CN104394141A - Unified authentication method based on distributed file system - Google Patents
Unified authentication method based on distributed file system Download PDFInfo
- Publication number
- CN104394141A CN104394141A CN201410677562.XA CN201410677562A CN104394141A CN 104394141 A CN104394141 A CN 104394141A CN 201410677562 A CN201410677562 A CN 201410677562A CN 104394141 A CN104394141 A CN 104394141A
- Authority
- CN
- China
- Prior art keywords
- user
- file system
- distributed file
- server
- tgt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明公开了一种基于分布式文件系统的统一认证方法,以解决分布式文件系统下多业务域的统一权限管理问题,本发明方法分为三个层次:统一认证模块、文件资源、访问文件系统的用户。当用户访问分布式文件系统时,在客户端输入用户名和密码,通过统一的接口映射到名字节点的统一认证模块,实现权限认证。认证模块首先查寻该用户是否存在,如果用户不存在则返回登录失败;如果用户查寻比对成功,则返回一张凭证,只要用户访问进程没有结束,用户可以携带该凭证访问不同业务系统之间的文件资源。本发明能够实现分布式文件系统下多业务域的统一权限管理,极大方便了用户使用及管理。
The invention discloses a unified authentication method based on a distributed file system to solve the problem of unified authority management of multiple business domains under the distributed file system. The method of the invention is divided into three levels: unified authentication module, file resources, and access files users of the system. When a user accesses the distributed file system, the user enters the user name and password on the client, and maps to the unified authentication module of the name node through a unified interface to realize authority authentication. The authentication module first checks whether the user exists, and if the user does not exist, it will return a login failure; if the user search and comparison is successful, it will return a credential, as long as the user access process is not over, the user can carry the credential to access between different business systems file resource. The invention can realize the unified authority management of multiple business domains under the distributed file system, which greatly facilitates the use and management of users.
Description
技术领域technical field
本发明涉及一种用户登录分布式文件系统时的统一认证方法,属于用户信息安全领域。The invention relates to a unified authentication method when a user logs into a distributed file system, belonging to the field of user information security.
背景技术Background technique
随着信息科技的创新和信息化水平的提高,人们追求更高效的计算和存储能力。分布式文件系统恰好能满足人们对于海量数据的存储和计算需求。以大规模服务器集群组成的分布式文件系统逐渐成为主流的计算和存储平台。在分布式文件系统的环境下,文件资源分散地存储在个服务器中,由中心服务器节点来控制各文件的寻址与读取。从文件的物理存储方面看,文件资源的读写权限由中心节点控制,但是从业务逻辑上看,每个文件资源分属于不同的业务系统,每个业务系统都有自己独立的登录和权限管理。因此,在分布式文件系统中,存在多个业务域之间的权限管理问题。With the innovation of information technology and the improvement of informatization level, people pursue more efficient computing and storage capabilities. The distributed file system can just meet people's storage and computing needs for massive data. The distributed file system composed of large-scale server clusters has gradually become the mainstream computing and storage platform. In the environment of the distributed file system, the file resources are distributedly stored in each server, and the addressing and reading of each file is controlled by the central server node. From the perspective of physical storage of files, the read and write permissions of file resources are controlled by the central node, but from the perspective of business logic, each file resource belongs to different business systems, and each business system has its own independent login and permission management . Therefore, in a distributed file system, there is a problem of rights management between multiple business domains.
相关的现有技术主要有Acegi框架、基于RBAC(role based access control)的访问控制;其中,Acegi是一个能为基于Spring的企业应用提供灵活安全访问控制解决方案的框架。Acegi通过多个不同用途的过滤器对URL资源进行保护,在请求受保护的URL资源前,Acegi的Servlet过滤器判断用户是否有权访问目标资源。并且通过Spring AOP对容器中的Bean的受控方法进行拦截,只有领域对象被授权时,用户才可以使用Bean方法对领域对象进行处理。由此可知,Acegi中的授权是基于角色的授权,方便地实现基于角色的访问控制。Acegi框架的不足之处在于,基于Acegi的访问控制较为适用于Web资源,该框架的可扩展性较差,不适用于大规模的分布式文件系统。Related existing technologies mainly include Acegi framework and access control based on RBAC (role based access control); among them, Acegi is a framework that can provide flexible security access control solutions for Spring-based enterprise applications. Acegi protects URL resources through multiple filters for different purposes. Before requesting a protected URL resource, Acegi's Servlet filter determines whether the user has the right to access the target resource. And the controlled method of the Bean in the container is intercepted through Spring AOP. Only when the domain object is authorized, the user can use the Bean method to process the domain object. It can be seen that the authorization in Acegi is role-based authorization, which facilitates role-based access control. The disadvantage of the Acegi framework is that the access control based on Acegi is more suitable for Web resources, and the scalability of the framework is poor, so it is not suitable for large-scale distributed file systems.
基于RBAC的访问控制是根据具体的安全策略划分出不同的角色,对每个角色分配不同的操作许可,用户通过被赋予不同的角色而获得角色所拥有的访问控制权,实现对信息资源的间接访问。基于RBAC的访问控制引入角色的概念,目的是为了隔离用户与权限,角色作为一个代理层,耦合了用户和权限的关系,所有的授权应该给予角色而不是给用户。为了方便对资源的管理,同时体现资源的层次关系,基于RBAC的访问控制增加了资源组的概念,可以映射组织结构所对应的业务范围。基于RBAC的访问控制的不足之处在于,用户增多时会带来管理工作量急剧增大,而且用户在不同时间可能会是不同的角色,在用户角色赋予方面存在动态控制的问题。RBAC-based access control divides different roles according to specific security policies, assigns different operation permissions to each role, and users obtain access control rights owned by roles by being assigned different roles, realizing indirect access to information resources. access. RBAC-based access control introduces the concept of roles for the purpose of isolating users and permissions. As a proxy layer, roles couple the relationship between users and permissions. All authorizations should be given to roles rather than to users. In order to facilitate the management of resources and reflect the hierarchical relationship of resources, RBAC-based access control adds the concept of resource groups, which can map the business scope corresponding to the organizational structure. The disadvantage of RBAC-based access control is that when the number of users increases, the management workload will increase sharply, and users may have different roles at different times, so there is a problem of dynamic control in terms of user role assignment.
发明内容Contents of the invention
为了解决上述问题,本发明提供了一种一种基于分布式文件系统的统一认证方法,以实现分布式文件系统下多业务域的统一权限管理。当用户登录到某一业务系统后,再使用其他业务系统的文件资源时,无需进行再次认证,给用户带来极大的方便。In order to solve the above problems, the present invention provides a unified authentication method based on a distributed file system, so as to realize unified authority management of multiple business domains under the distributed file system. When a user logs in to a certain business system and then uses file resources of other business systems, no re-authentication is required, which brings great convenience to the user.
本发明基于的原理是,通常分布式文件系统包含一个元数据服务器名字节点和大量数据存储服务器数据节点。名字节点负责管理文件资源的元数据信息。元数据由三部分组成,分别是文件系统目录树信息、文件和文件所拆分的数据块的对应关系、数据块在数据节点上的分布位置信息。存储在分布式文件系统的文件资源被拆成同样大小的数据块,这些数据块将会复制存储到多个数据节点中。本发明所提出的统一认证方法是运用于分布式文件系统中,解决分属于不同业务系统的文件资源之间权限管理的问题。The principle of the present invention is that, generally, a distributed file system includes a metadata server name node and a large number of data storage server data nodes. The name node is responsible for managing the metadata information of file resources. Metadata consists of three parts, which are file system directory tree information, correspondence between files and data blocks split from files, and distribution position information of data blocks on data nodes. File resources stored in the distributed file system are split into data blocks of the same size, and these data blocks will be copied and stored in multiple data nodes. The unified authentication method proposed by the present invention is applied in a distributed file system to solve the problem of authority management among file resources belonging to different business systems.
本方法分为三个层次:第一层是统一认证模块,在业务层上实现文件资源的访问权限认证;第二层是文件资源,即存储在各数据节点中的数据块;最后一层是访问文件系统的用户。当用户访问分布式文件系统时,在客户端输入用户名和密码,通过统一的接口映射到名字节点的统一认证模块,实现权限认证。认证模块首先查寻该用户是否存在,如果用户不存在则返回登录失败;如果用户查寻比对成功,则返回一张凭证,只要用户访问进程没有结束,用户可以携带该凭证访问不同业务系统之间的文件资源。This method is divided into three levels: the first level is a unified authentication module, which realizes the access authority authentication of file resources on the business layer; the second level is file resources, that is, data blocks stored in each data node; the last level is The user accessing the file system. When a user accesses the distributed file system, the user enters the user name and password on the client, and maps to the unified authentication module of the name node through a unified interface to realize authority authentication. The authentication module first checks whether the user exists, and if the user does not exist, it will return a login failure; if the user search and comparison is successful, it will return a credential, as long as the user access process is not over, the user can carry the credential to access between different business systems file resource.
本发明所提出的统一认证方法具体方案如下:The specific scheme of the unified authentication method proposed by the present invention is as follows:
在分布式文件系统中部署LDAP(Lightweight Directory Access Protocol轻量级目录访问协议)服务器和CAS(Central Authentication Service中心认证服务)服务器,使CAS服务器和LDAP服务器能够双向读取和存储数据;Deploy LDAP (Lightweight Directory Access Protocol) server and CAS (Central Authentication Service) server in the distributed file system, so that the CAS server and LDAP server can bidirectionally read and store data;
用户通过Web应用服务进程访问分布式文件系统时,检查该用户的会话是否存在,如果不存在则重新定向到CAS服务器端,检查TGT(Ticket Granting Ticket用户身份认证凭证票据),若TGT不存在或者TGT错误则需要用户重新登录,用户输入了用户名和密码后,在LDAP服务器进行统一认证单点登录;When a user accesses the distributed file system through the Web application service process, check whether the user's session exists, if not, redirect to the CAS server, check the TGT (Ticket Granting Ticket user authentication certificate ticket), if the TGT does not exist or TGT error requires the user to log in again. After the user enters the user name and password, the unified authentication single sign-on is performed on the LDAP server;
LDAP认证完成后,CAS返回给用户合法的TGT和ST(Service Ticket服务许可凭证票据),根据用户的当前的Web应用服务进程重新定向到分布式文件系统中。分布式文件系统接收到返回的ST,还要由CAS服务器认证ST的合法有效性,如果合法有效则确认用户可以访问该分布式文件系统中资源。After the LDAP authentication is completed, the CAS returns to the user the legal TGT and ST (Service Ticket) and redirects them to the distributed file system according to the user's current Web application service process. After the distributed file system receives the returned ST, the CAS server must also verify the validity of the ST. If it is legal and valid, it will confirm that the user can access the resources in the distributed file system.
当用户获得访问分布式文件系统中一个业务系统的权限后,当该用户访问其他业务系统的文件资源时,用户访问进程只需提供ST,被访问的业务系统把接收到的ST重定向到CAS服务器,验证合法性和是否过期,若ST不存在或者ST过期,则返回校验TGT,如果TGT合法则CAS重新授予用户一张ST。After the user obtains the permission to access a business system in the distributed file system, when the user accesses the file resources of other business systems, the user access process only needs to provide ST, and the accessed business system redirects the received ST to CAS The server verifies the legitimacy and whether it has expired. If the ST does not exist or the ST has expired, it will return a verification TGT. If the TGT is valid, the CAS will re-grant the user a ST.
进一步,在用户/用户组,角色/权限分配设计方面,LDAP是以树状结构存储数据,树的分支末尾是访问文件资源的用户,在存储用户实体的时候考虑角色划分的问题。为了方便管理用户,让LDAP的用户组和访问文件资源的用户角色相映射,即采用双组划分,用户/用户组对应角色,角色对应权限相互映射。Furthermore, in terms of user/user group, role/authority assignment design, LDAP stores data in a tree structure, and the end of the branch of the tree is the user who accesses the file resource, and considers the problem of role division when storing user entities. In order to facilitate user management, LDAP user groups and user roles for accessing file resources are mapped, that is, two-group division is adopted, users/user groups correspond to roles, and roles correspond to permissions.
通过采用本发明方法,能够实现分布式文件系统下多业务域的统一权限管理,即当用户登录到某一业务系统后,再使用其他业务系统的文件资源时,无需进行再次认证,统一认证模块的实现,减少分布式文件系统中独立认证模块的开发,节省人力和财力资源;采取LDAP服务器和CAS服务器相结合的方式,可大大降低数据存储的重复性和减少占用网络资源;本发明采用双组划分,实现用户/用户组对应角色,角色对应权限相互映射,大大方便了用户管理。By adopting the method of the present invention, the unified authority management of multiple business domains under the distributed file system can be realized, that is, when the user logs in to a certain business system and then uses the file resources of other business systems, there is no need to re-authenticate, and the unified authentication module The implementation of the distributed file system reduces the development of independent authentication modules, saving manpower and financial resources; adopting the combination of LDAP server and CAS server can greatly reduce the repetition of data storage and reduce the occupation of network resources; the present invention adopts dual Group division realizes the corresponding roles of users/user groups, and the mutual mapping of roles and permissions, which greatly facilitates user management.
附图说明Description of drawings
图1是本发明方法的实现流程图。Fig. 1 is the realization flowchart of the method of the present invention.
具体实施方式Detailed ways
下面结合附图和实施例对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.
本发明方法的流程如图1所示,在分布式文件系统中部署LDAP服务器和CAS服务器,使CAS服务器和LDAP服务器能够双向读取和存储数据;The flow process of the inventive method is as shown in Figure 1, deploys LDAP server and CAS server in distributed file system, makes CAS server and LDAP server bidirectionally read and store data;
用户通过Web应用服务进程访问分布式文件系统时,检查该用户的会话是否存在,如果不存在则重定向到CAS服务器端,检查TGT,若TGT不存在或者TGT错误则需要用户重新登录,用户输入了用户名和密码后,在LDAP服务器进行统一认证单点登录;When a user accesses the distributed file system through the web application service process, check whether the user's session exists. If not, redirect to the CAS server and check the TGT. If the TGT does not exist or the TGT is wrong, the user needs to log in again. The user enters After entering the user name and password, perform unified authentication single sign-on on the LDAP server;
LDAP服务器和CAS服务器能够双向读取和存储数据。LDAP认证完成后,CAS返回给用户合法的TGT和ST,根据用户的当前的Web应用服务进程重新定向到文件系统中。文件系统接收到返回的ST,还要由CAS服务器认证ST的合法有效性,如果合法有效则确认用户可以访问资源。LDAP server and CAS server can bidirectionally read and store data. After the LDAP authentication is completed, the CAS returns the legal TGT and ST to the user, and redirects them to the file system according to the user's current Web application service process. After the file system receives the returned ST, the CAS server needs to verify the legal validity of the ST, and if it is legal and valid, it will confirm that the user can access the resource.
当用户获得访问其中一个业务系统的权限后,当该用户访问其他业务系统的文件资源时,用户访问进程只需提供ST,被访问的业务系统把接收到的ST重定向到CAS服务器,验证合法性和是否过期,若ST不存在或者ST过期,则返回校验TGT,如果TGT合法则CAS重新授予用户一张ST。After the user obtains the permission to access one of the business systems, when the user accesses the file resources of other business systems, the user access process only needs to provide ST, and the accessed business system redirects the received ST to the CAS server to verify the legality and whether it is expired, if the ST does not exist or the ST has expired, the verification TGT will be returned, and if the TGT is valid, the CAS will re-grant the user an ST.
在用户/用户组,角色/权限分配设计方面,LDAP是以树状结构存储数据,树的分支末尾是访问文件资源的用户,在存储用户实体的时候考虑角色划分的问题。为了方便管理用户,让LDAP的用户组和访问文件资源的用户角色相映射,即采用双组划分,用户/用户组对应角色,角色对应权限相互映射。In terms of user/user group, role/authority assignment design, LDAP stores data in a tree structure, and the end of the branch of the tree is the user who accesses the file resource. When storing user entities, the problem of role division is considered. In order to facilitate user management, LDAP user groups and user roles for accessing file resources are mapped, that is, two-group division is adopted, users/user groups correspond to roles, and roles correspond to permissions.
本发明不限于上述实施例,一切采用等同替换或等效替换形成的技术方案均属于本发明要求保护的范围。The present invention is not limited to the above-mentioned embodiments, and all equivalent replacements or technical solutions formed by equivalent replacements fall within the protection scope of the present invention.
Claims (2)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410677562.XA CN104394141A (en) | 2014-11-21 | 2014-11-21 | Unified authentication method based on distributed file system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410677562.XA CN104394141A (en) | 2014-11-21 | 2014-11-21 | Unified authentication method based on distributed file system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104394141A true CN104394141A (en) | 2015-03-04 |
Family
ID=52611977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410677562.XA Pending CN104394141A (en) | 2014-11-21 | 2014-11-21 | Unified authentication method based on distributed file system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104394141A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430014A (en) * | 2015-12-30 | 2016-03-23 | 福建亿榕信息技术有限公司 | Single sign on method and system |
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
| CN105653910A (en) * | 2015-12-28 | 2016-06-08 | 芜湖美智空调设备有限公司 | User access system control method and device |
| CN106375334A (en) * | 2016-09-28 | 2017-02-01 | 郑州云海信息技术有限公司 | An Authentication Method for Distributed System |
| CN106933984A (en) * | 2017-02-20 | 2017-07-07 | 周长英 | The dispatching method and system of a kind of distributed file system |
| CN107483466A (en) * | 2017-08-30 | 2017-12-15 | 郑州云海信息技术有限公司 | User login verification method and device in web application |
| CN107911379A (en) * | 2017-11-29 | 2018-04-13 | 链家网(北京)科技有限公司 | A kind of CAS Server |
| CN108040072A (en) * | 2018-01-22 | 2018-05-15 | 公安部交通管理科学研究所 | The system and method for mobile Internet APP single-sign-ons under distributed network |
| CN108780475A (en) * | 2016-03-31 | 2018-11-09 | 微软技术许可有限责任公司 | Personalized inference certification for virtually assisting |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN110414257A (en) * | 2018-04-26 | 2019-11-05 | 中移(苏州)软件技术有限公司 | A data access method and server |
| CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
| CN111898149A (en) * | 2020-08-05 | 2020-11-06 | 湖南优美科技发展有限公司 | User management system and method for multiple organizations |
| CN112104668A (en) * | 2020-11-10 | 2020-12-18 | 成都掌控者网络科技有限公司 | Distributed authority process separation control method and device |
| CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101707594A (en) * | 2009-10-21 | 2010-05-12 | 南京邮电大学 | Single sign on based grid authentication trust model |
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102571380A (en) * | 2010-12-16 | 2012-07-11 | 北京博阳世通信息技术有限公司 | Multi-instance GIS platform unified user management method and system |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
-
2014
- 2014-11-21 CN CN201410677562.XA patent/CN104394141A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101707594A (en) * | 2009-10-21 | 2010-05-12 | 南京邮电大学 | Single sign on based grid authentication trust model |
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102571380A (en) * | 2010-12-16 | 2012-07-11 | 北京博阳世通信息技术有限公司 | Multi-instance GIS platform unified user management method and system |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
Non-Patent Citations (4)
| Title |
|---|
| 付东华: "《分布式文件系统关键技术研究与实现》", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
| 孙知信: "《基于云计算的数据存储技术研究》", 《南京邮电大学学报(自然科学版)》 * |
| 陈云芳: "《一种基于单点登录的开源课程群系统》", 《中国教育信息化》 * |
| 黄彩锋: "《基于HDFS分布式并行文件系统副本策略研究》", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
| CN105653910A (en) * | 2015-12-28 | 2016-06-08 | 芜湖美智空调设备有限公司 | User access system control method and device |
| CN105430014A (en) * | 2015-12-30 | 2016-03-23 | 福建亿榕信息技术有限公司 | Single sign on method and system |
| CN105430014B (en) * | 2015-12-30 | 2019-04-23 | 福建亿榕信息技术有限公司 | A kind of single-point logging method and its system |
| CN108780475A (en) * | 2016-03-31 | 2018-11-09 | 微软技术许可有限责任公司 | Personalized inference certification for virtually assisting |
| CN108780475B (en) * | 2016-03-31 | 2021-05-25 | 微软技术许可有限责任公司 | Personalized inference authentication for virtual assistance |
| CN106375334A (en) * | 2016-09-28 | 2017-02-01 | 郑州云海信息技术有限公司 | An Authentication Method for Distributed System |
| CN106933984A (en) * | 2017-02-20 | 2017-07-07 | 周长英 | The dispatching method and system of a kind of distributed file system |
| CN107483466A (en) * | 2017-08-30 | 2017-12-15 | 郑州云海信息技术有限公司 | User login verification method and device in web application |
| CN107483466B (en) * | 2017-08-30 | 2020-11-24 | 苏州浪潮智能科技有限公司 | A method and device for user login verification in a web application |
| CN107911379B (en) * | 2017-11-29 | 2020-02-21 | 贝壳找房(北京)科技有限公司 | CAS server |
| CN107911379A (en) * | 2017-11-29 | 2018-04-13 | 链家网(北京)科技有限公司 | A kind of CAS Server |
| CN108040072A (en) * | 2018-01-22 | 2018-05-15 | 公安部交通管理科学研究所 | The system and method for mobile Internet APP single-sign-ons under distributed network |
| CN108040072B (en) * | 2018-01-22 | 2021-04-20 | 公安部交通管理科学研究所 | System and method for mobile internet APP single sign-on under distributed network |
| CN110414257A (en) * | 2018-04-26 | 2019-11-05 | 中移(苏州)软件技术有限公司 | A data access method and server |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
| CN111898149A (en) * | 2020-08-05 | 2020-11-06 | 湖南优美科技发展有限公司 | User management system and method for multiple organizations |
| CN111898149B (en) * | 2020-08-05 | 2023-12-22 | 湖南优美科技发展有限公司 | User management system and method for multiple organizations |
| CN112104668A (en) * | 2020-11-10 | 2020-12-18 | 成都掌控者网络科技有限公司 | Distributed authority process separation control method and device |
| CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
| CN113297589B (en) * | 2021-03-31 | 2024-04-16 | 阿里巴巴创新公司 | Method, device and system for setting cluster permission |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104394141A (en) | Unified authentication method based on distributed file system | |
| Awaysheh et al. | Next-generation big data federation access control: A reference model | |
| US11762970B2 (en) | Fine-grained structured data store access using federated identity management | |
| US11552956B2 (en) | Secure resource authorization for external identities using remote principal objects | |
| US9286475B2 (en) | Systems and methods for enforcement of security profiles in multi-tenant database | |
| US11888856B2 (en) | Secure resource authorization for external identities using remote principal objects | |
| US8544070B2 (en) | Techniques for non repudiation of storage in cloud or shared storage environments | |
| US10565402B2 (en) | System and method for serving online synchronized content from a sandbox domain via a temporary address | |
| EP3777022B1 (en) | Distributed access control | |
| US10372483B2 (en) | Mapping tenat groups to identity management classes | |
| CN105917309B (en) | Determining permissions of a first tenant with respect to a second tenant | |
| US9047462B2 (en) | Computer account management system and realizing method thereof | |
| CN111159134A (en) | Multi-tenant-oriented distributed file system security access control method and system | |
| CN116743440A (en) | Security design and architecture for multi-tenant HADOOP clusters | |
| CN107579958A (en) | Data management method, device and system | |
| CN102449976A (en) | System and method for accessing private digital content | |
| CN101986599A (en) | Network security control method based on cloud service and cloud security gateway | |
| CN108881218B (en) | Data security enhancement method and system based on cloud storage management platform | |
| KR101015354B1 (en) | Movement of principals across security boundaries without service interruption | |
| CN112334898B (en) | System and method for managing multi-domain access credentials for a user with access to multiple domains | |
| CN104104683A (en) | Security system implementation method for multiple data centers | |
| US20100043049A1 (en) | Identity and policy enabled collaboration | |
| CN102833226B (en) | A kind of information access system and method for controlling security thereof | |
| CN118211259A (en) | Information processing method, device, storage medium and electronic device | |
| CN114282183A (en) | Menu system with authority control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150304 |