[go: up one dir, main page]

CN110363026B - File manipulation method, apparatus, device, system, and computer-readable storage medium - Google Patents

File manipulation method, apparatus, device, system, and computer-readable storage medium Download PDF

Info

Publication number
CN110363026B
CN110363026B CN201910658649.5A CN201910658649A CN110363026B CN 110363026 B CN110363026 B CN 110363026B CN 201910658649 A CN201910658649 A CN 201910658649A CN 110363026 B CN110363026 B CN 110363026B
Authority
CN
China
Prior art keywords
file
target
user
information
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910658649.5A
Other languages
Chinese (zh)
Other versions
CN110363026A (en
Inventor
王和平
尹强
刘有
黄山
杨峙岳
邸帅
卢道和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910658649.5A priority Critical patent/CN110363026B/en
Publication of CN110363026A publication Critical patent/CN110363026A/en
Priority to PCT/CN2020/102319 priority patent/WO2021013033A1/en
Application granted granted Critical
Publication of CN110363026B publication Critical patent/CN110363026B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明涉及金融科技技术领域,公开了一种文件操作方法、装置、设备、系统及计算机可读存储介质。该文件操作方法包括:在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。本发明能够提高用户权限管理的可控性和文件系统操作访问的安全性。

Figure 201910658649

The invention relates to the technical field of financial technology, and discloses a file operation method, device, device, system and computer-readable storage medium. The file operation method includes: when a file operation request is received, obtaining user information, a target file storage path and a target operation according to the file operation request; and based on the user information, the target file storage path and the target operation pair The user performs identity verification and operation authority verification; when both the identity verification and the operation authority verification pass, the target remote file service is determined according to the target file storage path and the preset rule; superuser authority is obtained through the target remote file service, and The target operation method corresponding to the target operation is invoked based on the superuser authority, and the target operation is performed on the target file corresponding to the target file storage path. The invention can improve the controllability of user authority management and the security of file system operation access.

Figure 201910658649

Description

文件操作方法、装置、设备、系统及计算机可读存储介质File manipulation method, apparatus, device, system, and computer-readable storage medium

技术领域technical field

本发明涉及金融科技(Fintech)技术领域,尤其涉及一种文件操作方法、装置、设备、系统及计算机可读存储介质。The present invention relates to the technical field of financial technology (Fintech), and in particular, to a file operation method, apparatus, device, system and computer-readable storage medium.

背景技术Background technique

随着计算机技术的发展,越来越多的技术(大数据、分布式、区块链Blockchain、人工智能等)应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变,但由于金融行业的安全性、实时性要求,也对技术提出了更高的要求。With the development of computer technology, more and more technologies (big data, distributed, blockchain, artificial intelligence, etc.) are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Fintech). The security and real-time requirements of the industry also put forward higher requirements for technology.

在计算机中,文件系统(File System)是命名文件及放置文件的逻辑存储和恢复的系统。目前,银行等金融机构的很多服务都需要访问到各文件系统进行相关的文件操作,对应的,各文件系统提供了相应的API(Application Programming Interface,应用程序编程接口)给到用户进行文件相关的操作,例如新增、删除、读写等。目前,本地文件系统和HDFS(Hadoop Distributed File System,分布式文件系统)等文件系统提供的API一般只能使用户对自身的文件进行访问与操作,而没法在一个进程服务里面对所有用户的文件进行访问与操作,除非是采用超级用户权限启动的服务才可以拥有所有文件的权限,然而,为各用户开启超级用户权限,即使得各用户拥有所有文件的操作权限,会导致用户权限的不可控和文件系统操作访问的安全性较低。In a computer, a file system is a system for naming files and placing files for logical storage and recovery. At present, many services of financial institutions such as banks need to access each file system to perform related file operations. Correspondingly, each file system provides a corresponding API (Application Programming Interface) for users to perform file-related operations. Operations, such as adding, deleting, reading and writing, etc. At present, the APIs provided by file systems such as the local file system and HDFS (Hadoop Distributed File System, distributed file system) generally only allow users to access and operate their own files, but cannot access and operate all users' files in one process service. To access and operate files, unless the service is started with super user rights, it can have the rights of all files. However, enabling super user rights for each user, even if each user has the operation rights of all files, will lead to the inability of user rights. less secure access to control and file system operations.

发明内容SUMMARY OF THE INVENTION

本发明的主要目的在于提供一种文件操作方法、装置、设备、系统及计算机可读存储介质,旨在提高用户权限管理的可控性和文件系统操作访问的安全性。The main purpose of the present invention is to provide a file operation method, apparatus, device, system and computer-readable storage medium, aiming at improving the controllability of user rights management and the security of file system operation access.

为实现上述目的,本发明提供一种文件操作方法,所述文件操作方法包括:In order to achieve the above object, the present invention provides a file operation method, the file operation method includes:

在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;When receiving a file operation request, obtain user information, target file storage path and target operation according to the file operation request;

基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;When both the identity verification and the operation authority verification pass, determine the target remote file service according to the target file storage path and the preset rule;

通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Obtain superuser authority through the target remote file service, and call a target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path.

可选地,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,所述基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证的步骤包括:Optionally, the user information includes user account information, token information and Internet Protocol IP information, and the user is authenticated and operated based on the user information, the target file storage path and the target operation. The verification steps include:

获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in a preset IP whitelist, so as to authenticate the user;

根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。The operation authority information of the user is acquired according to the user account information, and operation authority verification is performed on the user according to the target file storage path, the target operation and the operation authority information.

可选地,所述根据所述目标文件存储路径和预设规则确定目标远程文件服务的步骤包括:Optionally, the step of determining the target remote file service according to the target file storage path and the preset rule includes:

根据所述目标文件存储路径确定目标文件系统,并获取与所述目标文件系统对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Determine the target file system according to the target file storage path, and obtain the number of requests under each activated remote file service corresponding to the target file system, which is recorded as the first number of requests;

将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.

可选地,所述文件操作方法还包括:Optionally, the file operation method further includes:

定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Periodically obtain the current number of requests under each remote file service that has been started, and record it as the number of second requests;

检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Detecting whether each value in the second request quantity is greater than a first preset threshold;

若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。If each value in the second number of requests is greater than the first preset threshold, a new remote file service is started.

可选地,所述定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量的步骤之后,还包括:Optionally, after the step of regularly obtaining the current number of requests under each remote file service that has been started, and denoting it as the second number of requests, it also includes:

检测所述第二请求数量中是否存在小于第二预设阈值的数值;Detecting whether there is a value smaller than a second preset threshold in the second request quantity;

若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If there is, stop the remote file service corresponding to the existing value smaller than the second preset threshold.

可选地,所述文件操作方法还包括:Optionally, the file operation method further includes:

在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the operation execution is completed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

此外,为实现上述目的,本发明还提供一种文件操作装置,所述文件操作装置包括:In addition, in order to achieve the above object, the present invention also provides a file operation device, the file operation device includes:

第一获取模块,用于在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;a first obtaining module, configured to obtain user information, a target file storage path and a target operation according to the file operation request when receiving a file operation request;

用户验证模块,用于基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;a user verification module, configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

服务确定模块,用于当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;a service determination module, configured to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification pass;

操作执行模块,用于通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。The operation execution module is used to obtain super user authority through the target remote file service, and based on the super user authority, call the target operation method corresponding to the target operation, and execute the target file corresponding to the target file storage path. the target operation.

此外,为实现上述目的,本发明还提供一种文件操作设备,所述文件操作设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的文件操作程序,所述文件操作程序被所述处理器执行时实现如上所述的文件操作方法的步骤。In addition, in order to achieve the above object, the present invention also provides a file operation device, the file operation device includes: a memory, a processor and a file operation program stored in the memory and running on the processor, When the file operation program is executed by the processor, the steps of the file operation method as described above are realized.

此外,为实现上述目的,本发明还提供一种文件操作系统,所述文件操作系统包括文件操作设备和用户端;其中,In addition, in order to achieve the above object, the present invention also provides a file operating system, the file operating system includes a file operating device and a user terminal; wherein,

所述文件操作设备为如上所述的文件操作设备;The file operating device is the file operating device as described above;

所述用户端,用于接收用户触发的文件系统对象查询请求,并获取所述文件系统对象查询请求中携带的文件系统类型和代理用户信息;根据所述文件系统类型和所述代理用户信息得到代理的文件系统对象,并进行显示;接收用户基于所述代理的文件系统对象触发的文件操作请求,并将所述文件操作请求发送至所述文件操作设备。The user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain the file system type and the proxy user information according to the file system type and the proxy user information. The proxy file system object is displayed, and the file operation request triggered by the user based on the proxy file system object is received, and the file operation request is sent to the file operation device.

此外,为实现上述目的,本发明还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有文件操作程序,所述文件操作程序被处理器执行时实现如上所述的文件操作方法的步骤。In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium, where a file operation program is stored on the computer-readable storage medium, and when the file operation program is executed by a processor, the above-mentioned file operation is realized steps of the method.

本发明提供一种文件操作方法、装置、设备、系统及计算机可读存储介质,在接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,然后基于上述获取到的用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证;当身份验证和操作权限验证均通过时,先根据该目标文件存储路径和预设规则确定目标远程文件服务,然后通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。通过上述方式,本发明中只需对用户进行身份验证和操作权限验证,当身份验证和操作权限验证均通过之后,即可获取超级用户权限对代理用户(即其他用户)的文件进行操作,相比于现有技术,本发明无需为各用户开启超级用户权限,可实现对用户权限管理的完全可控,可提高不同文件系统操作访问的安全性。The present invention provides a file operation method, device, device, system and computer-readable storage medium. When receiving a file operation request sent by a user terminal, the user information, target file storage path and target operation are obtained according to the file operation request, Then, based on the obtained user information, target file storage path and target operation, the user is authenticated and the operation authority is verified; when both the identity verification and the operation authority verification pass, the target is first determined according to the target file storage path and preset rules. The remote file service then obtains the superuser authority through the target remote file service, and calls the target operation method corresponding to the target operation based on the superuser authority, and executes the target operation on the target file corresponding to the target file storage path. Through the above method, the present invention only needs to perform identity verification and operation authority verification on the user. After both the identity verification and the operation authority verification are passed, the superuser authority can be obtained to operate the files of the proxy user (ie, other users). Compared with the prior art, the present invention does not need to enable super user authority for each user, can realize complete control of user authority management, and can improve the security of operation and access of different file systems.

附图说明Description of drawings

图1为本发明实施例方案涉及的硬件运行环境的设备结构示意图;1 is a schematic diagram of a device structure of a hardware operating environment involved in an embodiment of the present invention;

图2为本发明文件操作方法第一实施例的流程示意图;2 is a schematic flowchart of a first embodiment of a file operation method of the present invention;

图3为本发明文件操作装置第一实施例的功能模块示意图。FIG. 3 is a schematic diagram of functional modules of the first embodiment of the file operating device of the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics and advantages of the present invention will be further described with reference to the accompanying drawings in conjunction with the embodiments.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

参照图1,图1为本发明实施例方案涉及的硬件运行环境的设备结构示意图。Referring to FIG. 1 , FIG. 1 is a schematic diagram of a device structure of a hardware operating environment involved in an embodiment of the present invention.

本发明实施例文件操作设备可以是智能手机,也可以是PC(Personal Computer,个人计算机)、平板电脑、便携计算机等终端设备。The file operation device in the embodiment of the present invention may be a smart phone, or may be a terminal device such as a PC (Personal Computer, personal computer), a tablet computer, and a portable computer.

如图1所示,该文件操作设备可以包括:处理器1001,例如CPU,通信总线1002,用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如Wi-Fi接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1 , the file operation device may include: a processor 1001 , such as a CPU, a communication bus 1002 , a user interface 1003 , a network interface 1004 , and a memory 1005 . Among them, the communication bus 1002 is used to realize the connection and communication between these components. The user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. Optionally, the network interface 1004 may include a standard wired interface and a wireless interface (eg, a Wi-Fi interface). The memory 1005 may be high-speed RAM memory, or may be non-volatile memory, such as disk memory. Optionally, the memory 1005 may also be a storage device independent of the aforementioned processor 1001 .

本领域技术人员可以理解,图1中示出的文件操作设备结构并不构成对文件操作设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the structure of the file operating device shown in FIG. 1 does not constitute a limitation on the file operating device, and may include more or less components than the one shown, or combine some components, or different components layout.

如图1所示,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及文件操作程序。As shown in FIG. 1 , the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module and a file operation program.

在图1所示的终端中,网络接口1004主要用于连接后台服务器,与后台服务器进行数据通信;用户接口1003主要用于连接客户端,与客户端进行数据通信;而处理器1001可以用于调用存储器1005中存储的文件操作程序,并执行以下操作:In the terminal shown in FIG. 1 , the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server; the user interface 1003 is mainly used to connect to the client and perform data communication with the client; and the processor 1001 can be used for The file operation program stored in the memory 1005 is called, and the following operations are performed:

在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;When receiving a file operation request, obtain user information, target file storage path and target operation according to the file operation request;

基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;When both the identity verification and the operation authority verification pass, determine the target remote file service according to the target file storage path and the preset rule;

通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Obtain superuser authority through the target remote file service, and call a target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path.

进一步地,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the user information includes user account information, token Token information and Internet Protocol IP information, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in a preset IP whitelist, so as to authenticate the user;

根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。The operation authority information of the user is acquired according to the user account information, and operation authority verification is performed on the user according to the target file storage path, the target operation and the operation authority information.

进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

根据所述目标文件存储路径确定目标文件系统,并获取与所述目标文件系统对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Determine the target file system according to the target file storage path, and obtain the number of requests under each activated remote file service corresponding to the target file system, which is recorded as the first number of requests;

将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The remote file service corresponding to the smallest value in the first request quantity is determined as the target remote file service.

进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Periodically obtain the current number of requests under each remote file service that has been started, and record it as the number of second requests;

检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Detecting whether each value in the second request quantity is greater than a first preset threshold;

若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。If each value in the second number of requests is greater than the first preset threshold, a new remote file service is started.

进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

检测所述第二请求数量中是否存在小于第二预设阈值的数值;Detecting whether there is a value smaller than a second preset threshold in the second request quantity;

若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If there is, stop the remote file service corresponding to the existing value smaller than the second preset threshold.

进一步地,处理器1001可以调用存储器1005中存储的文件操作程序,还执行以下操作:Further, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the operation execution is completed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

基于上述硬件结构,提出本发明文件操作方法的各实施例。Based on the above hardware structure, various embodiments of the file operation method of the present invention are proposed.

本发明提供一种文件操作方法。The present invention provides a file operation method.

参照图2,图2为本发明文件操作方法第一实施例的流程示意图。Referring to FIG. 2 , FIG. 2 is a schematic flowchart of a first embodiment of a file operation method of the present invention.

在本实施例中,该文件操作方法包括:In this embodiment, the file operation method includes:

步骤S10,在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;Step S10, when receiving the file operation request, obtain user information, target file storage path and target operation according to the file operation request;

本实施例的文件操作方法是由文件操作设备实现的,该设备以服务器为例进行说明。其中,该设备搭载有引擎管理器服务(IO-EM,Input/Output-Engine Mamager)和远程文件服务(IO-Engine),并提供兼容的API(Application Programming Interface,应用程序编程接口)接收用户端发送的文件操作请求,其中,IO-EM用于接收用户触发的文件操作请求,并根据文件操作请求获取用户信息、目标文件存储路径和目标操作,进而对用户进行身份验证和操作权限验证,还用于监测各远程文件服务IO-Engine的负载情况,进而确定目标远程文件服务,还用于根据IO-Engine的负载情况控制对应IO-Engine的启停,还用于接收IO-Engine发送的操作执行结果,并返回至用户端;远程文件服务IO-Engine用于获取文件系统的超级用户权限,并基于超级用户权限调用与获取到的目标操作所对应的文件操作方法对目标文件系统上的目标文件进行文件操作,还用于生成对应的操作执行结果,并发送至IO-EM。需要说明的是,IO-Engine是与文件系统的类型相对应的,文件系统可包括本地文件系统(local)、分布式文件系统(HDFS)和其他类型的文件系统,各类型的文件系统所对应的IO-Engine也包括多个。通过该文件操作设备,可实现远程对多种类型文件系统的访问操作。The file operation method in this embodiment is implemented by a file operation device, and the device is described by taking a server as an example. Among them, the device is equipped with an engine manager service (IO-EM, Input/Output-Engine Mamager) and a remote file service (IO-Engine), and provides a compatible API (Application Programming Interface, application programming interface) to receive the client The file operation request sent, in which IO-EM is used to receive the file operation request triggered by the user, and obtain the user information, target file storage path and target operation according to the file operation request, and then authenticate the user and verify the operation authority. It is used to monitor the load of each remote file service IO-Engine, and then determine the target remote file service. It is also used to control the start and stop of the corresponding IO-Engine according to the load of the IO-Engine, and it is also used to receive operations sent by the IO-Engine. The execution result is returned to the client; the remote file service IO-Engine is used to obtain the superuser authority of the file system, and based on the superuser authority, the file operation method corresponding to the obtained target operation is called to the target on the target file system. The file is used for file operation, and is also used to generate the corresponding operation execution result and send it to IO-EM. It should be noted that IO-Engine corresponds to the type of file system. The file system may include local file system (local), distributed file system (HDFS) and other types of file systems. Each type of file system corresponds to The IO-Engine also includes multiple. Through the file operation device, remote access operations to various types of file systems can be realized.

在本实施例中,服务器通过IO-EM接收用户端通过其兼容的API接口远程发送的文件操作请求,在通过IO-EM接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,其中,用户信息可以包括但不限于账号信息、Token(令牌)信息和IP(Internet Protocol,互联网协议)信息。In this embodiment, the server receives, through IO-EM, a file operation request remotely sent by the client through its compatible API interface, and when receiving the file operation request sent by the client through IO-EM, obtains the user according to the file operation request. Information, target file storage path, and target operation, where user information may include but not limited to account information, Token (token) information, and IP (Internet Protocol, Internet Protocol) information.

步骤S20,基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;Step S20, performing identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

在获取到用户信息、目标文件存储路径和目标操作之后,服务器中的IO-EM基于用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证,其中,用户信息包括用户账号信息、Token(令牌)信息和IP(Internet Protocol,互联网协议)信息,用户账号信息即为用户的账号名,Token信息可以是预先分配给用户的一个固定的Token码,也可以是由分配给用户的Token生成设备实时生成的一个随机的Token码,IP信息即为用户端的IP地址,步骤S20包括:After obtaining the user information, target file storage path and target operation, IO-EM in the server verifies the user's identity and operation authority based on the user information, target file storage path and target operation, where the user information includes user account information , Token (token) information and IP (Internet Protocol, Internet Protocol) information, user account information is the user's account name, Token information can be a fixed Token code pre-assigned to the user, or it can be assigned to the user by A random Token code generated by the Token generating device in real time, the IP information is the IP address of the client, and step S20 includes:

步骤a1,获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;Step a1: Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in a preset IP whitelist, so as to authenticate the user ;

对于身份验证,可先获取与该用户账号信息对应的验证Token,对应的,该验证Token可以是预先保存的分配给用户的固定Token码,也可以是Token生成设备同步发送过来的随机Token码,然后将该Token信息与验证Token进行比对,并检测IP信息是否在预设IP白名单中,以对用户进行身份验证。当比对结果为Token信息与验证Token相同,且IP信息在预设IP白名单中时,则身份验证通过。当比对结果为Token信息与验证Token不相同,且/或IP信息不在预设IP白名单中时,则身份验证不通过。需要说明的是,在具体实施例中,可以只基于Token信息和IP信息中的其中一种对用户进行身份验证,当然,也可以基于其他的信息对用户进行身份验证。For identity verification, the verification Token corresponding to the user's account information can be obtained first. Correspondingly, the verification Token can be a pre-saved fixed Token code assigned to the user, or a random Token code synchronously sent by the token generation device. Then, the Token information is compared with the verification Token, and whether the IP information is in the preset IP whitelist is detected, so as to authenticate the user. When the comparison result is that the Token information is the same as the verification Token, and the IP information is in the preset IP whitelist, the authentication is passed. When the comparison result is that the Token information is different from the verification Token, and/or the IP information is not in the preset IP whitelist, the authentication fails. It should be noted that, in a specific embodiment, the user may be authenticated based on only one of the Token information and the IP information. Of course, the user may also be authenticated based on other information.

步骤a2,根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。Step a2: Obtain the user's operation authority information according to the user account information, and perform operation authority verification on the user according to the target file storage path, the target operation and the operation authority information.

对于操作权限的验证,可先根据用户账号信息获取用户的操作权限信息,其中,操作权限信息可以包括用户所拥有的对其他哪些用户(代理用户)的哪些文件系统、哪些文件(夹)的哪些操作权限。具体的,可以预先设定用户账号信息与操作权限信息之间的映射关系,进而根据用户账号信息和预先设定的用户账号信息与操作权限信息之间的映射关系,来获取得到用户的操作权限信息。For the verification of the operation authority, the user's operation authority information can be obtained first according to the user account information, wherein the operation authority information can include which file systems and which files (folders) the user owns to which other users (proxy users). Operation permission. Specifically, the mapping relationship between the user account information and the operation authority information can be preset, and then the user's operation authority can be obtained according to the user account information and the preset mapping relationship between the user account information and the operation authority information. information.

然后,根据目标文件存储路径、目标操作和操作权限信息判断用户是否拥有相应的操作权限,以对用户进行操作权限验证,具体的,可检测目标文件存储路径和目标操作是否在操作权限信息所对应的权限范围内;若在权限范围内,则操作权限验证通过,若不在权限范围内,则操作权限验证失败。其中,目标文件存储路径与目标代理用户、目标文件系统和目标文件(夹)相对应,即可根据目标文件存储路径确定出对应的目标代理用户、目标文件系统和目标文件(夹),进而根据确定出的目标文件存储路径、目标操作与操作权限信息判断用户是否拥有相应的操作权限。需要说明的是,在实际应用过程中,可根据操作权限信息所具体限定的信息类型,来确定判断用户是否拥有操作权限所需的信息类型,例如,若操作权限信息只限定了有操作权限的代理用户、文件系统和文件(夹),而未对目标操作进行限定,则可以基于目标文件存储路径和操作权限信息判断用户是否拥有操作权限。Then, according to the target file storage path, target operation and operation authority information, it is determined whether the user has the corresponding operation authority, so as to verify the operation authority of the user. Specifically, it can be detected whether the target file storage path and the target operation correspond to the operation authority information. within the scope of authority; if it is within the scope of authority, the operation authority verification passes; if it is not within the scope of authority, the operation authority verification fails. Among them, the target file storage path corresponds to the target proxy user, target file system and target file (folder), and the corresponding target proxy user, target file system and target file (folder) can be determined according to the target file storage path, and then according to The determined target file storage path, target operation and operation authority information determine whether the user has the corresponding operation authority. It should be noted that, in the actual application process, the type of information required to judge whether the user has the operation authority can be determined according to the information type specifically limited by the operation authority information. For example, if the operation authority information only limits the operation authority Proxy users, file systems, and files (folders), without limiting the target operation, can determine whether the user has the operation authority based on the target file storage path and operation authority information.

此外,还需要说明的是,在具体实施例中,步骤a1和a2的执行顺序不分先后。可以理解的是,当执行a1和a2中的任一步骤,结果为验证失败时,则无需执行另一步骤,例如,当先进行身份验证,结果为身份验证失败时,则无需继续进行操作权限的验证,此时,可直接生成对应的提示信息,并发送至用户端,以提示用户验证失败。In addition, it should also be noted that, in the specific embodiment, the execution order of steps a1 and a2 is not specific. It is understandable that when any one of the steps a1 and a2 is executed, and the result is that the authentication fails, there is no need to perform another step. For example, when the authentication is performed first and the result is that the authentication fails, there is no need to continue the operation of the authorization. At this point, corresponding prompt information can be directly generated and sent to the client to prompt the user that the verification fails.

当然,可以理解的是,管理人员也可以根据实际需要对相应的安全验证规则进行个性化配置,例如,只进行身份验证或操作权限验证,或采用其他的安全验证方式。Of course, it is understandable that the administrator can also perform personalized configuration of the corresponding security verification rules according to actual needs, for example, only perform identity verification or operation authority verification, or adopt other security verification methods.

步骤S30,当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;Step S30, when both the identity verification and the operation authority verification pass, determine the target remote file service according to the target file storage path and the preset rule;

当身份验证和操作权限验证均通过时,服务器中的IO-EM根据该目标文件存储路径和预设规则确定目标远程文件服务,具体的,步骤“根据所述目标文件存储路径和预设规则确定目标远程文件服务”包括:When both the identity verification and the operation authority verification pass, the IO-EM in the server determines the target remote file service according to the target file storage path and preset rules. Specifically, the step "determine according to the target file storage path and preset rules" Target Remote File Services" includes:

步骤b1,根据所述目标文件存储路径确定目标文件系统,并获取与所述目标文件系统对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;Step b1, determine the target file system according to the target file storage path, and obtain the number of requests under each remote file service that has been started corresponding to the target file system, and record it as the first number of requests;

步骤b2,将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。Step b2, determining the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

当文件系统类型包括多个时,可先根据目标文件存储路径确定目标文件系统,并获取与目标文件系统对应的已启动的各远程文件服务下的请求数量,为便于区分和后续描述,可将与目标文件系统对应的已启动的各远程文件服务IO-Engine下的请求数量记作第一请求数量,由于IO-Engine包括多个,对应的第一请求数量也包括多个。然后,为实现负载均衡,可将第一请求数量中的最小数值所对应的远程文件服务IO-Engine确定为目标远程文件服务。When there are multiple file system types, you can first determine the target file system according to the target file storage path, and obtain the number of requests under each activated remote file service corresponding to the target file system. The number of requests under each started remote file service IO-Engine corresponding to the target file system is recorded as the first number of requests. Since there are multiple IO-Engines, the corresponding number of first requests also includes multiple. Then, in order to achieve load balancing, the IO-Engine of the remote file service corresponding to the smallest value in the first request quantity may be determined as the target remote file service.

步骤S40,通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。Step S40, obtaining super user authority through the target remote file service, and calling a target operation method corresponding to the target operation based on the super user authority, and executing the target file corresponding to the target file storage path. operate.

在确定得到目标远程文件服务后,可通过该目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。具体的,从底层来看,IO-EM确定得到目标远程文件服务后,可由超级用户启动目标IO-Engine(即采用超级用户的账号登录后启动目标IO-Engine),并将文件操作请求发送至该目标远程文件服务(目标IO-Engine),以使得目标IO-Engine获取超级用户权限,进而目标IO-Engine可基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行所述目标操作。After it is determined that the target remote file service is obtained, the super user authority can be obtained through the target remote file service, and based on the super user authority, the target operation method corresponding to the target operation can be invoked, and the target operation can be performed on the target file corresponding to the target file storage path. . Specifically, from the bottom layer, after IO-EM determines that the target remote file service is obtained, the target IO-Engine can be started by the super user (that is, the target IO-Engine is started after logging in with the super user account), and the file operation request is sent to The target remote file service (target IO-Engine), so that the target IO-Engine obtains the superuser authority, and then the target IO-Engine can call the target operation method corresponding to the target operation based on the superuser authority, and store the path corresponding to the target file. The corresponding target file executes the target operation.

本发明在银行等金融机构的文件操作过程中,在获取到用户信息、目标文件存储路径和目标操作后,先对用户进行身份验证和操作权限验证,在验证通过后,确定目标远程文件服务,进而通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作,无需为企业的各用户开启超级用户权限,可实现对企业用户权限管理的完全可控,即提高了企业用户权限的可控性,同时,还可以提高文件系统操作访问的安全性。In the process of file operation of financial institutions such as banks, the present invention first performs identity verification and operation authority verification on the user after obtaining user information, target file storage path and target operation, and determines the target remote file service after the verification is passed. Then, obtain the superuser authority through the target remote file service, and call the target operation method corresponding to the target operation based on the superuser authority, and perform the target operation on the target file corresponding to the target file storage path, without enabling the superuser for each user of the enterprise. Permissions can achieve complete control over enterprise user permission management, that is, improve the controllability of enterprise user permissions, and at the same time, can also improve the security of file system operation access.

本发明实施例提供一种文件操作方法,在接收到用户端发送的文件操作请求时,根据该文件操作请求获取用户信息、目标文件存储路径和目标操作,然后基于上述获取到的用户信息、目标文件存储路径和目标操作对用户进行身份验证和操作权限验证;当身份验证和操作权限验证均通过时,先根据该目标文件存储路径和预设规则确定目标远程文件服务,然后通过目标远程文件服务获取超级用户权限,并基于超级用户权限调用与该目标操作对应的目标操作方法、对与目标文件存储路径对应的目标文件执行目标操作。通过上述方式,本发明实施例中只需对用户进行身份验证和操作权限验证,当身份验证和操作权限验证均通过之后,即可获取超级用户权限对代理用户(即其他用户)的文件进行操作,相比于现有技术,本发明实施例无需为各用户开启超级用户权限,可实现对用户权限管理的完全可控,可提高不同文件系统操作访问的安全性。An embodiment of the present invention provides a file operation method. When a file operation request sent by a client is received, user information, a target file storage path and a target operation are obtained according to the file operation request, and then based on the obtained user information, target operation The file storage path and target operation authenticate the user and the operation authority; when both the authentication and operation authority verification are passed, the target remote file service is first determined according to the target file storage path and preset rules, and then the target remote file service is passed through the target remote file service. Obtain the superuser authority, and call the target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path. In the above manner, in the embodiment of the present invention, only the identity verification and the operation authority verification are required for the user. After both the identity verification and the operation authority verification are passed, the superuser authority can be obtained to operate the files of the proxy user (that is, other users). , compared with the prior art, the embodiment of the present invention does not need to enable super user authority for each user, can realize complete control of user authority management, and can improve the security of operation access of different file systems.

进一步地,基于图2所示的第一实施例,提出本发明文件操作方法的第二实施例。Further, based on the first embodiment shown in FIG. 2 , a second embodiment of the file operation method of the present invention is proposed.

在本实施例中,该文件操作方法还包括:In this embodiment, the file operation method further includes:

步骤A,定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;Step A, regularly obtains the current number of requests under each remote file service that has been started, and is denoted as the second number of requests;

在本实施例中,服务器可通过引擎管理器(IO-EM)监测各远程文件服务(IO-Engine)的负载情况,并根据负载情况控制IO-Engine的启停,以达到负载均衡的目的。具体的,IO-EM可定期获取已启动的各远程文件服务下的当前请求数量,为便于区别和后续表述,可将获取到的已启动的各远程文件服务下的当前请求数量记作第二请求数量。其中,远程文件服务下的当前请求数量,即为远程文件服务下需处理的文件操作请求的数量。定期可设为每隔3小时一次,当然,也可以根据实际需要进行设定,此处不做具体限定。由于远程文件服务包括多个,对应的,第二请求数量也包括多个。In this embodiment, the server can monitor the load situation of each remote file service (IO-Engine) through the engine manager (IO-EM), and control the start and stop of the IO-Engine according to the load situation, so as to achieve the purpose of load balancing. Specifically, IO-EM can periodically obtain the current number of requests under each activated remote file service. For the convenience of distinction and subsequent description, the obtained current number of requests under each activated remote file service can be recorded as the second number of requests. The current number of requests under the remote file service is the number of file operation requests to be processed under the remote file service. The period can be set to once every 3 hours, of course, it can also be set according to actual needs, which is not specifically limited here. Since there are multiple remote file services, correspondingly, the number of second requests also includes multiple.

步骤B,检测所述第二请求数量中的各个数值是否均大于第一预设阈值;Step B, detecting whether each value in the second request quantity is greater than a first preset threshold;

在获取到第二请求数量之后,检测第二请求数量中的各个数值是否均大于第一预设阈值,其中,第一预设阈值可设为10个,当然,也可以根据实际需要进行设定,此处不做具体限定。After acquiring the second number of requests, check whether each value in the second number of requests is greater than the first preset threshold, where the first preset threshold can be set to 10, of course, can also be set according to actual needs , which is not specifically limited here.

步骤C,若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。Step C, if each value in the second request quantity is greater than the first preset threshold, start a new remote file service.

若第二请求数量的各个数值均大于第一预设阈值,说明所有的IO-Engine均负载过高,此时,则启动新的远程文件服务IO-Engine。If each value of the second number of requests is greater than the first preset threshold, it means that all IO-Engines are overloaded. In this case, a new remote file service IO-Engine is started.

需要说明的是,由于各远程文件服务IO-Engine是与文件系统的类型相对应的,例如文件系统可包括本地文件系统(local)、分布式文件系统(HDFS)和其他类型的文件系统,各类型的文件系统所对应的IO-Engine也包括多个,因此,在具体实施例中,还可以按文件系统的类型,分别获取各类型文件系统的已启动的远程文件服务IO-Engine下的当前请求数量(分别记作第三请求数量、第四请求数量、……第N请求数量),进而分别检测第三请求数量、第四请求数量、……第N请求数量中的各个数值是否均大于第一预设阈值,若存在某一请求数量中的各个数值均大于第一预设阈值时,可启动该请求数量所对应的文件系统下的新的IO-Engine。例如,第三请求数量对应本地文件系统,当检测到第三请求数量中的各个数值均大于第一预设阈值时,则启动本地文件系统所对应的新的IO-Engine。It should be noted that since each remote file service IO-Engine corresponds to the type of file system, for example, the file system may include local file system (local), distributed file system (HDFS) and other types of file systems. There are also multiple IO-Engines corresponding to file systems of different types. Therefore, in a specific embodiment, it is also possible to obtain the current status of the started remote file service IO-Engine of each type of file system according to the type of the file system. The number of requests (respectively recorded as the number of third requests, the number of fourth requests, ... the number of Nth requests), and then respectively detect whether each value in the number of third requests, the number of fourth requests, ... the number of Nth requests is greater than The first preset threshold, if each value in a certain number of requests is greater than the first preset threshold, a new IO-Engine under the file system corresponding to the number of requests can be started. For example, the third request quantity corresponds to the local file system, and when it is detected that each value in the third request quantity is greater than the first preset threshold, a new IO-Engine corresponding to the local file system is started.

进一步地,在步骤A之后,该文件操作方法还可以包括:Further, after step A, the file operation method may also include:

步骤D,检测所述第二请求数量中是否存在小于第二预设阈值的数值;Step D, detecting whether there is a value smaller than a second preset threshold in the second request quantity;

若存在,则执行步骤E:停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。If it exists, perform step E: stop the remote file service corresponding to the existing value smaller than the second preset threshold.

此外,在获取到第二请求数量之后,还可以检测第二请求数量中是否存在小于第二预设阈值的数值,其中,第二预设阈值可设为0,当然,也可以根据实际需要进行设定,此处不做具体限定。若检测到第二请求数量中存在小于第二预设阈值的数值,说明存在空闲的远程文件服务,此时,则停止所存在的小于第二预设阈值的数值所对应的远程文件服务,即停止空闲的远程文件服务。In addition, after acquiring the second number of requests, it is also possible to detect whether there is a value in the second number of requests that is smaller than the second preset threshold, where the second preset threshold can be set to 0, of course, it can also be performed according to actual needs The setting is not specifically limited here. If it is detected that there is a value less than the second preset threshold in the second number of requests, it means that there is an idle remote file service. At this time, the remote file service corresponding to the existing value less than the second preset threshold is stopped, that is, Stop idle remote file services.

当然,需要说明的是,在具体实施例中,还可以通过外部设备,如IR(IntelligentRouting,智能路由),来监测各IO-Engine的负载情况(即当前请求数量),即,通过IR定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;进而通过IR检测所述第二请求数量中的各个数值与第一预设阈值的大小关系,根据检测结果生成对应的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息控制对应的IO-Engine的启停。其中,具体的检测方法与上述实施例中相同,即,检测所述第二请求数量中的各个数值是否均大于第一预设阈值;若所述第二请求数量中的各个数值均大于第一预设阈值,则生成启动新的远程文件服务的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息启动对应的新的IO-Engine;同时,检测第二请求数量中是否存在小于第二预设阈值的数值,若第二请求数量中存在小于第二预设阈值的数值,则生成停止远程文件服务的通知信息,并发送至IO-EM,以使得IO-EM根据通知信息停止对应的空闲的IO-Engine。Of course, it should be noted that, in a specific embodiment, an external device, such as IR (Intelligent Routing, intelligent routing), can also be used to monitor the load status of each IO-Engine (ie, the current number of requests), that is, to periodically obtain through IR The current number of requests under each remote file service that has been started is denoted as the second number of requests; and then the relationship between each value in the second number of requests and the first preset threshold is detected by IR, and a corresponding number of requests is generated according to the detection result. The notification information is sent to the IO-EM, so that the IO-EM controls the start and stop of the corresponding IO-Engine according to the notification information. The specific detection method is the same as that in the above-mentioned embodiment, that is, to detect whether each value in the second request quantity is greater than the first preset threshold; if each value in the second request quantity is greater than the first If the preset threshold is set, the notification information for starting a new remote file service is generated and sent to IO-EM, so that IO-EM starts the corresponding new IO-Engine according to the notification information; at the same time, it is detected whether there is a second request number A value smaller than the second preset threshold, if there is a value smaller than the second preset threshold in the second number of requests, a notification message for stopping the remote file service is generated and sent to the IO-EM, so that the IO-EM is based on the notification message. Stop the corresponding idle IO-Engine.

可以理解,在上述第一实施例中,在根据目标文件存储路径和预设规则确定目标远程文件服务的过程中,第一请求数量除可由IO-EM直接获取外,也可以通过IR获取得到。It can be understood that, in the above-mentioned first embodiment, in the process of determining the target remote file service according to the target file storage path and preset rules, the first request quantity can be obtained by IR in addition to being directly obtained by IO-EM.

进一步地,基于图2所示的第一实施例,提出本发明文件操作方法的第三实施例。Further, based on the first embodiment shown in FIG. 2 , a third embodiment of the file operation method of the present invention is proposed.

在本实施例中,在步骤S40之后,该文件操作方法还包括:In this embodiment, after step S40, the file operation method further includes:

在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。After the operation execution is completed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

在本实施例中,为便于用户了解操作的执行结果,可在操作执行完成后,生成对应的操作执行结果,并将操作执行结果返回至与该文件操作请求对应的用户端。其中,操作执行结果包括操作执行成功和操作执行失败等,其中,对于操作执行失败时,还可返回对应的失败原因,以便于用户进行更正处理。In this embodiment, in order to facilitate the user to understand the execution result of the operation, after the execution of the operation is completed, the corresponding operation execution result may be generated, and the operation execution result will be returned to the client corresponding to the file operation request. Wherein, the operation execution result includes operation execution success and operation execution failure, etc. When the operation execution fails, the corresponding failure reason may also be returned to facilitate the user to perform correction processing.

本发明还提供一种文件操作系统,该文件操作系统包括文件操作设备和用户端。其中,所述文件操作设备为如图1所示的文件操作设备,用于执行上述文件操作方法实施例中的各步骤,具体的功能和实现过程可参照上述实施例,此处不作赘述。The present invention also provides a file operating system, which includes a file operating device and a user terminal. The file operation device is the file operation device shown in FIG. 1 , and is used to execute the steps in the above-mentioned embodiments of the file operation method. For specific functions and implementation processes, reference may be made to the above-mentioned embodiments, which will not be repeated here.

所述用户端,用于接收用户触发的文件系统对象查询请求,并获取所述文件系统对象查询请求中携带的文件系统类型和代理用户信息;根据所述文件系统类型和所述代理用户信息得到代理的文件系统对象,并进行显示;接收用户基于所述代理的文件系统对象触发的文件操作请求,并将所述文件操作请求发送至所述文件操作设备。The user terminal is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain the file system type and the proxy user information according to the file system type and the proxy user information. The proxy file system object is displayed, and the file operation request triggered by the user based on the proxy file system object is received, and the file operation request is sent to the file operation device.

本实施例中,该用户端可以为智能手机、PC等终端,集成有由多个模块封装而成的sdk(Software Development Kit,软件开发工具包)。具体的,该由多个模块封装而成的sdk可包括FsFactory(文件系统工厂)、ProxyFS(代理文件系统)和IO-Client(输入/输出)3个模块,其中,FsFactory用于从接收到的文件系统对象查询请求中获取到文件系统类型和代理用户信息;ProxyFS用于接收FsFactory传输的文件系统类型(如本地文件系统、HDFS文件系统等)和代理用户信息,并对文件系统类型和代理用户信息按预设方式进行封装,得到对应的代理的文件系统对象,其中,该代理的文件系统对象包括代理用户对应的文件系统中对文件(夹)的操作方法,例如,获取文件(夹)大小,创建、删除文件(夹),读写文件等操作的操作方法;IO-Client用于接收到用户触发的文件操作请求,并将该文件操作请求通过兼容的API接口发送至文件操作设备;还可以用于接收文件操作设备返回的操作执行结果,并进行显示。In this embodiment, the client terminal may be a terminal such as a smart phone or a PC, which integrates an SDK (Software Development Kit, software development kit) encapsulated by multiple modules. Specifically, the sdk encapsulated by multiple modules may include three modules: FsFactory (file system factory), ProxyFS (proxy file system) and IO-Client (input/output). The file system type and proxy user information are obtained from the file system object query request; ProxyFS is used to receive the file system type (such as local file system, HDFS file system, etc.) and proxy user information transmitted by FsFactory, and to the file system type and proxy user information. The information is encapsulated in a preset manner to obtain the corresponding proxy file system object, wherein the proxy file system object includes the operation method of the file (folder) in the file system corresponding to the proxy user, for example, obtaining the file (folder) size , the operation methods of creating, deleting files (folders), reading and writing files, etc.; IO-Client is used to receive the file operation request triggered by the user, and send the file operation request to the file operation device through a compatible API interface; also It can be used to receive and display the operation execution result returned by the file operation device.

具体的,当用户需要对某一目标文件存储路径对应的文件(夹)进行某一目标操作时,用户可先根据该目标文件存储路径确定得到目标文件系统的类型和目标代理用户,通过用户终端中的对应软件或App(Application,应用程序)输入文件系统类型(即目标文件系统的类型)和代理用户信息(即目标代理用户的信息,可以为目标代理用户的用户名),输入完成后即可触发文件系统对象查询请求,此时,用户端在接收到用户触发的文件系统对象查询请求时,获取该文件系统对象查询请求中携带的文件系统类型和代理用户信息,其中,文件系统类型可以包括本地文件系统、HDFS文件系统等,代理用户信息可以为所需访问的其他用户(即代理用户)的用户名。然后,对文件系统类型和代理用户信息进行封装,得到代理的文件系统对象,并在用户端的屏幕中进行显示,其中,代理的文件系统对象中包括目标操作对应的操作方法,当用户在查询到代理的文件系统对象后,即可对代理用户的文件进行操作,具体的,用户可基于该代理的文件系统对象中的目标操作的操作方法、目标文件存储路径,来触发文件操作请求,此时,用户端在接收到该文件操作请求时,将该文件操作请求发送至文件操作设备,以使得文件操作设备对该文件操作请求进行处理。Specifically, when the user needs to perform a certain target operation on a file (folder) corresponding to the storage path of a certain target file, the user can first determine the type of the target file system and the target proxy user according to the storage path of the target file, and then use the user terminal to determine the type of the target file system and the target proxy user. The corresponding software or App (Application, application) in the input file system type (that is, the type of the target file system) and the proxy user information (that is, the information of the target proxy user, which can be the user name of the target proxy user), and the input is completed. The file system object query request can be triggered. At this time, when receiving the file system object query request triggered by the user, the client obtains the file system type and proxy user information carried in the file system object query request, where the file system type can be Including the local file system, the HDFS file system, etc., the proxy user information can be the username of other users (ie, proxy users) that need to be accessed. Then, the file system type and proxy user information are encapsulated to obtain the proxy file system object, which is displayed on the screen of the client, wherein the proxy file system object includes the operation method corresponding to the target operation. After the proxy file system object, the file of the proxy user can be operated. Specifically, the user can trigger the file operation request based on the operation method and target file storage path of the target operation in the proxy file system object. , when the user terminal receives the file operation request, it sends the file operation request to the file operation device, so that the file operation device processes the file operation request.

本实施例提供一种文件操作系统,该文件操作系统包括文件操作设备和用户端,通过构建上述文件操作系统,可便于用户通过用户端对远程文件系统进行访问操作,同时,通过文件操作设备可实现对各文件系统进行统一管理,无需为各用户开启超级用户权限,即可实现对用户权限管理的完全可控,可提高不同文件系统操作访问的安全性。This embodiment provides a file operating system. The file operating system includes a file operating device and a user terminal. By constructing the above file operating system, it is convenient for a user to access a remote file system through the user terminal. At the same time, the file operating device can To achieve unified management of each file system, without the need to enable super user permissions for each user, to achieve complete control of user rights management, and to improve the security of access to different file systems.

本发明还提供一种文件操作装置。The invention also provides a file operation device.

参照图3,图3为本发明文件操作装置第一实施例的功能模块示意图。Referring to FIG. 3 , FIG. 3 is a schematic diagram of functional modules of the first embodiment of the file operating device of the present invention.

如图3所示,所述文件操作装置包括:As shown in Figure 3, the file operation device includes:

第一获取模块10,用于在接收到文件操作请求时,根据所述文件操作请求获取用户信息、目标文件存储路径和目标操作;The first obtaining module 10 is configured to obtain user information, target file storage path and target operation according to the file operation request when receiving a file operation request;

用户验证模块20,用于基于所述用户信息、所述目标文件存储路径和所述目标操作对用户进行身份验证和操作权限验证;a user verification module 20, configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

服务确认模块30,用于当身份验证和操作权限验证均通过时,根据所述目标文件存储路径和预设规则确定目标远程文件服务;The service confirmation module 30 is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification pass;

操作执行模块40,用于通过所述目标远程文件服务获取超级用户权限,并基于所述超级用户权限调用与所述目标操作对应的目标操作方法、对与所述目标文件存储路径对应的目标文件执行所述目标操作。The operation execution module 40 is configured to obtain super user authority through the target remote file service, and based on the super user authority, call the target operation method corresponding to the target operation, and execute the target file storage path corresponding to the target file based on the super user authority. Perform the target operation.

进一步地,所述用户信息包括用户账号信息、令牌Token信息和互联网协议IP信息,所述用户验证模块20包括:Further, the user information includes user account information, token Token information and Internet Protocol IP information, and the user verification module 20 includes:

身份验证单元,用于获取与所述用户账号信息对应的验证Token,将所述Token信息与所述验证Token进行比对,并检测所述IP信息是否在预设IP白名单中,以对用户进行身份验证;an identity verification unit, configured to obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in a preset IP whitelist, so as to verify the user to authenticate;

权限验证单元,用于根据所述用户账号信息获取用户的操作权限信息,并根据所述目标文件存储路径、所述目标操作和所述操作权限信息对用户进行操作权限验证。The authority verification unit is configured to obtain the user's operation authority information according to the user account information, and perform operation authority verification on the user according to the target file storage path, the target operation and the operation authority information.

进一步地,所述服务确认模块30包括:Further, the service confirmation module 30 includes:

第一获取单元,用于根据所述目标文件存储路径确定目标文件系统,并获取与所述目标文件系统对应的已启动的各远程文件服务下的请求数量,记作第一请求数量;a first obtaining unit, configured to determine a target file system according to the target file storage path, and obtain the number of requests under each activated remote file service corresponding to the target file system, which is denoted as the first number of requests;

第一确定单元,用于将所述第一请求数量中的最小数值所对应的远程文件服务确定为目标远程文件服务。The first determining unit is configured to determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

进一步地,所述文件操作装置还包括:Further, the file manipulation device also includes:

第二获取模块,用于定期获取已启动的各远程文件服务下的当前请求数量,记作第二请求数量;The second acquisition module is used to periodically acquire the current number of requests under each remote file service that has been started, and is recorded as the second number of requests;

第一检测模块,用于检测所述第二请求数量中的各个数值是否均大于第一预设阈值;a first detection module, configured to detect whether each value in the second request quantity is greater than a first preset threshold;

服务启动模块,用于若所述第二请求数量中的各个数值均大于第一预设阈值,则启动新的远程文件服务。A service starting module, configured to start a new remote file service if each value in the second request quantity is greater than a first preset threshold.

进一步地,所述文件操作装置还包括:Further, the file manipulation device also includes:

第二检测模块,用于检测所述第二请求数量中是否存在小于第二预设阈值的数值;a second detection module, configured to detect whether there is a value smaller than a second preset threshold in the second request quantity;

服务停止模块,用于若存在,则停止所存在的小于所述第二预设阈值的数值所对应的远程文件服务。A service stopping module, configured to stop the remote file service corresponding to the existing value smaller than the second preset threshold if it exists.

进一步地,所述文件操作装置还包括:Further, the file manipulation device also includes:

结果返回模块,用于在操作执行完成后,生成对应的操作执行结果,并返回至与所述文件操作请求对应的用户端。The result returning module is used to generate a corresponding operation execution result after the operation is completed, and return it to the client corresponding to the file operation request.

其中,上述文件操作装置中各个模块的功能实现与上述文件操作方法实施例中各步骤相对应,其功能和实现过程在此处不再一一赘述。The function implementation of each module in the above-mentioned file operation apparatus corresponds to each step in the above-mentioned file operation method embodiment, and the functions and implementation process thereof will not be repeated here.

本发明还提供一种计算机可读存储介质,该计算机可读存储介质上存储有文件操作程序,所述文件操作程序被处理器执行时实现如以上任一项实施例所述的文件操作方法的步骤。The present invention also provides a computer-readable storage medium, on which a file operation program is stored, and when the file operation program is executed by a processor, implements the file operation method according to any one of the above embodiments. step.

本发明计算机可读存储介质的具体实施例与上述文件操作方法各实施例基本相同,在此不作赘述。The specific embodiments of the computer-readable storage medium of the present invention are basically the same as the above-mentioned embodiments of the file operation method, and are not repeated here.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or system comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or system. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system that includes the element.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on such understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products are stored in a storage medium (such as ROM/RAM) as described above. , magnetic disk, optical disk), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of the present invention.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present invention, or directly or indirectly applied in other related technical fields , are similarly included in the scope of patent protection of the present invention.

Claims (9)

1. A file operation method, characterized in that the file operation method comprises:
when a file operation request is received, acquiring user information, a target file storage path and target operation according to the file operation request;
performing identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;
when the identity verification and the operation authority verification pass, determining target remote file service according to the target file storage path and a preset rule;
acquiring super user authority through the target remote file service, calling a target operation method corresponding to the target operation based on the super user authority, and executing the target operation on a target file corresponding to the target file storage path;
the step of determining the target remote file service according to the target file storage path and the preset rule comprises the following steps:
determining a target file system according to the target file storage path, acquiring the number of requests under each started remote file service corresponding to the target file system, and recording the number of the requests as a first request number;
and determining the remote file service corresponding to the minimum value in the first request quantity as a target remote file service.
2. The file operating method according to claim 1, wherein the user information includes user account information, Token information, and internet protocol IP information, and the step of performing authentication and operation authority authentication on the user based on the user information, the target file storage path, and the target operation includes:
acquiring a verification Token corresponding to the user account information, comparing the Token information with the verification Token, and detecting whether the IP information is in a preset IP white list or not so as to verify the identity of the user;
and acquiring the operation authority information of the user according to the user account information, and verifying the operation authority of the user according to the target file storage path, the target operation and the operation authority information.
3. The file operating method according to any one of claims 1 to 2, further comprising:
acquiring the current request quantity of each started remote file service at regular intervals, and recording the current request quantity as a second request quantity;
detecting whether each numerical value in the second request quantity is larger than a first preset threshold value;
and if all the numerical values in the second request quantity are greater than a first preset threshold value, starting a new remote file service.
4. The file manipulation method of claim 3 wherein said step of periodically obtaining a current number of requests for each initiated remote file service, denoted as a second number of requests, further comprises:
detecting whether a numerical value smaller than a second preset threshold value exists in the second request quantity;
and if so, stopping the remote file service corresponding to the numerical value smaller than the second preset threshold.
5. The file operating method according to any one of claims 1 to 2, further comprising:
and after the operation execution is finished, generating a corresponding operation execution result and returning the operation execution result to the user side corresponding to the file operation request.
6. A file operating apparatus, characterized in that the file operating apparatus comprises:
the first acquisition module is used for acquiring user information, a target file storage path and target operation according to a file operation request when the file operation request is received;
the user authentication module is used for carrying out identity authentication and operation authority authentication on the user based on the user information, the target file storage path and the target operation;
the service determining module is used for determining target remote file service according to the target file storage path and a preset rule when the identity verification and the operation authority verification pass;
the operation execution module is used for acquiring super user authority through the target remote file service, calling a target operation method corresponding to the target operation based on the super user authority and executing the target operation on a target file corresponding to the target file storage path;
the service determination module includes:
a first obtaining unit, configured to determine a target file system according to the target file storage path, and obtain a number of requests under each started remote file service corresponding to the target file system, which is recorded as a first number of requests;
and the first determining unit is used for determining the remote file service corresponding to the minimum numerical value in the first request quantity as the target remote file service.
7. A file operating apparatus, characterized in that the file operating apparatus comprises: memory, a processor and a file manipulation program stored on the memory and executable on the processor, the file manipulation program when executed by the processor implementing the steps of the file manipulation method according to any one of claims 1 to 5.
8. A file operating system is characterized in that the file operating system comprises a file operating device and a user side; wherein,
the file operating device is the file operating device according to claim 7;
the client is used for receiving a file system object query request triggered by a user and acquiring a file system type and agent user information carried in the file system object query request; obtaining a file system object of the agent according to the file system type and the agent user information, and displaying the file system object; and receiving a file operation request triggered by a user based on the file system object of the proxy, and sending the file operation request to the file operation equipment.
9. A computer-readable storage medium, on which a file operation program is stored, which when executed by a processor implements the steps of the file operation method according to any one of claims 1 to 5.
CN201910658649.5A 2019-07-19 2019-07-19 File manipulation method, apparatus, device, system, and computer-readable storage medium Active CN110363026B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910658649.5A CN110363026B (en) 2019-07-19 2019-07-19 File manipulation method, apparatus, device, system, and computer-readable storage medium
PCT/CN2020/102319 WO2021013033A1 (en) 2019-07-19 2020-07-16 File operation method, apparatus, device, and system, and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910658649.5A CN110363026B (en) 2019-07-19 2019-07-19 File manipulation method, apparatus, device, system, and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN110363026A CN110363026A (en) 2019-10-22
CN110363026B true CN110363026B (en) 2021-06-25

Family

ID=68221369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910658649.5A Active CN110363026B (en) 2019-07-19 2019-07-19 File manipulation method, apparatus, device, system, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN110363026B (en)
WO (1) WO2021013033A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363026B (en) * 2019-07-19 2021-06-25 深圳前海微众银行股份有限公司 File manipulation method, apparatus, device, system, and computer-readable storage medium
CN111222146B (en) * 2019-11-14 2022-08-12 京东科技控股股份有限公司 Authority checking method, authority checking device, storage medium and electronic equipment
CN113496013A (en) * 2020-03-19 2021-10-12 顺丰科技有限公司 File management method, file management device, server and storage medium
CN113051611B (en) * 2021-03-15 2022-04-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113312133B (en) * 2021-06-17 2022-06-24 浙江齐安信息科技有限公司 Operation method, system and storage medium
CN113382017B (en) * 2021-06-29 2022-11-04 深圳壹账通智能科技有限公司 Permission control method and device based on white list, electronic equipment and storage medium
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN114785607A (en) * 2022-05-06 2022-07-22 深圳创维-Rgb电子有限公司 Advertisement blocking method, device, equipment and computer readable storage medium
CN115277680B (en) * 2022-07-29 2024-04-19 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security
CN115114646B (en) * 2022-08-25 2023-01-03 北京前沿信安科技股份有限公司 File authority processing method and device and storage medium
CN116582533A (en) * 2023-05-30 2023-08-11 招商银行股份有限公司 File management method, device and storage medium based on SFTP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260555B2 (en) * 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543448B (en) * 2018-11-16 2022-07-15 深圳前海微众银行股份有限公司 HDFS file access permission control method, device and storage medium
CN110363026B (en) * 2019-07-19 2021-06-25 深圳前海微众银行股份有限公司 File manipulation method, apparatus, device, system, and computer-readable storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260555B2 (en) * 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
CN101841537A (en) * 2010-04-13 2010-09-22 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103501325A (en) * 2013-09-25 2014-01-08 北京神州泰岳软件股份有限公司 Method and system for controlling remote device file, as well as network file folder

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于HDFS架构的云存储访问控制机制的研究与设计》;范学辉;《中国优秀硕士学位论文全文数据库 信息科技辑》;20140415;第2014卷(第4期);I139-70 *

Also Published As

Publication number Publication date
WO2021013033A1 (en) 2021-01-28
CN110363026A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN110363026B (en) File manipulation method, apparatus, device, system, and computer-readable storage medium
US11790077B2 (en) Methods, mediums, and systems for establishing and using security questions
CN110096857B (en) Authority management method, device, equipment and medium for block chain system
US10541806B2 (en) Authorizing account access via blinded identifiers
US10673866B2 (en) Cross-account role management
US11962511B2 (en) Organization level identity management
US20200285978A1 (en) Model training system and method, and storage medium
US11539707B2 (en) Dynamic security policy consolidation
WO2018188558A1 (en) Method and apparatus for identifying account permission
CN110138798B (en) Cloud desktop management method, device and equipment and readable storage medium
CN112685719B (en) Single sign-on method, device, system, computer equipment and storage medium
CN106790172A (en) A kind of file sharing method and server, client
US10803190B2 (en) Authentication based on client access limitation
CN104836777B (en) Identity verification method and system
CN112583890B (en) Message pushing method and device based on enterprise office system and computer equipment
CN110210192A (en) Approaches to IM, device, equipment and readable storage medium storing program for executing
CN118869289A (en) Method and device for managing access to Windows assets based on bastion host
CN110309635A (en) Data quality model management method, device, equipment and computer storage medium
US20140317238A1 (en) Website server request rerouting
CN115580641A (en) Device management and control method, electronic device and storage medium based on Internet of Things platform
US20240104223A1 (en) Portable verification context
US12425218B2 (en) Portable identity verification context with automatic renewal or verification orchestration to mitigate decay
US12204625B2 (en) System and method for implementing a one authorization application module
CN118449783B (en) Account operation control method, device, medium and equipment
US12418519B2 (en) Method and system for exchanging web authentication protocols for public cloud migrations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant