshold in the second request quantity, where the second preset threshold can be set to 0, of course, it can also be performed according to actual needs. Setting, there is no specific limitation here. If it is detected that there is a value less than the second preset threshold in the second request quantity, it indicates that there is an idle remote file service. At this time, the remote file service corresponding to the existing value less than the second preset threshold is stopped, that is, Stop the idle remote file service.
  • external devices such as IR (Intelligent Routing, intelligent routing), to monitor the load status of each IO-Engine (that is, the current number of requests), that is, the current number of requests under each started remote file service is periodically obtained through IR, which is recorded as the second number of requests; IR detects the relationship between each value in the second request quantity and the first preset threshold, generates corresponding notification information according to the detection result, and sends it to IO-EM, so that IO-EM controls the corresponding IO according to the notification information.
  • -Engine start and stop.
  • the specific detection method is the same as in the above embodiment, that is, it is detected whether each value in the second request quantity is greater than the first preset threshold; if each value in the second request quantity is greater than the first With the preset threshold, the notification information for starting a new remote file service is generated and sent to IO-EM, so that IO-EM starts the corresponding new IO-Engine according to the notification information; at the same time, it detects whether the second request quantity exists A value smaller than the second preset threshold. If there is a value smaller than the second preset threshold in the second request quantity, a notification message to stop the remote file service is generated and sent to IO-EM, so that IO-EM can follow the notification message Stop the corresponding idle IO-Engine.
  • the first request quantity can be obtained directly by IO-EM or by IR.
  • the file operation method further includes:
  • the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
  • the corresponding operation execution result may be generated, and the operation execution result may be returned to the user terminal corresponding to the file operation request.
  • the operation execution result includes operation execution success and operation execution failure, among which, when the operation execution fails, the corresponding failure reason can also be returned, so that the user can correct it.
  • This application also provides a file operating system, which includes a file operating device and a user terminal.
  • the file operation device is the file operation device shown in FIG. 1, and is used to execute the steps in the above-mentioned file operation method embodiment.
  • the file operation device is the file operation device shown in FIG. 1, and is used to execute the steps in the above-mentioned file operation method embodiment.
  • the user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information
  • the file system object of the agent is displayed; the file operation request triggered by the user based on the file system object of the agent is received, and the file operation request is sent to the file operation device.
  • the user terminal may be a terminal such as a smart phone or a PC, which integrates an SDK (Software Development Kit) packaged by multiple modules.
  • the sdk encapsulated by multiple modules can include three modules: FsFactory (file system factory), ProxyFS (proxy file system), and IO-Client (input/output).
  • FsFactory is used to receive The file system type and proxy user information are obtained in the file system object query request;
  • ProxyFS is used to receive the file system type (such as the local file system, HDFS file system, etc.) and proxy user information transmitted by FsFactory, and to determine the file system type and proxy user information.
  • the information is encapsulated in a preset manner to obtain the file system object of the corresponding agent, where the file system object of the agent includes the operation method of the file (folder) in the file system corresponding to the agent user, for example, obtaining the size of the file (folder) , Create, delete files (folders), read and write files and other operations;
  • IO-Client is used to receive file operation requests triggered by users, and send the file operation request to the file operation device through a compatible API interface; It can be used to receive the operation execution result returned by the file operation device and display it.
  • the user when the user needs to perform a target operation on a file (folder) corresponding to a target file storage path, the user can first determine the target file system type and target proxy user according to the target file storage path, and use the user terminal Enter the file system type (the type of the target file system) and proxy user information (the information of the target proxy user, which can be the user name of the target proxy user) in the corresponding software or App (Application) in the The file system object query request can be triggered.
  • the user terminal receives the file system object query request triggered by the user, it obtains the file system type and proxy user information carried in the file system object query request.
  • the file system type can be Including local file system, HDFS file system, etc.
  • the proxy user information can be the user name of other users (ie proxy users) that need to be accessed. Then, the file system type and proxy user information are encapsulated to obtain the proxy file system object, and display it on the screen of the user terminal.
  • the proxy file system object includes the operation method corresponding to the target operation.
  • the user queries After the agent’s file system object, you can operate on the file of the agent user. Specifically, the user can trigger the file operation request based on the operation method of the target operation and the target file storage path in the agent’s file system object.
  • the user terminal receives the file operation request, it sends the file operation request to the file operation device, so that the file operation device processes the file operation request.
  • the file operating system includes a file operating device and a user terminal.
  • the file operating device can Achieve unified management of each file system, without opening the super user authority for each user, you can achieve complete control of user authority management, which can improve the security of operation and access to different file systems.
  • the application also provides a file operation device.
  • FIG. 3 is a schematic diagram of the functional modules of the first embodiment of the file operation device of this application.
  • the file operation device includes:
  • the first obtaining module 10 is configured to obtain user information, a target file storage path, and a target operation according to the file operation request when a file operation request is received;
  • the user verification module 20 is configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
  • the service confirmation module 30 is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;
  • the operation execution module 40 is configured to obtain the super user authority through the target remote file service, and call the target operation method corresponding to the target operation based on the super user authority, and to check the target file corresponding to the target file storage path. Perform the target operation.
  • the user information includes user account information, token information, and Internet Protocol IP information
  • the user verification module 20 includes:
  • the identity verification unit is configured to obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, in order to verify the user Perform identity verification;
  • the authority verification unit is configured to obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
  • the service confirmation module 30 includes:
  • the first obtaining unit is configured to determine a target file system according to the target file storage path, and obtain the number of requests under each remote file service that has been started corresponding to the target file system, and record it as the first request number;
  • the first determining unit is configured to determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.
  • the file operation device further includes:
  • the second obtaining module is used to periodically obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity;
  • the first detection module is configured to detect whether each value in the second request quantity is greater than a first preset threshold
  • the service start module is configured to start a new remote file service if each value in the second request quantity is greater than the first preset threshold.
  • the file operation device further includes:
  • the second detection module is configured to detect whether there is a value smaller than a second preset threshold in the second request quantity
  • the service stop module is configured to stop the existing remote file service corresponding to the value smaller than the second preset threshold if it exists.
  • the file operation device further includes:
  • the result return module is used to generate a corresponding operation execution result after the operation execution is completed, and return it to the user terminal corresponding to the file operation request.
  • each module in the above-mentioned file operation device corresponds to each step in the above-mentioned file operation method embodiment, and the function and realization process are not repeated here.
  • the present application also provides a computer-readable storage medium having a file operation program stored on the computer-readable storage medium.
  • the file operation program is executed by a processor, the file operation method described in any of the above embodiments is implemented. step.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present application relates to the technical field of financial technology. Disclosed are a file operation method, apparatus, device, and system, and a computer readable storage medium. The method comprises: when a file operation request is received, obtaining user information, a target file storage path, and a target operation according to the file operation request; performing identity verification and operation permission verification on a user on the basis of the user information, the target file storage path, and the target operation; when the identity verification and the operation permission verification both succeed, determining a target remote file service according to the target file storage path and a preset rule; and obtaining a superuser permission by means of the target remote file service, and invoking, on the basis of the superuser permission, a target operation method corresponding to the target operation to perform the target operation on a target file corresponding to the target file storage path.

Description

文件操作方法、装置、设备、***及计算机可读存储介质File operation method, device, equipment, system and computer readable storage medium
本申请要求于2019年7月19日申请的、申请号为201910658649.5、名称为“文件操作方法、装置、设备、***及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on July 19, 2019, the application number is 201910658649.5, and the title is "File operation methods, devices, equipment, systems and computer-readable storage media", the entire contents of which are incorporated by reference Incorporated in this application.
技术领域Technical field
本申请涉及金融科技(Fintech)技术领域,尤其涉及一种文件操作方法、装置、设备、***及计算机可读存储介质。This application relates to the technical field of financial technology (Fintech), in particular to a file operation method, device, equipment, system and computer-readable storage medium.
背景技术Background technique
随着计算机技术的发展,越来越多的技术(大数据、分布式、区块链Blockchain、人工智能等)应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变,但由于金融行业的安全性、实时性要求,也对技术提出了更高的要求。With the development of computer technology, more and more technologies (big data, distributed, blockchain, artificial intelligence, etc.) are applied in the financial field. The traditional financial industry is gradually transforming to Fintech. However, due to financial The industry's security and real-time requirements also place higher requirements on technology.
在计算机中,文件***(File System)是命名文件及放置文件的逻辑存储和恢复的***。目前,银行等金融机构的很多服务都需要访问到各文件***进行相关的文件操作,对应的,各文件***提供了相应的API(Application Programming Interface,应用程序编程接口)给到用户进行文件相关的操作,例如新增、删除、读写等。目前,本地文件***和HDFS(Hadoop Distributed File System,分布式文件***)等文件***提供的API一般只能使用户对自身的文件进行访问与操作,而没法在一个进程服务里面对所有用户的文件进行访问与操作,除非是采用超级用户权限启动的服务才可以拥有所有文件的权限,然而,为各用户开启超级用户权限,即使得各用户拥有所有文件的操作权限,会导致用户权限的不可控和文件***操作访问的安全性较低。In a computer, the File System is a logical storage and recovery system for naming and placing files. At present, many services of financial institutions such as banks need to access each file system for related file operations. Correspondingly, each file system provides corresponding API (Application Programming Interface (application programming interface) for users to perform file-related operations, such as adding, deleting, reading and writing, etc. Currently, the local file system and HDFS (Hadoop Distributed File System (distributed file system) and other file systems provide APIs that generally only allow users to access and operate their own files, but cannot access and operate all users’ files in a process service unless it is used Only the service started by super user authority can have the authority of all files. However, turning on the super user authority for each user will make each user have the operation authority of all files, which will lead to uncontrollable user authority and security of file system operation access. Lower.
技术解决方案Technical solutions
本申请的主要目的在于提供一种文件操作方法、装置、设备、***及计算机可读存储介质,旨在提高用户权限管理的可控性和文件***操作访问的安全性。The main purpose of this application is to provide a file operation method, device, equipment, system, and computer-readable storage medium, aiming to improve the controllability of user authority management and the security of file system operation and access.
为实现上述目的,本申请提供一种文件操作方法,所述文件操作方法包括:In order to achieve the above objective, this application provides a file operation method, the file operation method includes:
在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;When receiving a file operation request, obtain user information, a target file storage path, and a target operation according to the file operation request;
基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Performing identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;When both the identity verification and the operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;
通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Obtain super user authority through the target remote file service, call a target operation method corresponding to the target operation based on the super user authority, and execute the target operation on the target file corresponding to the target file storage path.
在一实施例中,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,所述基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证的步骤包括:In an embodiment, the user information includes user account information, token information, and Internet Protocol IP information, and the user is authenticated based on the user information, the target file storage path, and the target operation. The steps of operation authority verification include:
获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Obtaining a verification token corresponding to the user account information, comparing the Token information with the verification Token, and detecting whether the IP information is in a preset IP whitelist, so as to authenticate the user;
根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。Obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
在一实施例中,所述根据所述目标文件存储路径和预设规则确定目标远程文件服务的步骤包括:In an embodiment, the step of determining the target remote file service according to the target file storage path and preset rules includes:
根据所述目标文件存储路径确定目标文件***,并获取与所述目标文件***对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Determine the target file system according to the target file storage path, and obtain the number of requests under each started remote file service corresponding to the target file system, and record it as the first request number;
将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.
在一实施例中,所述文件操作方法还包括:In an embodiment, the file operation method further includes:
定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Regularly obtain the current number of requests under each remote file service that has been started, and record it as the second number of requests;
检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Detecting whether each value in the second request quantity is greater than a first preset threshold;
若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。If each value in the second request quantity is greater than the first preset threshold, start a new remote file service.
在一实施例中,所述定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量的步骤之后,还包括:In an embodiment, after the step of periodically obtaining the current request quantity under each remote file service that has been started and recording it as the second request quantity, the method further includes:
检测所述第二请求数量中是否存在小于第二预设阈值的数值;Detecting whether there is a value smaller than a second preset threshold in the second request quantity;
若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If it exists, stop the existing remote file service corresponding to the value smaller than the second preset threshold.
在一实施例中,所述文件操作方法还包括:In an embodiment, the file operation method further includes:
在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the execution of the operation is completed, the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
此外,为实现上述目的,本申请还提供一种文件操作装置,所述文件操作装置包括:In addition, in order to achieve the above object, the present application also provides a file operation device, the file operation device includes:
第一获取模块,用于在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;The first obtaining module is configured to obtain user information, target file storage path, and target operation according to the file operation request when a file operation request is received;
用户验证模块,用于基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;The user verification module is configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
服务确定模块,用于当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;The service determination module is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;
操作执行模块,用于通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。The operation execution module is used to obtain the super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and execute the target file corresponding to the target file storage path The target operation.
此外,为实现上述目的,本申请还提供一种文件操作设备,所述文件操作设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的文件操作程序,所述文件操作程序被所述处理器执行时实现如上所述的文件操作方法的步骤。In addition, in order to achieve the above objective, the present application also provides a file operation device, the file operation device includes: a memory, a processor, and a file operation program stored on the memory and running on the processor, so When the file operation program is executed by the processor, the steps of the file operation method described above are implemented.
此外,为实现上述目的,本申请还提供一种文件操作***,所述文件操作***包括文件操作设备和用户端;其中,In addition, in order to achieve the above object, the present application also provides a file operating system, the file operating system includes a file operating device and a user terminal; wherein,
所述文件操作设备为如上所述的文件操作设备;The file operating device is the file operating device described above;
所述用户端,用于接收用户触发的文件***对象查询请求,并获取所述文件***对象查询请求中携带的文件***类型和代理用户信息;根据所述文件***类型和所述代理用户信息得到代理的文件***对象,并进行显示;接收用户基于所述代理的文件***对象触发的文件操作请求,并将所述文件操作请求发送至所述文件操作设备。The user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information The file system object of the agent is displayed; the file operation request triggered by the user based on the file system object of the agent is received, and the file operation request is sent to the file operation device.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有文件操作程序,所述文件操作程序被处理器执行时实现如上所述的文件操作方法的步骤。In addition, in order to achieve the above objective, the present application also provides a computer-readable storage medium having a file operation program stored on the computer-readable storage medium, and when the file operation program is executed by a processor, the file operation as described above is realized. Method steps.
本申请提供一种文件操作方法、装置、设备、***及计算机可读存储介质,在接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,然后基于上述获取到的用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证;当身份验证和操作权限验证均通过时,先根据该目标文件存储路径和预设规则确定目标远程文件服务,然后通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。通过上述方式,本申请中只需对用户进行身份验证和操作权限验证,当身份验证和操作权限验证均通过之后,即可获取超级用户权限对代理用户(即其他用户)的文件进行操作,相比于现有技术,本申请无需为各用户开启超级用户权限,可实现对用户权限管理的完全可控,可提高不同文件***操作访问的安全性。This application provides a file operation method, device, equipment, system, and computer-readable storage medium. When a file operation request sent by a user is received, user information, target file storage path, and target operation are obtained according to the file operation request, Then based on the obtained user information, target file storage path and target operation, the user is authenticated and the operation authority is verified; when both the identity verification and the operation authority verification are passed, the target is first determined according to the target file storage path and preset rules The remote file service then obtains the super user authority through the target remote file service, and calls the target operation method corresponding to the target operation based on the super user authority, and performs the target operation on the target file corresponding to the target file storage path. Through the above method, this application only needs to perform identity verification and operation authority verification on the user. After both the identity verification and the operation authority verification are passed, the super user authority can be obtained to operate the files of the proxy user (ie other users). Compared with the prior art, this application does not need to enable the super user authority for each user, which can realize complete control of user authority management and improve the security of operation and access to different file systems.
附图说明Description of the drawings
图1为本申请实施例方案涉及的硬件运行环境的设备结构示意图;FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the application;
图2为本申请文件操作方法第一实施例的流程示意图;FIG. 2 is a schematic flowchart of the first embodiment of the application file operation method;
图3为本申请文件操作装置第一实施例的功能模块示意图。FIG. 3 is a schematic diagram of functional modules of the first embodiment of the file operation device of this application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics, and advantages of the purpose of this application will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
本发明的实施方式Embodiments of the invention
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application.
参照图1,图1为本申请实施例方案涉及的硬件运行环境的设备结构示意图。Referring to FIG. 1, FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the application.
本申请实施例文件操作设备可以是智能手机,也可以是PC(Personal Computer,个人计算机)、平板电脑、便携计算机等终端设备。The file operation device in the embodiment of this application can be a smart phone or a PC (Personal Computer, personal computer), tablet computer, portable computer and other terminal equipment.
如图1所示,该文件操作设备可以包括:处理器1001,例如CPU,通信总线1002,用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如Wi-Fi接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1, the file operation device may include a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Among them, the communication bus 1002 is used to implement connection and communication between these components. The user interface 1003 may include a display screen (Display) and an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. The network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a Wi-Fi interface). The memory 1005 may be a high-speed RAM memory, or a stable memory (non-volatile memory), such as a magnetic disk memory. Optionally, the memory 1005 may also be a storage device independent of the foregoing processor 1001.
本领域技术人员可以理解,图1中示出的文件操作设备结构并不构成对文件操作设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the structure of the file operation device shown in FIG. 1 does not constitute a limitation on the file operation device, and may include more or less components than shown, or a combination of certain components, or different components Layout.
如图1所示,作为一种计算机存储介质的存储器1005中可以包括操作***、网络通信模块、用户接口模块以及文件操作程序。As shown in FIG. 1, the memory 1005, which is a computer storage medium, may include an operating system, a network communication module, a user interface module, and a file operation program.
在图1所示的终端中,网络接口1004主要用于连接后台服务器,与后台服务器进行数据通信;用户接口1003主要用于连接客户端,与客户端进行数据通信;而处理器1001可以用于调用存储器1005中存储的文件操作程序,并执行以下操作:In the terminal shown in FIG. 1, the network interface 1004 is mainly used to connect to a back-end server and communicate with the back-end server; the user interface 1003 is mainly used to connect to a client and communicate with the client; and the processor 1001 can be used to Call the file operation program stored in the memory 1005 and perform the following operations:
在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;When receiving a file operation request, obtain user information, a target file storage path, and a target operation according to the file operation request;
基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Performing identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;When both the identity verification and the operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;
通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Obtain super user authority through the target remote file service, call a target operation method corresponding to the target operation based on the super user authority, and execute the target operation on the target file corresponding to the target file storage path.
进一步地,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the user information includes user account information, token information, and Internet Protocol IP information. The processor 1001 can call a file operation program stored in the memory 1005, and also perform the following operations:
获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Obtaining a verification token corresponding to the user account information, comparing the Token information with the verification Token, and detecting whether the IP information is in a preset IP whitelist, so as to authenticate the user;
根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。Obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
根据所述目标文件存储路径确定目标文件***,并获取与所述目标文件***对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Determine the target file system according to the target file storage path, and obtain the number of requests under each started remote file service corresponding to the target file system, and record it as the first request number;
将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.
进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Regularly obtain the current number of requests under each remote file service that has been started, and record it as the second number of requests;
检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Detecting whether each value in the second request quantity is greater than a first preset threshold;
若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。If each value in the second request quantity is greater than the first preset threshold, start a new remote file service.
进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
检测所述第二请求数量中是否存在小于第二预设阈值的数值;Detecting whether there is a value smaller than a second preset threshold in the second request quantity;
若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If it exists, stop the existing remote file service corresponding to the value smaller than the second preset threshold.
进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 may call a file operation program stored in the memory 1005, and also perform the following operations:
在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the execution of the operation is completed, the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
基于上述硬件结构,提出本申请文件操作方法的各实施例。Based on the above hardware structure, various embodiments of the file operation method of this application are proposed.
本申请提供一种文件操作方法。This application provides a file operation method.
参照图2,图2为本申请文件操作方法第一实施例的流程示意图。Referring to FIG. 2, FIG. 2 is a schematic flowchart of a first embodiment of a file operation method of this application.
在本实施例中,该文件操作方法包括:In this embodiment, the file operation method includes:
步骤S10,在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;Step S10, when a file operation request is received, obtain user information, a target file storage path, and a target operation according to the file operation request;
本实施例的文件操作方法是由文件操作设备实现的,该设备以服务器为例进行说明。其中,该设备搭载有引擎管理器服务(IO-EM,Input/Output-Engine Mamager)和远程文件服务(IO-Engine),并提供兼容的API(Application Programming Interface,应用程序编程接口)接收用户端发送的文件操作请求,其中,IO-EM用于接收用户触发的文件操作请求,并根据文件操作请求获取用户信息、目标文件存储路径和目标操作,进而对用户进行身份验证和操作权限验证,还用于监测各远程文件服务IO-Engine的负载情况,进而确定目标远程文件服务,还用于根据IO-Engine的负载情况控制对应IO-Engine的启停,还用于接收IO-Engine发送的操作执行结果,并返回至用户端;远程文件服务IO-Engine用于获取文件***的超级用户权限,并基于超级用户权限调用与获取到的目标操作所对应的文件操作方法对目标文件***上的目标文件进行文件操作,还用于生成对应的操作执行结果,并发送至IO-EM。需要说明的是,IO-Engine是与文件***的类型相对应的,文件***可包括本地文件***(local)、分布式文件***(HDFS)和其他类型的文件***,各类型的文件***所对应的IO-Engine也包括多个。通过该文件操作设备,可实现远程对多种类型文件***的访问操作。The file operation method in this embodiment is implemented by a file operation device, and the device is described by taking a server as an example. Among them, the device is equipped with an engine manager service (IO-EM, Input/Output-Engine Mamager) and remote file service (IO-Engine), and provide compatible API (Application Programming Interface, application programming interface) to receive file operation requests sent by users, among which IO-EM is used to receive file operation requests triggered by users , And obtain user information, target file storage path and target operation according to the file operation request, and then authenticate the user and verify the operation authority. It is also used to monitor the load of each remote file service IO-Engine, and then determine the target remote file service It is also used to control the start and stop of the corresponding IO-Engine according to the load of the IO-Engine, and it is also used to receive the operation execution result sent by the IO-Engine and return it to the user; the remote file service IO-Engine is used to obtain the file system The file operation method corresponding to the obtained target operation is called based on the super user permission of the super user to perform file operations on the target file on the target file system, and is also used to generate the corresponding operation execution result and send it to IO- EM. It should be noted that IO-Engine corresponds to the type of file system. The file system can include local file system (local), distributed file system (HDFS) and other types of file systems, and each type of file system corresponds to The IO-Engine also includes multiple. Through this file operation device, remote access operations to multiple types of file systems can be realized.
在本实施例中,服务器通过IO-EM接收用户端通过其兼容的API接口远程发送的文件操作请求,在通过IO-EM接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,其中,用户信息可以包括但不限于账号信息、Token(令牌)信息和IP(Internet Protocol,互联网协议)信息。In this embodiment, the server receives, through IO-EM, a file operation request remotely sent by the client through its compatible API interface. When receiving a file operation request sent by the client through IO-EM, it obtains the user according to the file operation request. Information, target file storage path and target operation, where user information may include but not limited to account information, Token (token) information, and IP (Internet Protocol, Internet Protocol) information.
步骤S20,基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Step S20: Perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
在获取到用户信息、目标文件存储路径和目标操作之后,服务器中的IO-EM基于用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证,其中,用户信息包括用户账号信息、Token(令牌)信息和IP(Internet Protocol,互联网协议)信息,用户账号信息即为用户的账号名,Token信息可以是预先分配给用户的一个固定的Token码,也可以是由分配给用户的Token生成设备实时生成的一个随机的Token码,IP信息即为用户端的IP地址,步骤S20包括:After obtaining the user information, target file storage path, and target operation, the IO-EM in the server verifies the user's identity and operation authority based on the user information, target file storage path, and target operation. The user information includes user account information. , Token (token) information and IP (Internet Protocol, Internet Protocol) information, user account information is the user’s account name, Token information can be a fixed Token code pre-allocated to the user, or it can be allocated to the user The Token generating device generates a random Token code in real time, and the IP information is the IP address of the user end. Step S20 includes:
步骤a1,获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Step a1: Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist to verify the user's identity ;
对于身份验证,可先获取与该用户账号信息对应的验证Token,对应的,该验证Token可以是预先保存的分配给用户的固定Token码,也可以是Token生成设备同步发送过来的随机Token码,然后将该Token信息与验证Token进行比对,并检测IP信息是否在预设IP白名单中,以对用户进行身份验证。当比对结果为Token信息与验证Token相同,且IP信息在预设IP白名单中时,则身份验证通过。当比对结果为Token信息与验证Token不相同,且/或IP信息不在预设IP白名单中时,则身份验证不通过。需要说明的是,在具体实施例中,可以只基于Token信息和IP信息中的其中一种对用户进行身份验证,当然,也可以基于其他的信息对用户进行身份验证。For identity verification, first obtain the verification Token corresponding to the user account information. Correspondingly, the verification Token can be a pre-saved fixed Token code assigned to the user, or a random Token code synchronously sent by the Token generation device. Then, the Token information is compared with the verification Token, and it is checked whether the IP information is in the preset IP whitelist to authenticate the user. When the comparison result is that the Token information is the same as the verification Token, and the IP information is in the preset IP whitelist, the identity verification is passed. When the comparison result is that the Token information is not the same as the verification Token, and/or the IP information is not in the preset IP whitelist, the identity verification fails. It should be noted that, in specific embodiments, the user may be authenticated based on only one of Token information and IP information, and of course, the user may also be authenticated based on other information.
步骤a2,根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。Step a2: Obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
对于操作权限的验证,可先根据用户账号信息获取用户的操作权限信息,其中,操作权限信息可以包括用户所拥有的对其他哪些用户(代理用户)的哪些文件***、哪些文件(夹)的哪些操作权限。具体的,可以预先设定用户账号信息与操作权限信息之间的映射关系,进而根据用户账号信息和预先设定的用户账号信息与操作权限信息之间的映射关系,来获取得到用户的操作权限信息。For the verification of the operation authority, first obtain the user's operation authority information according to the user account information, where the operation authority information may include which file systems and which files (folders) the user has for which other users (agent users) Operation authority. Specifically, the mapping relationship between user account information and operation authority information can be preset, and then the user's operation authority can be obtained according to the user account information and the mapping relationship between preset user account information and operation authority information. information.
然后,根据目标文件存储路径、目标操作和操作权限信息判断用户是否拥有相应的操作权限,以对用户进行操作权限验证,具体的,可检测目标文件存储路径和目标操作是否在操作权限信息所对应的权限范围内;若在权限范围内,则操作权限验证通过,若不在权限范围内,则操作权限验证失败。其中,目标文件存储路径与目标代理用户、目标文件***和目标文件(夹)相对应,即可根据目标文件存储路径确定出对应的目标代理用户、目标文件***和目标文件(夹),进而根据确定出的目标文件存储路径、目标操作与操作权限信息判断用户是否拥有相应的操作权限。需要说明的是,在实际应用过程中,可根据操作权限信息所具体限定的信息类型,来确定判断用户是否拥有操作权限所需的信息类型,例如,若操作权限信息只限定了有操作权限的代理用户、文件***和文件(夹),而未对目标操作进行限定,则可以基于目标文件存储路径和操作权限信息判断用户是否拥有操作权限。Then, according to the target file storage path, target operation and operation authority information, it is determined whether the user has the corresponding operation authority to verify the operation authority of the user. Specifically, it can be detected whether the target file storage path and target operation correspond to the operation authority information. Within the scope of authority; if it is within the scope of authority, the operation authority verification passes; if it is not within the scope of authority, the operation authority verification fails. Among them, the target file storage path corresponds to the target proxy user, target file system, and target file (folder), and the corresponding target proxy user, target file system, and target file (folder) can be determined according to the target file storage path. The determined target file storage path, target operation and operation authority information determine whether the user has the corresponding operation authority. It should be noted that in the actual application process, the type of information required to determine whether the user has the operation authority can be determined according to the information type specifically defined by the operation authority information. For example, if the operation authority information only limits the operation authority Proxy users, file systems, and files (folders) without restricting the target operation, you can determine whether the user has the operation authority based on the target file storage path and operation authority information.
此外,还需要说明的是,在具体实施例中,步骤a1和a2的执行顺序不分先后。可以理解的是,当执行a1和a2中的任一步骤,结果为验证失败时,则无需执行另一步骤,例如,当先进行身份验证,结果为身份验证失败时,则无需继续进行操作权限的验证,此时,可直接生成对应的提示信息,并发送至用户端,以提示用户验证失败。In addition, it should be noted that, in the specific embodiment, the execution order of steps a1 and a2 is in no particular order. It is understandable that when performing any of the steps a1 and a2, the result is that the verification fails, there is no need to perform another step, for example, when the identity verification is performed first, and the result is that the identity verification fails, there is no need to continue with the operation authority For verification, at this time, the corresponding prompt message can be directly generated and sent to the user end to prompt the user that the verification has failed.
当然,可以理解的是,管理人员也可以根据实际需要对相应的安全验证规则进行个性化配置,例如,只进行身份验证或操作权限验证,或采用其他的安全验证方式。Of course, it is understandable that the management personnel can also customize the corresponding security verification rules according to actual needs, for example, only perform identity verification or operation authority verification, or use other security verification methods.
步骤S30,当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;Step S30, when both the identity verification and the operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;
当身份验证和操作权限验证均通过时,服务器中的IO-EM根据该目标文件存储路径和预设规则确定目标远程文件服务,具体的,步骤“根据所述目标文件存储路径和预设规则确定目标远程文件服务”包括:When both the identity verification and the operation authority verification are passed, the IO-EM in the server determines the target remote file service according to the target file storage path and preset rules. Specifically, the step "determines according to the target file storage path and preset rules Target remote file services" include:
步骤b1,根据所述目标文件存储路径确定目标文件***,并获取与所述目标文件***对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Step b1: Determine the target file system according to the target file storage path, and obtain the number of requests under each remote file service that has been started corresponding to the target file system, and record it as the first request number;
步骤b2,将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。Step b2: Determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.
当文件***类型包括多个时,可先根据目标文件存储路径确定目标文件***,并获取与目标文件***对应的已启动的各远程文件服务下的请求数量,为便于区分和后续描述,可将与目标文件***对应的已启动的各远程文件服务IO-Engine下的请求数量记作第一请求数量,由于IO-Engine包括多个,对应的第一请求数量也包括多个。然后,为实现负载均衡,可将第一请求数量中的最小数值所对应的远程文件服务IO-Engine确定为目标远程文件服务。When there are multiple file system types, the target file system can be determined first according to the target file storage path, and the number of requests under each started remote file service corresponding to the target file system can be obtained. For easy distinction and subsequent description, you can The number of requests under each remote file service IO-Engine that has been started corresponding to the target file system is recorded as the first request number. Since the IO-Engine includes multiple, the corresponding first request number also includes multiple. Then, in order to achieve load balancing, the remote file service IO-Engine corresponding to the smallest value in the first request quantity may be determined as the target remote file service.
步骤S40,通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Step S40: Obtain super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and execute the target file on the target file corresponding to the target file storage path. operating.
在确定得到目标远程文件服务后,可通过该目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。具体的,从底层来看,IO-EM确定得到目标远程文件服务后,可由超级用户启动目标IO-Engine(即采用超级用户的账号登录后启动目标IO-Engine),并将文件操作请求发送至该目标远程文件服务(目标IO-Engine),以使得目标IO-Engine获取超级用户权限,进而目标IO-Engine可基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行所述目标操作。After the target remote file service is determined, the super user authority can be obtained through the target remote file service, and the target operation method corresponding to the target operation is called based on the super user authority, and the target operation is performed on the target file corresponding to the target file storage path . Specifically, from the bottom level, after IO-EM determines that the target remote file service is obtained, the super user can start the target IO-Engine (that is, start the target IO-Engine after logging in with the super user account), and send the file operation request to The target remote file service (target IO-Engine) enables the target IO-Engine to obtain the super user authority, and then the target IO-Engine can call the target operation method corresponding to the target operation based on the super user authority, and the target file storage path The corresponding target file executes the target operation.
本申请在银行等金融机构的文件操作过程中,在获取到用户信息、目标文件存储路径和目标操作后,先对用户进行身份验证和操作权限验证,在验证通过后,确定目标远程文件服务,进而通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作,无需为企业的各用户开启超级用户权限,可实现对企业用户权限管理的完全可控,即提高了企业用户权限的可控性,同时,还可以提高文件***操作访问的安全性。In the file operation process of financial institutions such as banks, this application first performs identity verification and operation authority verification on the user after obtaining user information, target file storage path, and target operation. After the verification is passed, the target remote file service is determined. Then obtain the super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and perform the target operation on the target file corresponding to the target file storage path, without the need to open the super user for each user of the enterprise Permissions can realize the complete control of enterprise user permissions management, that is, improve the controllability of corporate user permissions, and at the same time, it can also improve the security of file system operation and access.
本申请实施例提供一种文件操作方法,在接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,然后基于上述获取到的用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证;当身份验证和操作权限验证均通过时,先根据该目标文件存储路径和预设规则确定目标远程文件服务,然后通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。通过上述方式,本申请实施例中只需对用户进行身份验证和操作权限验证,当身份验证和操作权限验证均通过之后,即可获取超级用户权限对代理用户(即其他用户)的文件进行操作,相比于现有技术,本申请实施例无需为各用户开启超级用户权限,可实现对用户权限管理的完全可控,可提高不同文件***操作访问的安全性。The embodiment of the application provides a file operation method. When a file operation request sent by a user is received, user information, a target file storage path, and a target operation are obtained according to the file operation request, and then based on the user information and target operation obtained above. File storage path and target operation verify user identity and operation authority; when both identity verification and operation authority verification pass, first determine the target remote file service according to the target file storage path and preset rules, and then pass the target remote file service Obtain the super user authority, call the target operation method corresponding to the target operation based on the super user authority, and execute the target operation on the target file corresponding to the target file storage path. Through the above method, in the embodiment of this application, only the user's identity verification and operation authority verification are required. After the identity verification and the operation authority verification are passed, the super user authority can be obtained to operate the files of the proxy user (ie other users). Compared with the prior art, the embodiment of the present application does not need to enable the super user authority for each user, which can realize complete control of user authority management and improve the security of operation and access to different file systems.
进一步地,基于图2所示的第一实施例,提出本申请文件操作方法的第二实施例。Further, based on the first embodiment shown in FIG. 2, a second embodiment of the file operation method of this application is proposed.
在本实施例中,该文件操作方法还包括:In this embodiment, the file operation method further includes:
步骤A,定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Step A: Obtain the current request quantity under each remote file service that has been started regularly, and record it as the second request quantity;
在本实施例中,服务器可通过引擎管理器(IO-EM)监测各远程文件服务(IO-Engine)的负载情况,并根据负载情况控制IO-Engine的启停,以达到负载均衡的目的。具体的,IO-EM可定期获取已启动的各远程文件服务下的当前请求数量,为便于区别和后续表述,可将获取到的已启动的各远程文件服务下的当前请求数量记作第二请求数量。其中,远程文件服务下的当前请求数量,即为远程文件服务下需处理的文件操作请求的数量。定期可设为每隔3小时一次,当然,也可以根据实际需要进行设定,此处不做具体限定。由于远程文件服务包括多个,对应的,第二请求数量也包括多个。In this embodiment, the server can monitor the load condition of each remote file service (IO-Engine) through the engine manager (IO-EM), and control the start and stop of the IO-Engine according to the load condition, so as to achieve the purpose of load balancing. Specifically, IO-EM can periodically obtain the current number of requests under each remote file service that has been started. For the convenience of distinction and subsequent expression, the obtained current number of requests under each remote file service that has been started can be recorded as the second The number of requests. Among them, the current number of requests under the remote file service is the number of file operation requests that need to be processed under the remote file service. The period can be set to once every 3 hours. Of course, it can also be set according to actual needs. There is no specific limitation here. Since the remote file service includes multiple, correspondingly, the second request quantity also includes multiple.
步骤B,检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Step B, detecting whether each value in the second request quantity is greater than a first preset threshold;
在获取到第二请求数量之后,检测第二请求数量中的各个数值是否均大于第一预设阈值,其中,第一预设阈值可设为10个,当然,也可以根据实际需要进行设定,此处不做具体限定。After the second request quantity is obtained, it is detected whether each value in the second request quantity is greater than the first preset threshold, where the first preset threshold can be set to 10, of course, it can also be set according to actual needs , There is no specific limitation here.
步骤C,若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。Step C: If each value in the second request quantity is greater than the first preset threshold, start a new remote file service.
若第二请求数量的各个数值均大于第一预设阈值,说明所有的IO-Engine均负载过高,此时,则启动新的远程文件服务IO-Engine。If each value of the second request quantity is greater than the first preset threshold, it indicates that all IO-Engines are overloaded. At this time, a new remote file service IO-Engine is started.
需要说明的是,由于各远程文件服务IO-Engine是与文件***的类型相对应的,例如文件***可包括本地文件***(local)、分布式文件***(HDFS)和其他类型的文件***,各类型的文件***所对应的IO-Engine也包括多个,因此,在具体实施例中,还可以按文件***的类型,分别获取各类型文件***的已启动的远程文件服务IO-Engine下的当前请求数量(分别记作第三请求数量、第四请求数量、……第N请求数量),进而分别检测第三请求数量、第四请求数量、……第N请求数量中的各个数值是否均大于第一预设阈值,若存在某一请求数量中的各个数值均大于第一预设阈值时,可启动该请求数量所对应的文件***下的新的IO-Engine。例如,第三请求数量对应本地文件***,当检测到第三请求数量中的各个数值均大于第一预设阈值时,则启动本地文件***所对应的新的IO-Engine。It should be noted that since each remote file service IO-Engine corresponds to the type of file system, for example, the file system may include the local file system (local), the distributed file system (HDFS), and other types of file systems. There are also multiple IO-Engines corresponding to file systems of different types. Therefore, in specific embodiments, the current remote file service IO-Engine of each type of file system that has been activated can also be obtained according to the type of file system. Request quantity (respectively recorded as the third request quantity, the fourth request quantity,...the Nth request quantity), and then respectively detect whether each value in the third request quantity, the fourth request quantity,...the Nth request quantity is greater than The first preset threshold, if each value in a certain number of requests is greater than the first preset threshold, a new IO-Engine under the file system corresponding to the number of requests can be started. For example, the third request quantity corresponds to the local file system, and when it is detected that each value in the third request quantity is greater than the first preset threshold, a new IO-Engine corresponding to the local file system is started.
进一步地,在步骤A之后,该文件操作方法还可以包括:Further, after step A, the file operation method may further include:
步骤D,检测所述第二请求数量中是否存在小于第二预设阈值的数值;Step D, detecting whether there is a value smaller than a second preset threshold in the second request quantity;
若存在,则执行步骤E:停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If it exists, perform step E: stop the existing remote file service corresponding to the value smaller than the second preset threshold.
此外,在获取到第二请求数量之后,还可以检测第二请求数量中是否存在小于第二预设阈值的数值,其中,第二预设阈值可设为0,当然,也可以根据实际需要进行设定,此处不做具体限定。若检测到第二请求数量中存在小于第二预设阈值的数值,说明存在空闲的远程文件服务,此时,则停止所存在的小于第二预设阈值的数值所对应的远程文件服务,即停止空闲的远程文件服务。In addition, after the second request quantity is obtained, it can also be detected whether there is a value smaller than the second preset threshold in the second request quantity, where the second preset threshold can be set to 0, of course, it can also be performed according to actual needs. Setting, there is no specific limitation here. If it is detected that there is a value less than the second preset threshold in the second request quantity, it indicates that there is an idle remote file service. At this time, the remote file service corresponding to the existing value less than the second preset threshold is stopped, that is, Stop the idle remote file service.
当然,需要说明的是,在具体实施例中,还可以通过外部设备,如IR(Intelligent Routing,智能路由),来监测各IO-Engine的负载情况(即当前请求数量),即,通过IR定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;进而通过IR检测所述第二请求数量中的各个数值与第一预设阈值的大小关系,根据检测结果生成对应的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息控制对应的IO-Engine的启停。其中,具体的检测方法与上述实施例中相同,即,检测所述第二请求数量中的各个数值是否均大于第一预设阈值;若所述第二请求数量中的各个数值均大于第一预设阈值,则生成启动新的远程文件服务的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息启动对应的新的IO-Engine;同时,检测第二请求数量中是否存在小于第二预设阈值的数值,若第二请求数量中存在小于第二预设阈值的数值,则生成停止远程文件服务的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息停止对应的空闲的IO-Engine。Of course, it should be noted that, in specific embodiments, external devices such as IR (Intelligent Routing, intelligent routing), to monitor the load status of each IO-Engine (that is, the current number of requests), that is, the current number of requests under each started remote file service is periodically obtained through IR, which is recorded as the second number of requests; IR detects the relationship between each value in the second request quantity and the first preset threshold, generates corresponding notification information according to the detection result, and sends it to IO-EM, so that IO-EM controls the corresponding IO according to the notification information. -Engine start and stop. Wherein, the specific detection method is the same as in the above embodiment, that is, it is detected whether each value in the second request quantity is greater than the first preset threshold; if each value in the second request quantity is greater than the first With the preset threshold, the notification information for starting a new remote file service is generated and sent to IO-EM, so that IO-EM starts the corresponding new IO-Engine according to the notification information; at the same time, it detects whether the second request quantity exists A value smaller than the second preset threshold. If there is a value smaller than the second preset threshold in the second request quantity, a notification message to stop the remote file service is generated and sent to IO-EM, so that IO-EM can follow the notification message Stop the corresponding idle IO-Engine.
可以理解,在上述第一实施例中,在根据目标文件存储路径和预设规则确定目标远程文件服务的过程中,第一请求数量除可由IO-EM直接获取外,也可以通过IR获取得到。It can be understood that, in the foregoing first embodiment, in the process of determining the target remote file service according to the target file storage path and preset rules, the first request quantity can be obtained directly by IO-EM or by IR.
进一步地,基于图2所示的第一实施例,提出本申请文件操作方法的第三实施例。Further, based on the first embodiment shown in FIG. 2, a third embodiment of the file operation method of this application is proposed.
在本实施例中,在步骤S40之后,该文件操作方法还包括:In this embodiment, after step S40, the file operation method further includes:
在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the execution of the operation is completed, the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
在本实施例中,为便于用户了解操作的执行结果,可在操作执行完成后,生成对应的操作执行结果,并将操作执行结果返回至与该文件操作请求对应的用户端。其中,操作执行结果包括操作执行成功和操作执行失败等,其中,对于操作执行失败时,还可返回对应的失败原因,以便于用户进行更正处理。In this embodiment, in order to facilitate the user to understand the execution result of the operation, after the execution of the operation is completed, the corresponding operation execution result may be generated, and the operation execution result may be returned to the user terminal corresponding to the file operation request. Among them, the operation execution result includes operation execution success and operation execution failure, among which, when the operation execution fails, the corresponding failure reason can also be returned, so that the user can correct it.
本申请还提供一种文件操作***,该文件操作***包括文件操作设备和用户端。其中,所述文件操作设备为如图1所示的文件操作设备,用于执行上述文件操作方法实施例中的各步骤,具体的功能和实现过程可参照上述实施例,此处不作赘述。This application also provides a file operating system, which includes a file operating device and a user terminal. Wherein, the file operation device is the file operation device shown in FIG. 1, and is used to execute the steps in the above-mentioned file operation method embodiment. For specific functions and implementation processes, refer to the above-mentioned embodiment, and will not be repeated here.
所述用户端,用于接收用户触发的文件***对象查询请求,并获取所述文件***对象查询请求中携带的文件***类型和代理用户信息;根据所述文件***类型和所述代理用户信息得到代理的文件***对象,并进行显示;接收用户基于所述代理的文件***对象触发的文件操作请求,并将所述文件操作请求发送至所述文件操作设备。The user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information The file system object of the agent is displayed; the file operation request triggered by the user based on the file system object of the agent is received, and the file operation request is sent to the file operation device.
本实施例中,该用户端可以为智能手机、PC等终端,集成有由多个模块封装而成的sdk(Software Development Kit,软件开发工具包)。具体的,该由多个模块封装而成的sdk可包括FsFactory(文件***工厂)、ProxyFS(代理文件***)和IO-Client(输入/输出)3个模块,其中,FsFactory用于从接收到的文件***对象查询请求中获取到文件***类型和代理用户信息;ProxyFS用于接收FsFactory传输的文件***类型(如本地文件***、HDFS文件***等)和代理用户信息,并对文件***类型和代理用户信息按预设方式进行封装,得到对应的代理的文件***对象,其中,该代理的文件***对象包括代理用户对应的文件***中对文件(夹)的操作方法,例如,获取文件(夹)大小,创建、删除文件(夹),读写文件等操作的操作方法;IO-Client用于接收到用户触发的文件操作请求,并将该文件操作请求通过兼容的API接口发送至文件操作设备;还可以用于接收文件操作设备返回的操作执行结果,并进行显示。In this embodiment, the user terminal may be a terminal such as a smart phone or a PC, which integrates an SDK (Software Development Kit) packaged by multiple modules. Specifically, the sdk encapsulated by multiple modules can include three modules: FsFactory (file system factory), ProxyFS (proxy file system), and IO-Client (input/output). Among them, FsFactory is used to receive The file system type and proxy user information are obtained in the file system object query request; ProxyFS is used to receive the file system type (such as the local file system, HDFS file system, etc.) and proxy user information transmitted by FsFactory, and to determine the file system type and proxy user information. The information is encapsulated in a preset manner to obtain the file system object of the corresponding agent, where the file system object of the agent includes the operation method of the file (folder) in the file system corresponding to the agent user, for example, obtaining the size of the file (folder) , Create, delete files (folders), read and write files and other operations; IO-Client is used to receive file operation requests triggered by users, and send the file operation request to the file operation device through a compatible API interface; It can be used to receive the operation execution result returned by the file operation device and display it.
具体的,当用户需要对某一目标文件存储路径对应的文件(夹)进行某一目标操作时,用户可先根据该目标文件存储路径确定得到目标文件***的类型和目标代理用户,通过用户终端中的对应软件或App(Application,应用程序)输入文件***类型(即目标文件***的类型)和代理用户信息(即目标代理用户的信息,可以为目标代理用户的用户名),输入完成后即可触发文件***对象查询请求,此时,用户端在接收到用户触发的文件***对象查询请求时,获取该文件***对象查询请求中携带的文件***类型和代理用户信息,其中,文件***类型可以包括本地文件***、HDFS文件***等,代理用户信息可以为所需访问的其他用户(即代理用户)的用户名。然后,对文件***类型和代理用户信息进行封装,得到代理的文件***对象,并在用户端的屏幕中进行显示,其中,代理的文件***对象中包括目标操作对应的操作方法,当用户在查询到代理的文件***对象后,即可对代理用户的文件进行操作,具体的,用户可基于该代理的文件***对象中的目标操作的操作方法、目标文件存储路径,来触发文件操作请求,此时,用户端在接收到该文件操作请求时,将该文件操作请求发送至文件操作设备,以使得文件操作设备对该文件操作请求进行处理。Specifically, when the user needs to perform a target operation on a file (folder) corresponding to a target file storage path, the user can first determine the target file system type and target proxy user according to the target file storage path, and use the user terminal Enter the file system type (the type of the target file system) and proxy user information (the information of the target proxy user, which can be the user name of the target proxy user) in the corresponding software or App (Application) in the The file system object query request can be triggered. At this time, when the user terminal receives the file system object query request triggered by the user, it obtains the file system type and proxy user information carried in the file system object query request. Among them, the file system type can be Including local file system, HDFS file system, etc. The proxy user information can be the user name of other users (ie proxy users) that need to be accessed. Then, the file system type and proxy user information are encapsulated to obtain the proxy file system object, and display it on the screen of the user terminal. The proxy file system object includes the operation method corresponding to the target operation. When the user queries After the agent’s file system object, you can operate on the file of the agent user. Specifically, the user can trigger the file operation request based on the operation method of the target operation and the target file storage path in the agent’s file system object. When the user terminal receives the file operation request, it sends the file operation request to the file operation device, so that the file operation device processes the file operation request.
本实施例提供一种文件操作***,该文件操作***包括文件操作设备和用户端,通过构建上述文件操作***,可便于用户通过用户端对远程文件***进行访问操作,同时,通过文件操作设备可实现对各文件***进行统一管理,无需为各用户开启超级用户权限,即可实现对用户权限管理的完全可控,可提高不同文件***操作访问的安全性。This embodiment provides a file operating system. The file operating system includes a file operating device and a user terminal. By constructing the above file operating system, it is convenient for users to access and operate a remote file system through the user terminal. At the same time, the file operating device can Achieve unified management of each file system, without opening the super user authority for each user, you can achieve complete control of user authority management, which can improve the security of operation and access to different file systems.
本申请还提供一种文件操作装置。The application also provides a file operation device.
参照图3,图3为本申请文件操作装置第一实施例的功能模块示意图。Referring to FIG. 3, FIG. 3 is a schematic diagram of the functional modules of the first embodiment of the file operation device of this application.
如图3所示,所述文件操作装置包括:As shown in FIG. 3, the file operation device includes:
第一获取模块10,用于在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;The first obtaining module 10 is configured to obtain user information, a target file storage path, and a target operation according to the file operation request when a file operation request is received;
用户验证模块20,用于基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;The user verification module 20 is configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
服务确认模块30,用于当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;The service confirmation module 30 is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;
操作执行模块40,用于通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。The operation execution module 40 is configured to obtain the super user authority through the target remote file service, and call the target operation method corresponding to the target operation based on the super user authority, and to check the target file corresponding to the target file storage path. Perform the target operation.
进一步地,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,所述用户验证模块20包括:Further, the user information includes user account information, token information, and Internet Protocol IP information, and the user verification module 20 includes:
身份验证单元,用于获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;The identity verification unit is configured to obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, in order to verify the user Perform identity verification;
权限验证单元,用于根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。The authority verification unit is configured to obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
进一步地,所述服务确认模块30包括:Further, the service confirmation module 30 includes:
第一获取单元,用于根据所述目标文件存储路径确定目标文件***,并获取与所述目标文件***对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;The first obtaining unit is configured to determine a target file system according to the target file storage path, and obtain the number of requests under each remote file service that has been started corresponding to the target file system, and record it as the first request number;
第一确定单元,用于将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The first determining unit is configured to determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.
进一步地,所述文件操作装置还包括:Further, the file operation device further includes:
第二获取模块,用于定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;The second obtaining module is used to periodically obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity;
第一检测模块,用于检测所述第二请求数量中的各个数值是否均大于第一预设阈值;The first detection module is configured to detect whether each value in the second request quantity is greater than a first preset threshold;
服务启动模块,用于若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。The service start module is configured to start a new remote file service if each value in the second request quantity is greater than the first preset threshold.
进一步地,所述文件操作装置还包括:Further, the file operation device further includes:
第二检测模块,用于检测所述第二请求数量中是否存在小于第二预设阈值的数值;The second detection module is configured to detect whether there is a value smaller than a second preset threshold in the second request quantity;
服务停止模块,用于若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。The service stop module is configured to stop the existing remote file service corresponding to the value smaller than the second preset threshold if it exists.
进一步地,所述文件操作装置还包括:Further, the file operation device further includes:
结果返回模块,用于在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。The result return module is used to generate a corresponding operation execution result after the operation execution is completed, and return it to the user terminal corresponding to the file operation request.
其中,上述文件操作装置中各个模块的功能实现与上述文件操作方法实施例中各步骤相对应,其功能和实现过程在此处不再一一赘述。Among them, the function realization of each module in the above-mentioned file operation device corresponds to each step in the above-mentioned file operation method embodiment, and the function and realization process are not repeated here.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质上存储有文件操作程序,所述文件操作程序被处理器执行时实现如以上任一项实施例所述的文件操作方法的步骤。The present application also provides a computer-readable storage medium having a file operation program stored on the computer-readable storage medium. When the file operation program is executed by a processor, the file operation method described in any of the above embodiments is implemented. step.
本申请计算机可读存储介质的具体实施例与上述文件操作方法各实施例基本相同,在此不作赘述。The specific embodiments of the computer-readable storage medium of this application are basically the same as the embodiments of the above-mentioned file operation method, and will not be repeated here.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者***不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者***所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者***中还存在另外的相同要素。It should be noted that in this article, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or system including a series of elements not only includes those elements, It also includes other elements not explicitly listed, or elements inherent to the process, method, article, or system. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article or system that includes the element.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are for description only, and do not represent the superiority of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , Magnetic disk, optical disk), including several instructions to make a terminal device (can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of this application, and do not limit the scope of this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of this application, or directly or indirectly used in other related technical fields , The same reason is included in the scope of patent protection of this application.

Claims (10)

  1. 一种文件操作方法,其中,所述文件操作方法包括:A file operation method, wherein the file operation method includes:
    在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;When receiving a file operation request, obtain user information, a target file storage path, and a target operation according to the file operation request;
    基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Performing identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
    当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;When both the identity verification and the operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;
    通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Obtain super user authority through the target remote file service, call a target operation method corresponding to the target operation based on the super user authority, and execute the target operation on the target file corresponding to the target file storage path.
  2. 如权利要求1所述的文件操作方法,其中,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,所述基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证的步骤包括:The file operation method according to claim 1, wherein the user information includes user account information, token information, and Internet Protocol IP information, based on the user information, the target file storage path, and the target The steps to verify user identity and operation authority include:
    获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Obtaining a verification token corresponding to the user account information, comparing the Token information with the verification Token, and detecting whether the IP information is in a preset IP whitelist, so as to authenticate the user;
    根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。Obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.
  3. 如权利要求1所述的文件操作方法,其中,所述根据所述目标文件存储路径和预设规则确定目标远程文件服务的步骤包括:The file operation method according to claim 1, wherein the step of determining the target remote file service according to the target file storage path and preset rules comprises:
    根据所述目标文件存储路径确定目标文件***,并获取与所述目标文件***对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Determine the target file system according to the target file storage path, and obtain the number of requests under each started remote file service corresponding to the target file system, and record it as the first request number;
    将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.
  4. 如权利要求1至3中任一项所述的文件操作方法,其中,所述文件操作方法还包括:The file operation method according to any one of claims 1 to 3, wherein the file operation method further comprises:
    定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Regularly obtain the current number of requests under each remote file service that has been started, and record it as the second number of requests;
    检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Detecting whether each value in the second request quantity is greater than a first preset threshold;
    若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。If each value in the second request quantity is greater than the first preset threshold, start a new remote file service.
  5. 如权利要求4所述的文件操作方法,其中,所述定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量的步骤之后,还包括:5. The file operation method according to claim 4, wherein after the step of periodically obtaining the current number of requests under each remote file service that has been started and recording it as the second number of requests, the method further comprises:
    检测所述第二请求数量中是否存在小于第二预设阈值的数值;Detecting whether there is a value smaller than a second preset threshold in the second request quantity;
    若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If it exists, stop the existing remote file service corresponding to the value smaller than the second preset threshold.
  6. 如权利要求1至3中任一项所述的文件操作方法,其中,所述文件操作方法还包括:The file operation method according to any one of claims 1 to 3, wherein the file operation method further comprises:
    在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the execution of the operation is completed, the corresponding operation execution result is generated and returned to the user terminal corresponding to the file operation request.
  7. 一种文件操作装置,其中,所述文件操作装置包括:A file operation device, wherein the file operation device includes:
    第一获取模块,用于在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;The first obtaining module is configured to obtain user information, target file storage path, and target operation according to the file operation request when a file operation request is received;
    用户验证模块,用于基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;The user verification module is configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path, and the target operation;
    服务确定模块,用于当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;The service determination module is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;
    操作执行模块,用于通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。The operation execution module is used to obtain the super user authority through the target remote file service, call the target operation method corresponding to the target operation based on the super user authority, and execute the target file corresponding to the target file storage path The target operation.
  8. 一种文件操作设备,其中,所述文件操作设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的文件操作程序,所述文件操作程序被所述处理器执行时实现如权利要求1至6中任一项所述的文件操作方法的步骤。A file operation device, wherein the file operation device includes: a memory, a processor, and a file operation program stored in the memory and capable of being run on the processor, and the file operation program is executed by the processor When executed, the steps of the file operation method according to any one of claims 1 to 6 are realized.
  9. 一种文件操作***,其中,所述文件操作***包括文件操作设备和用户端;其中,A file operating system, wherein the file operating system includes a file operating device and a user terminal; wherein,
    所述文件操作设备为如权利要求8所述的文件操作设备;The file operating device is the file operating device according to claim 8;
    所述用户端,用于接收用户触发的文件***对象查询请求,并获取所述文件***对象查询请求中携带的文件***类型和代理用户信息;根据所述文件***类型和所述代理用户信息得到代理的文件***对象,并进行显示;接收用户基于所述代理的文件***对象触发的文件操作请求,并将所述文件操作请求发送至所述文件操作设备。The user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information The file system object of the agent is displayed; the file operation request triggered by the user based on the file system object of the agent is received, and the file operation request is sent to the file operation device.
  10. 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有文件操作程序,所述文件操作程序被处理器执行时实现如权利要求1至6中任一项所述的文件操作方法的步骤。A computer-readable storage medium, wherein a file operation program is stored on the computer-readable storage medium, and the file operation program is executed by a processor to implement the file operation according to any one of claims 1 to 6 Method steps.
PCT/CN2020/102319 2019-07-19 2020-07-16 File operation method, apparatus, device, and system, and computer readable storage medium WO2021013033A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910658649.5 2019-07-19
CN201910658649.5A CN110363026B (en) 2019-07-19 2019-07-19 File operation method, device, equipment, system and computer readable storage medium

Publications (1)

Publication Number Publication Date
WO2021013033A1 true WO2021013033A1 (en) 2021-01-28

Family

ID=68221369

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/102319 WO2021013033A1 (en) 2019-07-19 2020-07-16 File operation method, apparatus, device, and system, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN110363026B (en)
WO (1) WO2021013033A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312133A (en) * 2021-06-17 2021-08-27 浙江齐安信息科技有限公司 Operation method, system and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363026B (en) * 2019-07-19 2021-06-25 深圳前海微众银行股份有限公司 File operation method, device, equipment, system and computer readable storage medium
CN111222146B (en) * 2019-11-14 2022-08-12 京东科技控股股份有限公司 Authority checking method, authority checking device, storage medium and electronic equipment
CN113496013A (en) * 2020-03-19 2021-10-12 顺丰科技有限公司 File management method, file management device, server and storage medium
CN113051611B (en) * 2021-03-15 2022-04-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113382017B (en) * 2021-06-29 2022-11-04 深圳壹账通智能科技有限公司 Permission control method and device based on white list, electronic equipment and storage medium
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN114785607A (en) * 2022-05-06 2022-07-22 深圳创维-Rgb电子有限公司 Advertisement blocking method, device, equipment and computer readable storage medium
CN115277680B (en) * 2022-07-29 2024-04-19 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security
CN115114646B (en) * 2022-08-25 2023-01-03 北京前沿信安科技股份有限公司 File authority processing method and device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030110131A1 (en) * 2001-12-12 2003-06-12 Secretseal Inc. Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder
CN109543448A (en) * 2018-11-16 2019-03-29 深圳前海微众银行股份有限公司 HDFS file access authority control method, equipment and storage medium
CN110363026A (en) * 2019-07-19 2019-10-22 深圳前海微众银行股份有限公司 File operation method, device, equipment, system and computer readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030110131A1 (en) * 2001-12-12 2003-06-12 Secretseal Inc. Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder
CN109543448A (en) * 2018-11-16 2019-03-29 深圳前海微众银行股份有限公司 HDFS file access authority control method, equipment and storage medium
CN110363026A (en) * 2019-07-19 2019-10-22 深圳前海微众银行股份有限公司 File operation method, device, equipment, system and computer readable storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312133A (en) * 2021-06-17 2021-08-27 浙江齐安信息科技有限公司 Operation method, system and storage medium

Also Published As

Publication number Publication date
CN110363026A (en) 2019-10-22
CN110363026B (en) 2021-06-25

Similar Documents

Publication Publication Date Title
WO2021013033A1 (en) File operation method, apparatus, device, and system, and computer readable storage medium
US20200285978A1 (en) Model training system and method, and storage medium
WO2020151322A1 (en) Identity management method, apparatus and device based on blockchain, and storage medium
US10484385B2 (en) Accessing an application through application clients and web browsers
US11790077B2 (en) Methods, mediums, and systems for establishing and using security questions
CA2930253C (en) Single set of credentials for accessing multiple computing resource services
US10476911B2 (en) Data access policies
US11962511B2 (en) Organization level identity management
CN110324338B (en) Data interaction method, device, fort machine and computer readable storage medium
WO2014040461A1 (en) Access control method and device
CN111475795A (en) Method and device for unified authentication and authorization facing to multiple applications
US10754972B2 (en) Multi-factor administrator action verification system
WO2022095518A1 (en) Automatic interface test method and apparatus, and computer device and storage medium
US20150373011A1 (en) Credential collection in an authentication server employing diverse authentication schemes
US10904011B2 (en) Configuration updates for access-restricted hosts
US20130174234A1 (en) Light-weight credential synchronization
CN112836186A (en) Page control method and device
WO2021232860A1 (en) Communication method, apparatus and system
CN112583890B (en) Message pushing method and device based on enterprise office system and computer equipment
US8806589B2 (en) Credential collection in an authentication server employing diverse authentication schemes
CN114117507A (en) Object storage system, access control method and device thereof, and storage medium
US20240104223A1 (en) Portable verification context
US11853560B2 (en) Conditional role decision based on source environments
US11961523B2 (en) Secure enterprise access with voice assistant devices
WO2023280009A1 (en) Access control method and apparatus, device, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20844667

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20844667

Country of ref document: EP

Kind code of ref document: A1