WO2023093139A1 - Procédé et appareil de création de ressources et dispositif électronique et support de stockage - Google Patents

Procédé et appareil de création de ressources et dispositif électronique et support de stockage Download PDF

Info

Publication number
WO2023093139A1
WO2023093139A1 PCT/CN2022/112745 CN2022112745W WO2023093139A1 WO 2023093139 A1 WO2023093139 A1 WO 2023093139A1 CN 2022112745 W CN2022112745 W CN 2022112745W WO 2023093139 A1 WO2023093139 A1 WO 2023093139A1
Authority
WO
WIPO (PCT)
Prior art keywords
thread
key
request
variable storage
storage class
Prior art date
Application number
PCT/CN2022/112745
Other languages
English (en)
Chinese (zh)
Inventor
金佳红
陶淘
师忠涛
时璇
Original Assignee
中移(苏州)软件技术有限公司
***通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中移(苏州)软件技术有限公司, ***通信集团有限公司 filed Critical 中移(苏州)软件技术有限公司
Publication of WO2023093139A1 publication Critical patent/WO2023093139A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4488Object-oriented
    • G06F9/4492Inheritance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/5018Thread allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • the present application relates to the field of computer technology, and in particular to a resource creation method, device, electronic equipment and storage medium.
  • the multi-cloud management platform can provide a one-stop cross-public cloud server resource management service.
  • a user requests to create a cloud resource, it needs to call multiple application programming interfaces (API, Application Programming Interface) of different cloud servers.
  • API Application Programming Interface
  • Different cloud server APIs need to use keys for authentication.
  • in related technologies in the process of executing resource creation tasks through threads, there are problems of low efficiency of key transfer and data interference.
  • embodiments of the present application provide a resource creation method, device, electronic equipment, and storage medium.
  • the embodiment of this application provides a resource creation method, the method includes:
  • the first request is used to request creation of a first resource; the first thread is used to process the first request;
  • the first thread is a child thread of the second thread;
  • the first key is used to request the cloud server through the first thread Provide permission credentials when creating the first resource;
  • the first request carries a first identifier
  • the first identifier represents the identifier of the terminal that initiated the first request
  • the variable storage class corresponding to the second thread does not store the first identifier.
  • the method includes:
  • the method when storing the first key in the variable storage class corresponding to the second thread, the method includes:
  • the first key is encrypted by a public key encryption (RSA) algorithm to obtain the encrypted first key;
  • RSA public key encryption
  • the method further includes:
  • the thread object information corresponding to the first thread and the first key are stored in the variable storage class corresponding to the first thread in the form of a key-value pair.
  • the method also includes:
  • the first key is obtained from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class through the first thread, including:
  • variable storage class gets the first key.
  • the method when the first thread checks whether the first key stored in the variable storage class corresponding to the second thread is valid, the method includes:
  • the embodiment of the present application also provides a resource creation device, the device includes:
  • the determination unit is configured to receive a first request from a terminal through a second thread, and determine a first thread based on the first request; the first request is used to request the creation of a first resource; the first thread is used to process the The first request; the first thread is a child thread of the second thread;
  • the acquiring unit is configured to acquire a first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class through the first thread;
  • the thread provides permission credentials when requesting the cloud server to create the first resource;
  • a sending unit configured to send the first request and the first key to a corresponding cloud server through the first thread, so as to obtain a corresponding request result from the cloud server through the first thread and pass The second thread returns the request result to the terminal.
  • An embodiment of the present application also provides an electronic device, including: a processor and a memory configured to store a computer program that can run on the processor, wherein,
  • the processor is configured to execute the steps of any one of the above methods when running the computer program.
  • the embodiment of the present application also provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the above methods are implemented.
  • the first request of the terminal is received through the second thread, and the first thread is determined based on the first request, wherein the first request is used to request the creation of the first resource, and the first thread is used to process the first request , the first thread is a child thread of the second thread.
  • the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to request the cloud server to create the first resource through the first thread Provide authorization credentials. Send the first request and the first key to the corresponding cloud server through the first thread, so as to obtain the corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
  • the variable storage class of the parent thread can be Quickly obtain the corresponding key, so that the resource creation request can be quickly processed based on the obtained key, which not only realizes the fast transfer of the key, improves the efficiency of key transfer, but also improves the efficiency of processing resource creation requests.
  • the process of processing the resource creation request since the corresponding key does not need to be passed layer by layer, the problem of code redundancy in the background is avoided.
  • FIG. 1 is a schematic diagram of the implementation flow of the resource creation method provided by the embodiment of the present application.
  • FIG. 2 is an implementation flow chart of the resource creation method provided by the application embodiment of the present application
  • FIG. 3 is a schematic diagram of a resource creation device provided by an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a hardware composition structure of an electronic device according to an embodiment of the present application.
  • cloud servers have developed into the infrastructure of enterprise Internet technology architecture today. Enterprises no longer hesitate whether to need cloud servers, but focus on which cloud servers to use. And whether it can give full play to the excellent characteristics of the cloud server.
  • the mainstream public cloud servers on the market have their own characteristics.
  • the multi-cloud management platform can select the appropriate public cloud server according to different needs, and provide one-stop cross-public cloud server resource management services.
  • a user requests to create a cloud resource, it is necessary to call multiple APIs of different cloud servers, and when calling different cloud server APIs, a key needs to be used for authentication. Therefore, the transmission of the key in the backend server essential.
  • the key parameter is explicitly passed. Specifically, each method of communicating with the multi-cloud management platform explicitly receives the key parameter, and the key parameter is passed as a mandatory parameter in the call link, layer by layer. This method is simple and effective, but in the implementation process, the definition of background receiving parameters is complicated, and the code redundancy is high. Since the key parameters are visible during the transfer process, there is a large security risk.
  • Key cache identification transfer method Specifically, after the key is cached in the memory of the cloud server, a corresponding key cache identifier is obtained. Pass the key cache identity within each method of communicating with the multi-cloud management platform. This method improves the security of the key, but because the key cache identifier needs to be passed as a parameter layer by layer, there are still problems in the implementation process, such as complex definition of background receiving parameters and high code redundancy.
  • the thread variable storage class stores the key.
  • the Java Development Kit Java Development Kit
  • the variable storage class is a storage class inside a thread.
  • Data can be stored in the variable storage class corresponding to the specified thread. After the data is stored, only some specific threads can obtain the stored data from the specified thread. After obtaining the identifier of the terminal that initiated the request, query to obtain the corresponding key, and store the key in the variable storage class corresponding to the current thread.
  • Methods that communicate with the multi-cloud management platform fetch keys from the current thread on demand. Since threads run independently, the keys stored in different threads do not affect each other.
  • This method can not only improve the security of the key, but also avoid the problem of background code redundancy.
  • the child thread cannot directly obtain the key stored in the variable storage class corresponding to the parent thread, resulting in inefficient key transfer between the child and parent threads.
  • the thread is usually controlled and reused by the thread pool, and the life cycle of the variable storage class corresponding to the thread ends when the thread is destroyed. Therefore, after the execution of the task in the thread is completed, the key stored in the corresponding variable storage class will always be retained. , which will cause hidden dangers of data interference in the execution of the thread's next task.
  • an embodiment of the present application provides a resource creation method, device, electronic device, and storage medium.
  • the first request of the terminal is received through the second thread, and the first thread is determined based on the first request, wherein the first request uses
  • the first resource is created for the request, the first thread is used to process the first request, and the first thread is a child thread of the second thread.
  • the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to request the cloud server to create the first resource through the first thread Provide authorization credentials.
  • the variable storage class of the parent thread can be Quickly obtain the corresponding key, so that the resource creation request can be quickly processed based on the obtained key, which not only realizes the fast transfer of the key, improves the efficiency of key transfer, but also improves the efficiency of processing resource creation requests. Moreover, in the process of processing the resource creation request, since the corresponding key does not need to be passed layer by layer, the problem of code redundancy in the background is avoided.
  • FIG. 1 is a schematic diagram of the implementation flow of the resource creation method provided by the embodiment of the present application. As shown in Figure 1, the method includes:
  • Step 101 Receive a first request from a terminal through a second thread, and determine a first thread based on the first request; the first request is used to request creation of a first resource; the first thread is used to process the first request A request; the first thread is a child thread of the second thread.
  • the first request of the terminal is received through the second thread, and the first request is used to request creation of the first resource.
  • the second thread is the parent thread and the first thread is the child thread of the second thread.
  • a child thread is assigned to process the first request.
  • the second thread obtains the thread object information of the first thread and returns it to the terminal.
  • the thread object information includes at least a thread identifier, a thread object priority, and a thread state.
  • Step 102 Obtain a first key from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class;
  • the cloud server provides authorization credentials when requesting to create the first resource.
  • the first key is obtained from the variable storage class corresponding to the second thread.
  • the first key is used to provide permission credentials when requesting the cloud server to create the first resource through the first thread.
  • JDK provides an inheritable variable storage class for the first thread.
  • the inheritable variable storage class is a subclass of the variable storage class and has the characteristic of obtaining data from the variable storage class corresponding to the parent thread.
  • the first key is stored in the variable storage class of the second thread
  • the first key is obtained from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class through the first thread.
  • the first key is obtained from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class through the first thread, including:
  • variable storage class gets the first key.
  • the first thread does not directly obtain the first key, but first checks whether the first key stored in the variable storage class corresponding to the second thread is valid Verify. Only when the verification result indicates that the first key is valid, the first key will be obtained from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class.
  • the first key is obtained from the variable storage class corresponding to the second thread only when the first key is verified to be valid, which ensures that the first key obtained by the first thread is valid, so that it can be used for a long time
  • the first request is processed based on the valid first key in the time-consuming and long-term serial processing process, which improves the processing efficiency of the first request and avoids the processing failure caused by the first thread processing the first request based on the invalid first key The problem.
  • the method when the first thread checks whether the first key stored in the variable storage class corresponding to the second thread is valid, the method includes:
  • the verification of whether the first key stored in the variable storage class corresponding to the second thread is valid is mainly by carrying the first key through the first thread every set time length, and requesting to call the set cloud server authentication
  • the API determines whether the first key is valid according to whether the set cloud server authentication API can be called successfully.
  • the set cloud server authentication API is an API specially set for authenticating the key.
  • the first key can not only provide the authorization certificate when requesting the cloud server to create the first resource, but also provide the authorization certificate when requesting to call the set cloud server authentication API. Therefore, if the first key is valid, the set cloud server authentication API can be successfully invoked based on the first key. If the first key is invalid, the set cloud server authentication API cannot be successfully invoked based on the invalid first key because the invalid first key cannot provide authority credentials.
  • the first thread executes the timing detection task based on the key verification tool class, that is, every For a certain period of time, the validity of the first key stored in the variable storage class corresponding to the second thread is verified. Since the opening of the scheduled detection task will increase the memory consumption of the system, it can be opened flexibly according to actual needs.
  • the thread pool performs surrounding enhanced processing for the thread execution execute method.
  • the execute method can record the thread currently executing the task, start a timing detection task for the thread currently executing the task, and regularly obtain the first secret stored in the corresponding variable storage class. The key is checked for validity.
  • the first thread verifies that the first key is invalid, the first thread will notify the second thread to reacquire the first key, and notify the second thread to update the stored first key in the corresponding variable storage class.
  • timing detection tasks for the second thread In practical applications, in other application scenarios, you can configure timing detection tasks for the second thread, and configure key verification tools.
  • the second thread performs the timing detection task based on the key verification tool class, that is, every set period of time, the validity of the key stored in the variable storage class corresponding to the second thread is verified, and the second thread Verify the validity of the keys stored in the variable storage class corresponding to multiple sub-threads, that is, the second thread is responsible for verifying the validity of the keys stored in each activated thread in the current thread pool .
  • Whether the first key is valid is judged by judging whether the cloud server authentication API carrying the first key request is called successfully, and the validity of the first key can be accurately judged. Since the validity of the first key is checked regularly, if the first key becomes invalid, the second thread will reacquire the first key and complete the update operation of the first key, which can ensure that the first key is Valid during the current execution cycle.
  • the method further includes:
  • the thread object information corresponding to the first thread and the first key are stored in the variable storage class corresponding to the first thread in the form of a key-value pair.
  • the thread object information corresponding to the first thread and the first key are stored in the first thread in the form of a Key-Value pair
  • the corresponding variable storage class the thread identifier corresponding to the first thread may be used as a key (Key), and the first key may be used as a value (Value), and stored in the variable storage class corresponding to the first thread in the form of a Key-Value pair.
  • the thread ID of the first thread can be carried in the request, and then the first key corresponding to the thread ID of the first thread can be obtained from the variable storage class corresponding to the first thread.
  • the first key stored in the variable storage class corresponding to the second thread is an encrypted first key, therefore, what the first thread acquires and stores is also an encrypted first key.
  • the encrypted first key is passed between the first thread and the second thread, which ensures the security of the first key.
  • the first thread By storing the corresponding thread object information and the first key in the form of key-value pairs after the first thread obtains the first key, when the first thread processes the first request, it can quickly store the class from the corresponding variable The corresponding first key can be obtained in , so that the first request can be processed quickly, and the processing efficiency is improved.
  • Step 103 Send the first request and the first key to the corresponding cloud server through the first thread, so as to obtain the corresponding request result from the cloud server through the first thread and pass the The second thread returns the request result to the terminal.
  • the first thread After the first thread obtains the first key, it sends the first request and the first key to the corresponding cloud server, so as to obtain the corresponding request result from the cloud server through the first thread and send the request result to the cloud server through the second thread. return to the terminal.
  • the background is configured with a cloud resource creation tool class, and the first thread invokes the cloud resource creation tool class to create the first resource.
  • a Key-Value pair is stored in the variable storage class corresponding to the first thread
  • the Key value stored in the variable storage class corresponding to the first thread -Value pair to find the corresponding first key.
  • use the RSA algorithm to decrypt the encrypted first key to obtain the decrypted first key.
  • the first thread passes the decrypted first key to the cloud resource creation tool class, and the cloud resource creation tool class carries the decrypted first key and the first request to request the corresponding cloud server.
  • the cloud server After the cloud server completes relevant authentication with the decrypted first key, it returns the request result corresponding to the first request to the cloud resource creation tool class, and the cloud resource creation tool class returns the corresponding request result to the first thread, and the first thread After receiving the corresponding request result and performing necessary warehousing processing operations, the corresponding request result is returned to the second thread, and finally the second thread returns the corresponding request result to the terminal.
  • variable storage class corresponding to the first thread If there is no Key-Value pair stored in the variable storage class corresponding to the first thread, a null value "null" is returned, and the variable storage class corresponding to the first thread is inherited from the variable storage class corresponding to the second thread. Get the first key.
  • variable storage class corresponding to the first thread does not store other keys.
  • the first thread obtains it from the variable storage class corresponding to the second thread.
  • the first key is stored concurrently, that is to say, the Key-Value pair stored in the variable storage class corresponding to the first thread is a Key-Value pair only related to the first key. Therefore, when the key is searched from the stored Key-Value pair according to the thread object information of the first thread, such as the thread ID, no other keys will be found, only the first key will be found.
  • the first request carries a first identifier, and the first identifier represents the identifier of the terminal that initiated the first request; the variable storage class corresponding to the second thread does not store any
  • the method includes:
  • the first request carries a first identifier
  • the first identifier represents the identifier of the terminal that initiates the first request.
  • the first request may be a hypertext transfer protocol (HTTP, Hyper Text Transfer Protocol) request
  • HTTP request carries a terminal identifier.
  • the first thread can obtain the first key from the second thread. If the variable storage class corresponding to the second thread does not store the first key, then the second thread needs to perform the operation of obtaining the first key. Specifically, the second thread obtains the first key from the The first key corresponding to the first identifier is obtained from the set database, and then the obtained first key is stored in the variable storage class corresponding to the second thread. Wherein, keys corresponding to various terminal identifiers are pre-stored in the set database.
  • the first key that matches the first request can be accurately obtained, and it is also convenient for the first thread to quickly obtain the corresponding variable storage class from the second thread. Get the first key from .
  • the method when storing the first key in the variable storage class corresponding to the second thread, the method includes:
  • the second thread After the second thread obtains the first key from the setting database, it encrypts the first key through the RSA algorithm to obtain the encrypted first key.
  • the public key and private key in the RSA algorithm are generated by default after the variable storage class corresponding to the second thread obtains the key.
  • the thread object information corresponding to the second thread and the encrypted first key are stored in the variable storage class corresponding to the second thread in the form of a Key-Value pair.
  • the thread identifier corresponding to the second thread may be used as a Key
  • the encrypted first key may be used as a Value, and stored in the form of a Key-Value pair in a variable storage class corresponding to the second thread.
  • you need to obtain the encrypted first key you can carry the thread ID of the second thread in the request, and then obtain the encrypted first key corresponding to the thread ID of the second thread from the variable storage class corresponding to the second thread. key.
  • the method also includes:
  • the first thread After obtaining the corresponding request result from the cloud server through the first thread, after the first thread performs necessary storage processing operations on the request result, and passes the request result to the second thread, the first thread The processing of a request has been completed.
  • the thread object information corresponding to the first thread the key-value pair corresponding to the first key in the variable storage class corresponding to the first thread is deleted.
  • the task of the second thread has been executed this time.
  • the thread object information corresponding to the second thread delete the variable storage corresponding to the second thread The key-value pair corresponding to the first key in the class.
  • the thread pool task execution class (TaskExecutor) can be used to clear the key-value pair corresponding to the first key stored in the corresponding variable storage class after the task corresponding to each thread is executed.
  • FIG. 2 is a flow chart of the implementation of the resource creation method provided by the application embodiment of the present application, as shown in Figure 2:
  • the second thread After the terminal initiates the first request for creating the first resource, the second thread, that is, the parent thread, allocates a first thread to process the first request initiated by the terminal.
  • the second thread acquires the thread object information corresponding to the first thread and returns it to the terminal.
  • a timing detection task can be configured for the second thread, and the validity of the key stored in the variable storage class corresponding to each thread in the thread pool can be detected by the second thread.
  • the first key is stored in the variable storage class corresponding to the second thread, the first key is obtained from the variable storage class corresponding to the second thread through the first thread based on the corresponding inheritable variable storage class. If the first key is not stored in the variable storage class corresponding to the second thread, the operation of obtaining the first key is performed through the second thread, that is, based on the first identifier carried in the first request, from the set Obtain the first key corresponding to the first identifier from the database, encrypt the first key through the RSA algorithm, and store the thread object information corresponding to the second thread and the encrypted first key in the form of key-value pairs To the variable storage class corresponding to the second thread. At this time, the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class.
  • the first thread After the first thread obtains the first key, it calls the method to create the first resource, specifically, calls the cloud resource creation tool class, obtains the encrypted first key from the variable storage class corresponding to the first thread, and obtains the encrypted After the first key, the encrypted first key is decrypted, and the decrypted first key is passed to the cloud resource creation tool class.
  • the cloud resource creation tool class carries the first request and the decrypted first key, and requests the corresponding cloud server.
  • the cloud server After the cloud server completes relevant authentication using the decrypted first key, it returns the request result corresponding to the first request to the cloud resource creation tool class.
  • the cloud resource creation tool class returns the corresponding request result to the first thread.
  • the first thread returns the corresponding request result to the second thread after receiving the corresponding request result and performing necessary storage processing operations.
  • the key-value pair corresponding to the first key stored in the variable storage class corresponding to the first thread is cleared.
  • the second thread returns the corresponding request result to the terminal. After the second thread returns the corresponding request result to the terminal, the key-value pair corresponding to the first key stored in the variable storage class corresponding to the second thread is cleared.
  • Set parameters such as the number of threads and the number of queues to generate a fixed-length thread pool.
  • the number of threads can be set to 2 to generate a thread pool containing 2 threads.
  • a thread is allocated from the thread pool to process the resource creation request initiated by the terminal.
  • the key can be stored in the variable storage class corresponding to the parent thread. Any data can be stored in the variable storage class corresponding to each thread, and the type of data stored in the variable storage class corresponding to each thread can be set as generic.
  • the corresponding key is stored in the variable storage class corresponding to the parent thread of the current thread processing the terminal request, the corresponding key is obtained from the variable storage class corresponding to the parent thread. If the corresponding key is not stored in the variable storage class corresponding to the parent thread of the current thread, the parent thread performs related operations to obtain the corresponding key, that is, obtains the terminal ID carried in the request initiated by the terminal, and based on the terminal ID in the setting Obtain the corresponding key from the specified database. After the corresponding key is stored in the variable storage class corresponding to the parent thread, the current thread obtains the corresponding key from the variable storage class corresponding to the parent thread based on the corresponding inheritable variable storage class.
  • the first request of the terminal is received through the second thread, and the first thread is determined based on the first request, wherein the first request is used to request the creation of the first resource, and the first thread is used to process the first request , the first thread is a child thread of the second thread.
  • the first thread obtains the first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class, wherein the first key is used to request the cloud server to create the first resource through the first thread Provide authorization credentials. Send the first request and the first key to the corresponding cloud server through the first thread, so as to obtain the corresponding request result from the cloud server through the first thread and return the request result to the terminal through the second thread.
  • the variable storage class of the parent thread can be Quickly obtain the corresponding key, so that the resource creation request can be quickly processed based on the obtained key, which not only realizes the fast transfer of the key, improves the efficiency of key transfer, but also improves the efficiency of processing resource creation requests.
  • the process of processing the resource creation request since the corresponding key does not need to be passed layer by layer, the problem of code redundancy in the background is avoided.
  • Figure 3 is a schematic diagram of the resource creation device provided in the embodiment of the present application. As shown in Figure 3, the device includes:
  • the determining unit 301 is configured to receive a first request from a terminal through a second thread, and determine a first thread based on the first request; the first request is used to request creation of a first resource; the first thread is used to process The first request; the first thread is a child thread of the second thread.
  • the acquiring unit 302 is configured to acquire a first key from the variable storage class corresponding to the second thread based on the corresponding inheritable variable storage class through the first thread; A thread provides permission credentials when requesting the cloud server to create the first resource.
  • the sending unit 303 is configured to send the first request and the first key to a corresponding cloud server through the first thread, so as to obtain a corresponding request result from the cloud server through the first thread and Returning the request result to the terminal through the second thread.
  • the first request carries a first identifier
  • the first identifier represents the identifier of the terminal that initiated the first request
  • the device further includes: a storage unit configured to:
  • the storage unit is further configured as:
  • the storage unit is further configured to store the thread object information corresponding to the first thread and the first key in the form of a key-value pair in a variable storage class corresponding to the first thread.
  • the device further includes: a deletion unit configured to:
  • the acquiring unit 302 is further configured to:
  • variable storage class gets the first key.
  • the device further includes: a judging unit configured to:
  • the determining unit 301, the acquiring unit 302, the sending unit 303, the storing unit, the deleting unit, and the judging unit may be implemented by a processor in the terminal, such as a central processing unit (CPU) , Central Processing Unit), digital signal processor (DSP, Digital Signal Processor), micro control unit (MCU, Microcontroller Unit) or programmable gate array (FPGA, Field-Programmable Gate Array) and other implementations.
  • a processor in the terminal such as a central processing unit (CPU) , Central Processing Unit), digital signal processor (DSP, Digital Signal Processor), micro control unit (MCU, Microcontroller Unit) or programmable gate array (FPGA, Field-Programmable Gate Array) and other implementations.
  • CPU central processing unit
  • DSP Digital Signal Processor
  • MCU Microcontroller Unit
  • FPGA Field-Programmable Gate Array
  • the resource creation device provided in the above embodiment displays information, it only uses the division of the above-mentioned program modules as an example for illustration. In practical applications, the above-mentioned processing allocation can be completed by different program modules according to needs. That is, the internal structure of the device is divided into different program modules to complete all or part of the processing described above.
  • the resource creation device provided by the above embodiment and the resource creation method embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.
  • FIG. 4 is a schematic diagram of the hardware composition structure of the electronic device provided by the embodiment of the present application. As shown in FIG. 4, the electronic device includes:
  • Communication interface 401 capable of information interaction with other devices such as network devices;
  • the processor 402 is connected to the communication interface 401 to implement information interaction with other devices, and is used to execute the methods provided by one or more technical solutions on the terminal side when running a computer program. Instead, the computer program is stored on the memory 403 .
  • the processor 402 is configured to receive a first request from a terminal through a second thread, and determine a first thread based on the first request; the first request is used to request creation of a first resource; the first request A thread is used to process the first request; the first thread is a child thread of the second thread;
  • the first key is used to request the cloud server through the first thread Provide permission credentials when creating the first resource;
  • the first request carries a first identifier, and the first identifier represents the identifier of the terminal that initiated the first request; the variable storage class corresponding to the second thread does not store any In the case of the first key, the processor 402 is further configured to:
  • the processor 402 when storing the first key in the variable storage class corresponding to the second thread, is further configured to:
  • the processor 402 is further configured to The thread object information corresponding to the first thread and the first key are stored in the variable storage class corresponding to the first thread in the form of a key-value pair.
  • the processor 402 is further configured to:
  • the processor 402 is further configured to:
  • variable storage class gets the first key.
  • the processor 402 when checking whether the first key stored in the variable storage class corresponding to the second thread is valid through the first thread, the processor 402 is further configured to:
  • bus system 404 is configured to enable connection communication between these components.
  • bus system 404 also includes a power bus, a control bus and a status signal bus.
  • the various buses are labeled as bus system 404 in FIG. 4 .
  • the memory 403 in the embodiment of the present application is configured to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program used to operate on an electronic device.
  • the memory 403 may be a volatile memory or a non-volatile memory, and may also include both volatile and non-volatile memories.
  • the non-volatile memory can be read-only memory (ROM, Read Only Memory), programmable read-only memory (PROM, Programmable Read-Only Memory), erasable programmable read-only memory (EPROM, Erasable Programmable Read-Only Memory) Only Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), Magnetic Surface Memory , CD, or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage.
  • the volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache.
  • RAM random access memory
  • RAM Random Access Memory
  • many forms of RAM are available, such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory Memory (DRAM, Dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, Synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory ).
  • the memory 403 described in the embodiment of the present application is intended to include but not limited to these and any other suitable types of memory.
  • the methods disclosed in the foregoing embodiments of the present application may be applied to the processor 402 or implemented by the processor 402 .
  • the processor 402 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 402 or instructions in the form of software.
  • the aforementioned processor 402 may be a general-purpose processor, DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the processor 402 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, and the storage medium is located in the memory 403, and the processor 402 reads the program in the memory 403, and completes the steps of the aforementioned method in combination with its hardware.
  • the embodiment of the present application also provides a storage medium, that is, a computer storage medium, specifically a computer-readable storage medium, for example, including a memory 403 storing a computer program, and the above-mentioned computer program can be executed by the processor 402, To complete the steps described in the aforementioned method.
  • the computer-readable storage medium can be memories such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, or CD-ROM.
  • the disclosed device, terminal and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division.
  • the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be electrical, mechanical or other forms of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or distributed to multiple network units; Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application can be integrated into one processing unit, or each unit can be used as a single unit, or two or more units can be integrated into one unit; the above-mentioned integration
  • the unit can be realized in the form of hardware or in the form of hardware plus software functional unit.
  • the above-mentioned integrated units of the present application are realized in the form of software function modules and sold or used as independent products, they can also be stored in a computer-readable storage medium.
  • the technical solution of the embodiment of the present application is essentially or the part that contributes to the prior art can be embodied in the form of a software product.
  • the computer software product is stored in a storage medium and includes several instructions for Make an electronic device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: various media capable of storing program codes such as removable storage devices, ROM, RAM, magnetic disks or optical disks.
  • first”, “second”, etc. are used to distinguish similar objects, and not necessarily used to describe a specific order or sequence.
  • the term “and/or” is just an association relationship describing associated objects, which means that there can be three relationships, for example, A and/or B can mean: A exists alone, A and B exist at the same time, and B exists alone. three conditions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Sont divulgués dans la présente demande un procédé et un appareil de création de ressources, ainsi qu'un dispositif électronique et un support de stockage. Le procédé consiste à : recevoir une première requête d'un terminal au moyen d'un second fil et déterminer un premier fil sur la base de la première requête, la première requête étant utilisée pour demander la création d'une première ressource, le premier fil étant utilisé pour traiter la première requête et le premier fil étant un sous-fil du second fil ; au moyen du premier fil et sur la base d'une classe de stockage de variable héritable correspondante, acquérir une première clé à partir d'une classe de stockage de variable qui correspond au second fil, la première clé étant utilisée pour fournir un certificat d'autorisation lors de la requête, au moyen du premier fil, de la création de la première ressource par un serveur en nuage ; et envoyer la première requête et la première clé au serveur en nuage correspondant au moyen du premier fil, de telle sorte qu'un résultat de requête correspondant soit obtenu à partir du serveur en nuage au moyen du premier fil et le résultat de requête est renvoyé au terminal au moyen du second fil.
PCT/CN2022/112745 2021-11-25 2022-08-16 Procédé et appareil de création de ressources et dispositif électronique et support de stockage WO2023093139A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111415947.5A CN116166409A (zh) 2021-11-25 2021-11-25 一种资源创建方法、装置、电子设备及存储介质
CN202111415947.5 2021-11-25

Publications (1)

Publication Number Publication Date
WO2023093139A1 true WO2023093139A1 (fr) 2023-06-01

Family

ID=86418767

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/112745 WO2023093139A1 (fr) 2021-11-25 2022-08-16 Procédé et appareil de création de ressources et dispositif électronique et support de stockage

Country Status (2)

Country Link
CN (1) CN116166409A (fr)
WO (1) WO2023093139A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080147915A1 (en) * 2006-09-29 2008-06-19 Alexander Kleymenov Management of memory buffers for computer programs
CN104301102A (zh) * 2013-07-19 2015-01-21 ***通信集团北京有限公司 Widget通信方法、装置及***
CN112015663A (zh) * 2020-09-15 2020-12-01 平安银行股份有限公司 测试数据录制方法、装置、设备及介质
CN113296798A (zh) * 2021-05-31 2021-08-24 腾讯科技(深圳)有限公司 一种服务部署方法、装置及可读存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080147915A1 (en) * 2006-09-29 2008-06-19 Alexander Kleymenov Management of memory buffers for computer programs
CN104301102A (zh) * 2013-07-19 2015-01-21 ***通信集团北京有限公司 Widget通信方法、装置及***
CN112015663A (zh) * 2020-09-15 2020-12-01 平安银行股份有限公司 测试数据录制方法、装置、设备及介质
CN113296798A (zh) * 2021-05-31 2021-08-24 腾讯科技(深圳)有限公司 一种服务部署方法、装置及可读存储介质

Also Published As

Publication number Publication date
CN116166409A (zh) 2023-05-26

Similar Documents

Publication Publication Date Title
US10708051B2 (en) Controlled access to data in a sandboxed environment
WO2021003980A1 (fr) Procédé et appareil de partage de liste noire, dispositif informatique et support de stockage
US11711222B1 (en) Systems and methods for providing authentication to a plurality of devices
EP3198500B1 (fr) Calcul de confiance
RU2691211C2 (ru) Технологии для обеспечения сетевой безопасности через динамически выделяемые учетные записи
US8838961B2 (en) Security credential deployment in cloud environment
KR101720160B1 (ko) 인간의 개입이 없는 어플리케이션들을 위한 인증 데이터베이스 커넥티비티
JP5711840B1 (ja) リレーショナルデータベースを内在するカーネルプログラム、方法及び装置
WO2017124960A1 (fr) Procédé et dispositif permettant à un programme d'application d'accéder à une interface, et procédé et dispositif permettant à un programme d'application de demander une autorisation
WO2022237123A1 (fr) Procédé et appareil d'acquisition de données de chaîne de blocs, dispositif électronique et support de stockage
US11108811B2 (en) Methods and devices for detecting denial of service attacks in secure interactions
US10536271B1 (en) Silicon key attestation
WO2021003977A1 (fr) Procédé et appareil de demande d'informations par défaut, et dispositif informatique et support d'informations
CN109347839B (zh) 集中式密码管理方法、装置、电子设备及计算机存储介质
WO2022105462A1 (fr) Procédé et système d'authentification multiple de base de données, terminal, et support de stockage
CN109831435B (zh) 一种数据库操作方法、***及代理服务器和存储介质
CN109842616B (zh) 账号绑定方法、装置及服务器
JP2009543211A (ja) 汎用管理構造を使用するコンテンツ管理システムおよび方法
WO2019210471A1 (fr) Procédé d'invocation de données et appareil d'invocation de données
TW201430608A (zh) 單點登入系統及方法
CN110602051B (zh) 基于共识协议的信息处理方法及相关装置
US11893105B2 (en) Generating and validating activation codes without data persistence
WO2023093139A1 (fr) Procédé et appareil de création de ressources et dispositif électronique et support de stockage
CN116244682A (zh) 数据库的访问方法、装置、设备以及存储介质
CN111292082A (zh) 一种块链式账本中的公钥管理方法、装置及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22897234

Country of ref document: EP

Kind code of ref document: A1