Nothing Special   »   [go: up one dir, main page]

CN111291045A - Service isolation data transmission method and device, computer equipment and storage medium - Google Patents

Service isolation data transmission method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111291045A
CN111291045A CN202010037398.1A CN202010037398A CN111291045A CN 111291045 A CN111291045 A CN 111291045A CN 202010037398 A CN202010037398 A CN 202010037398A CN 111291045 A CN111291045 A CN 111291045A
Authority
CN
China
Prior art keywords
service
data
service unit
user
tenant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010037398.1A
Other languages
Chinese (zh)
Inventor
庄志辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202010037398.1A priority Critical patent/CN111291045A/en
Publication of CN111291045A publication Critical patent/CN111291045A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2219Large Object storage; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application belongs to the field of sharing and isolating of service resources, and relates to a service isolation data transmission method, which comprises the steps of determining a tenant to which a user belongs according to the type of service required to be accessed by the user and the role of the user, and generating an access request; if the requested service data is not stored in the accessed first service unit, accessing a second service unit which is in communication connection with the first service unit through a communication template, and acquiring the service data to be requested from the second service unit; and returning the acquired service data to the user. The application also provides a service isolation data transmission device, computer equipment and a storage medium. According to the method and the system, the data are acquired by accessing the corresponding service units through the identities of the leased tenants, the related service data stored in different service units are collected in one service unit and returned to the user, the scheme is favorable for respectively processing the access and operation of the user to the data, the data processing efficiency can be effectively improved, and the data safety is improved.

Description

Service isolation data transmission method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of shared isolation technology of service resources, and in particular, to a method and an apparatus for transmitting service isolation data, a computer device, and a storage medium
Background
The database is used for storing data generated or called by upper-layer services, when the types of the services are continuously increased and the traffic volume is increased, the data volume stored in the database is increased rapidly, the types of the data are complicated, and the data belong to important business secrets for owners of the data. Different data can be accessed by different services, and some data, such as identity verification data, applied to various services can be accessed frequently; while some data is only for individual services and the frequency of access is significantly less than the former.
The original database only makes the data into a table, and the table is associated according to the relationship between the table and the table, and the data table is directly subjected to security control in an authentication mode in the access process.
The existing processing mode firstly controls the stability of data flow direction in a database by setting a mapping table and controlling users with different identities to access different mapping tables, then different services are shunted according to the difference of the user identities, meanwhile, because the mapping table is only a mapping and has a data source, the operation of the service on the data is finally embodied in the data table corresponding to the data in the plurality of mapping tables, and the multiple concurrent tasks aim at the data operation of the same data table, if the data tables are simultaneously read by mistake and dirty read, operations on the data tables need to be executed in a certain scheduling mode, during the process of modifying the data table by one process, the data table can be locked, thereby greatly preventing other processes from operating the data of the database, the data isolation scheme is still not suitable for a multitask and large-concurrency database storage application scenario.
Disclosure of Invention
The embodiment of the application aims to provide a service isolation data transmission method to realize service isolation transmission of resources in a large concurrent database.
In order to solve the above technical problem, an embodiment of the present application provides a service isolated data transmission method, which adopts the following technical solutions:
a service isolated data transmission method, comprising the steps of:
determining a tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user, and generating an access request;
sending an access request of a tenant to a first service unit, wherein service data are stored in the first service unit;
judging whether the tenant has the acquisition authority on the service data of the first service unit;
if the user has the acquisition right to the service data of the first service unit, judging whether the service data required by the access request is stored in the accessed first service unit;
if the requested service data is stored in the accessed first service unit, acquiring the requested service data from the first service unit;
if the requested service data is not stored in the accessed first service unit, accessing a second service unit which is in communication connection with the first service unit through a communication template, and acquiring the service data to be requested from the second service unit;
and returning the acquired service data to the user.
Further, the step of determining the tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user and generating the access request specifically includes:
determining the data type included in the service accessed by the user according to the service type required to be accessed by the user and the service data corresponding to the service type;
determining the data type which the user intends to access according to the role of the user and the data type included in the service;
determining the access frequency and the interactive data volume of the user according to the role of the user and the data type which is intended to be accessed so as to determine the tenant of the user;
and binding the user with the tenant to which the user belongs, and generating an access request according to the identity of the tenant.
Further, determining the data type that the user intends to access according to the role of the user and the data type included in the service specifically includes:
recording the data type accessed by each role through the field information operated in each access;
and counting the access frequency of the quantity type of the access of the same role, and determining the data type which is intended to be accessed by the current role from the data types included in the service according to the access frequency.
Further, the access request of the tenant is sent to the first service unit, and specifically, the access load of the tenant is balanced to each node in the first service unit according to the access frequency and the interaction number of the access request of the tenant.
Further, the balancing of the access load of the tenant to each node in the first service unit specifically includes: and (3) allocating the tenants with larger access amount to the nodes with less task amount, and/or allocating the users with higher access frequency to the nodes with more execution threads and stronger multithreading capability.
Further, the first service unit stores the associated data related to the first service unit, and the corresponding relationship between the associated data and the second service unit; the step of accessing a second service unit in communication connection with the first service unit through a preset communication protocol and acquiring service data to be requested from the second service unit specifically includes:
determining a second service unit stored by the service data requested by the tenant according to the corresponding relation between the associated data related to the first service unit and the second service unit;
the first service unit establishes a link to the second service unit through a preset communication protocol, and sends the service data requested to be acquired and the corresponding relation between the requested service data and the first service unit so that the second service unit determines the corresponding relation between the requested service data and the first service unit;
and receiving the service data returned by the second service unit.
Further, the service data comprises main data and dependent data, wherein the dependent data and the main data have the same data type and data content; the step of acquiring the requested service data from the first service unit specifically includes:
identifying a category of service data to be requested by an access request stored on the first service unit;
if the data is the subordinate data, determining a second service unit of the corresponding main data storage according to the subordinate data;
synchronizing the dependent data with the primary data on the second server module;
and taking the synchronized slave data as data returned to the tenant. Determining data types that a user intends to access
In order to solve the above technical problem, an embodiment of the present application further provides a service isolated data transmission device, which adopts the following technical solutions:
a service isolated data transmission apparatus comprising:
the generation module is used for determining the tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user and generating an access request;
the tenant access control system comprises a request module, a first service unit and a second service unit, wherein the request module is used for sending an access request of a tenant to the first service unit, and service data are stored in the first service unit; the system is also used for returning the acquired service data to the user;
the judging module is used for judging whether the tenant has the acquisition permission on the service data of the first service unit, and if the user has the acquisition permission on the service data of the first service unit, judging whether the service data required by the access request is stored in the accessed first service unit; and
and the acquisition module acquires the requested service data from the first service unit if the requested service data is stored in the accessed first service unit, otherwise, accesses a second service unit which is in communication connection with the first service unit through the communication template, and acquires the service data to be requested from the second service unit.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the steps of the service isolated data transmission method described above.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which employs the steps of the service isolated data transmission method as described above.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects: according to the scheme, data are respectively stored in different service units according to service types, users correspond to the tenants, the users are distributed to different tenants according to the accessed data types through management of the tenants, the identities of the tenants are rented to access the corresponding service units to obtain the data, the related associated data stored in different service units are collected in one service unit through a network inside the service unit and returned to the users, the scheme is favorable for respectively processing the data access and operation of the users, the data processing efficiency can be effectively improved, and the data security is improved.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for service isolated data transmission according to the present application;
FIG. 3 is a flowchart of one embodiment of step S100 of FIG. 2;
FIG. 4 is a flowchart of one embodiment of step S500-2 of FIG. 2;
FIG. 5 is a flowchart of one embodiment of step S500-1 of FIG. 2;
FIG. 6 is a schematic block diagram illustrating one embodiment of a service isolated data transfer device according to the present application;
FIG. 7 is a schematic block diagram of one embodiment of a computer device according to the present application.
Reference numerals:
41-generation module, 42-request module, 43-judgment module, 44-acquisition module, 441-internal interaction sub-module, 442-verification sub-module, 443-data synchronization sub-module
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the service isolated data transmission method provided in the embodiments of the present application is generally executed by a server/terminal device, and accordingly, a service isolated data transmission apparatus is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continuing reference to FIG. 2, a flow diagram of one embodiment of a method of service isolated data transmission is shown, in accordance with the present application. The service isolation data transmission method comprises the following steps:
step S100: and determining the tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user, and generating an access request.
In the process of request control of user access, each service category is associated with a specific one or a limited number of tenants, each tenant corresponding to its identity fixed during program execution. In the process of accessing the database, the user borrows the identity of the tenant to access, and the service and the tenant have a clear corresponding relationship, so that the control on the user data access is realized. Among the embodiments of the present application. The method comprises the steps of setting an identity table, recording all tenants and service types and roles corresponding to the tenants in the identity table, reading the service types and the roles in user requests in the process of access request control, inquiring in the identity table, determining several groups of corresponding tenants according to services required to be accessed, determining and borrowing the most appropriate tenants according to the access roles of the users, and generating access requests. One tenant can correspond to a plurality of users at the same time, and access processes are provided for the users in a concurrent mode.
In a server cluster, a database may be used to provide data support for multiple service types, in general, a service type corresponds to a set of interface interfaces, a set of business logic and partial data in the database, and classifying accesses according to service types can effectively clarify the data types that users intend to access.
Step S200: and sending an access request of the tenant to a first service unit, wherein the first service unit stores service data.
After the user rents the identity of the tenant, the request of the user is sent to the corresponding first service unit on the name of the tenant, and because the tenant and the first service unit are corresponding, the corresponding tenant can only send the request to the first service unit. Therefore, user access is isolated among different services, so that one service can only acquire requests sent by a limited number of tenants, and the requests sent by the tenants are all provided based on the service, so that the provided data operation is basically consistent or can be regularly circulated, and the data processing efficiency of the first service unit can be improved. The first service unit only stores service data corresponding to the service type, and each service unit only needs to control a plurality of relevant data tables or fields in the tables. The overhead required to perform access control is greatly reduced.
Step S300: and judging whether the tenant has the acquisition authority on the service data of the first service unit.
The first service unit and the second service unit are communicated through a link to interact or synchronize data, the first service unit and the second service unit generally belong to the same or adjacent internal network, a perfect security system is arranged outside the network where the service units are located, the communication overhead between the first service unit and the second service unit is relatively small, and the safety can be ensured.
The correlation between the interactive data and the first service unit still needs to be determined between the first service unit and the second service unit in order to verify whether the corresponding first service unit has the right to process the relevant data.
Step S400: and if the user has the acquisition right to the service data of the first service unit, judging whether the service data required by the access request is stored in the accessed first service unit.
The user requests to acquire the service data by renting the tenant identity, the role of the tenant can also reflect the authority of the user, for a general user, only the service data which accords with the identity of the general user can be accessed, the range of the user which can access the service data is determined by verifying the user role corresponding to the tenant, and whether the tenant has the authority of acquiring the service data requested at this time is determined. The service unit stores service data corresponding to service types, some service data are correlated among a plurality of services, data related to the first service unit may be stored in the second service unit or need to be synchronized with related service data in the second service unit to maintain data accuracy, and after receiving an access request and confirming that the identity of the tenant requesting the access request has the right to acquire corresponding data, whether the requested data is stored in the first service unit is judged to determine how to return the requested service data to the tenant.
If the requested service data is stored in the accessed first service unit, step S500-1 is performed: obtaining the requested service data from the first service unit,
otherwise, step S500-2 is executed, a second service unit communicatively connected to the first service unit is accessed through the communication template, and the service data to be requested is obtained from the second service unit.
When the service data requested by the tenant is not in the first service unit, the first service unit needs to interact with a second service unit where the data is located, acquire the corresponding data and return the corresponding data to the tenant, and during the access process, the corresponding second service unit requests content information of a corresponding field under a theme through a communication template.
Step S600: and returning the acquired service data to the user.
The data are collected in the first service unit and forwarded to the corresponding tenant uniformly through the first service unit. The request and the acquisition of the service data are transmitted by means of internal protocols among the service units, so that the disorder of data access caused by direct access of tenants to a plurality of service units is avoided, and the management of the service data and the access control of the service data are facilitated.
The scheme can classify users, bind with the identities of tenants, access a first service unit through the identities of the tenants to obtain corresponding service data, the first service unit only maintains a small amount of data associated with corresponding services, synchronizes with a second service unit through an internal communication link, collects all data associated with the services, returns service data requested by the users to the users in a form of returning the service data to the tenants, enables the access processes of different types of users to be isolated from each other, and enables the accessed service data to be isolated from each other. Therefore, different types of users can access the system at the same time, the system is not influenced mutually, the service management is standard and convenient, the safety risk is greatly reduced, and the access management efficiency is improved.
In this embodiment, an electronic device (for example, the server/terminal device shown in fig. 1) on which a service isolated data transmission method operates may perform mutual access among the tenant, the first service unit, and the second service unit through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
Further, in some embodiments, the step of determining the tenant to which the user belongs according to the service category to which the user requires access and the role of the user, and generating the access request specifically includes:
step S101: determining the data type included in the service accessed by the user according to the service type required to be accessed by the user and the service data corresponding to the service type;
in the scheme, data are stored in a distributed mode according to services and interact with the outside as resources on different service units respectively, and in the state, some data types corresponding to the service types generally correspond to one specific service type, so that the data types interacted with the service units after the communication link is established can be determined according to the service types accessed by the user.
Step S102: determining the data type which the user intends to access according to the role of the user and the data type included in the service;
after defining the data types that the user can interact with the first service unit after the communication link is established, according to the access request, the role of the user in the service can further determine that the data types that the user intends to access in the first service unit are different as different roles in one service. As an embodiment, in a performance assessment management system, at least two roles of a salesman and a manager are included, the salesman is more inclined to acquire performance points of single projects, related terms and related money amounts, project memorandum and other data types in the process of accessing a first service unit, the manager is more inclined to acquire statistical data such as employee performance sequencing, department and project group fund flows and the like, obviously, the data types which are inclined to be accessed by the salesman as different roles are different, and the difference can be distinguished through access control statistics in the previous period. Specifically, through field information operated in each access, the access request generated by each role is recorded, the access frequency of each field is recorded, and the data type which is prone to be accessed by one role is determined according to the access frequency.
Step S103: determining the access frequency and the interactive data volume of the user according to the role of the user and the data type which is intended to be accessed so as to determine the tenant of the user;
according to the role of a user and the tendency of the type of access data, establishing the accessed data according to each access request of each user recorded by daily statistics, determining the data type which is accessed by the user with a certain role in the access process, associating the user with a tenant according to the data type which is accessed by the user with intention in the access process, associating the tenant with one or more users at the same time, accessing a first data unit by the user in the form of renting the identity of the tenant, and selecting corresponding nodes to establish links according to the characteristics existing in the access process of the tenant in order to match the application balance on the first data unit and send the access request to a plurality of nodes contained in the first data unit by the tenant, so that the existing hardware resources can be used as efficiently as possible, and the users associated with one tenant are mutually, the characteristics existing in the access process are approximate, which is also beneficial to the efficient scheduling of the nodes in the process of processing the load tasks, so that the working efficiency of the nodes is improved.
Step S104: and binding the user with the tenant to which the user belongs, and generating an access request according to the identity of the tenant.
The access request is sent on behalf of the tenant, after the user binds the tenant identity, the generation request network device can determine the identity of the tenant and the corresponding first service unit by reading the corresponding field in the request, and the first service unit can determine the data which the user requires to access through the identity of the tenant by reading the request. A corresponding access request is thus generated for sending to the first service unit.
Further, in some embodiments, the access request of the tenant is sent to the first service unit, and specifically, the access load of the tenant is balanced to each node in the first service unit according to the access frequency and the number of interactions of the access request of the tenant.
Specifically, the first service unit may be a computer device, or may be a server group composed of a plurality of computer devices, and according to the operational capability of each device in the server group and the currently loaded service pressure, the tenant or each request is allocated to the corresponding computer device, so as to balance the computational power. For the distribution of the tenants, in the process of renting the identity of the tenants by the users, the distribution is carried out according to the access frequency and the interaction quantity, for a single tenant, the access frequency and the interaction quantity generated on the name of the single tenant can be regularly circulated, and the connection generated by the tenant is distributed to each node in the module according to the task quantity required to be processed by each node in the first service unit and the processed service type. Specifically, the tenant with a large access amount is allocated to the node with a small task amount, and the user with a high access frequency is allocated to the node with a large number of execution threads and a high multithreading capability. Therefore, the execution efficiency of the first service unit for processing the tenant access is improved.
Further, in some embodiments, the first service unit and the second service unit respectively store service data, and the first service unit further stores association data related to the first service unit and a corresponding relationship between the first service unit and the second service unit.
The smallest unit of data storage is usually a data table, and a data table stores part of service data in the database through limited fields. In this embodiment, different data tables may be stored in different service units, but the service data in the data tables are linked, and the tenant may also obtain the service data in different data tables at the same time. The corresponding relationship between the associated data stored in the first service unit and related to the first service unit and the second service unit is that when the user acquires the corresponding service data from the first service unit but the service data is not stored in the first service unit, the first service unit determines the second service unit in which the service data that the user requires to acquire is stored by retrieving the form of the recorded data. The service data that the user requests to obtain is the associated data of the first service unit.
On this basis, accessing a second service unit in communication connection with the first service unit through the communication template, and the step of acquiring service data to be requested from the second service unit specifically includes:
step S501: and determining a second service unit stored by the service data requested by the tenant according to the corresponding relation between the service data related to the first service unit and the second service unit.
When the requested service data is determined not to be stored in the first service unit, a second storage unit where the requested data is stored is determined according to the associated data stored in the first service unit, the second storage unit is used as a source for acquiring the service data, the service data is collected to the first storage unit, and the service data is sent to the tenant.
Step S502: and establishing a link to a second service unit through the first service unit, and sending the service data requested to be acquired and the corresponding relation between the requested service data and the first service unit so that the second service unit determines the corresponding relation between the requested service data and the first service unit.
The first service unit sends a corresponding relation between the request service data and the first service unit to the second service unit, and the corresponding relation can be proved through field numbers, connection relations among data tables and the like. The second service unit determines that the requested service data is related to the first service unit, and then allows the first service unit to access the second service unit to obtain corresponding service data, wherein the service data is centralized in the first service unit and transmitted to the tenant, and the second service unit is transparent to the tenant.
Step S503: and receiving the service data returned by the second service unit.
The second service unit confirms the corresponding relation between the requested data item and the second service unit, determines that the first service unit has the authority of operating the related data, and then returns the data corresponding to the requested data item. According to the scheme, the service data required by the user can be collected in the first service unit through the link between the service units and transmitted to the user in a unified mode, the safety of data access is guaranteed, and the control complexity of the link is reduced.
Further, a group of data stored in one first service unit or second service unit is set as main data, and the other first service unit and/or second service unit stores subordinate data with the same data type and data content as the main data, and the subordinate data is synchronized with the main data.
Specifically, different service units may use the same set of data at the same time, which may occur in the case of a foreign key between different data tables, or service logics of different services corresponding to the same original data table, where the former can be verified through the relationship between the data tables, and the latter classifies the same set of data into different service units, and there is no direct association between them, which is easy to cause serial reading of data, sets the main data and the dependent data, and maintains the accuracy of the data through a synchronization format between them.
On this basis, it is determined whether main data of the data acquired by the tenant is stored in the first service unit, and in the service data of the acquisition request in the first service unit, the data acquisition mode is specifically:
step S504: the class of service data to be requested by the access request stored on the first service unit is identified.
When the service data requested by the tenant is dependent data, corresponding data is directly returned to the tenant, and data deviation can be caused. At this time, the data needs to be synchronized to ensure the accuracy of the data.
Step S505: and if the data is the slave data, determining a second service unit of the corresponding main data storage according to the slave data.
The deviation of the subordinate data is eliminated through the synchronization with the main data so as to ensure the accuracy of the data.
Step S506: the slave data is synchronized with the master data on the second server module.
The dependent data with the offset removed is returned to the tenant via the first service unit, while the intermediate verification process is transparent to the tenant. This ensures accurate determination of the data.
Step S507: and taking the synchronized slave data as data returned to the tenant.
And the method also comprises the step of directly returning the service data to the user through the first service unit if the service data requested by the tenant is stored in the accessed first service unit and the data stored on the first service unit is the main data.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a service isolated data transmission apparatus, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be applied to various electronic devices.
As shown in fig. 4, a service isolated data transmission apparatus 500 according to the present embodiment includes: a generation module 41, a request module 42, a judgment module 43, and an acquisition module 44. Wherein:
a generating module 41, configured to determine, according to the service type required to be accessed by the user and the role of the user, a tenant to which the user belongs, and generate an access request;
a request module 42, configured to send an access request of a tenant to a first service unit, where service data is stored in the first service unit; the system is also used for returning the acquired service data to the user;
a judging module 43, configured to judge whether the tenant has an acquisition right for the service data of the first service unit, and if the user has an acquisition right for the service data of the first service unit, judge whether the service data requested by the access request is stored in the accessed first service unit; and
and the obtaining module 44 is used for obtaining the requested service data from the first service unit if the requested service data is stored in the accessed first service unit, and otherwise, accessing a second service unit which is in communication connection with the first service unit through the communication template and obtaining the service data to be requested from the second service unit.
In this embodiment, the generating module 41 reads the service type and the role of the user in the user request, performs query in the identity table, determines several corresponding groups of tenants according to the service that the user requires to access, and determines and borrows a most suitable tenant according to the access role of the user to generate the access request. One tenant can correspond to a plurality of users at the same time, and access processes are provided for the users in a concurrent mode. And after the first service unit collects the corresponding service data, the service data is forwarded to the user through the tenant.
The request module 42 sends the request of the user to the corresponding first service unit on behalf of the tenant after the user rents the identity of the tenant, because the tenant and the first service unit are corresponding, the corresponding tenant can only send the request to the first service unit.
The determining module 43, after receiving the access request and confirming whether the tenant identity of the request has the right to obtain the corresponding data, determines whether the requested data is stored in the first service unit, so as to determine how to return the requested service data to the tenant.
The obtaining module 44 obtains the corresponding data from the corresponding first service unit or second service unit.
According to the scheme, users can be classified and bound with the identities of the tenants, a first service unit is accessed through the identities of the tenants to obtain corresponding service data, the first service unit only maintains a small amount of data relevant to corresponding services, the first service unit and a second service unit are in the same row through an internal communication link, all data relevant to the services are collected, the service data requested by the users are returned to the users in a form of returning to the tenants, the access processes of different types of users are isolated from one another, and the accessed service data are isolated from one another. Therefore, different types of users can access the system at the same time, the system is not influenced mutually, the service management is standard and convenient, the safety risk is greatly reduced, and the access management efficiency is improved.
In some optional implementation manners of this embodiment, the system further includes a balancing module, configured to balance, according to the access frequency and the number of interactions of the access request of the tenant, the access load of the tenant to each node in the first service unit.
Referring to fig. in some optional implementation manners of this embodiment, the obtaining module 44 further includes an internal interaction sub-module 441 and a verification sub-module 442,
the internal interaction submodule 441 is configured to determine, according to a corresponding relationship between the service data related to the first service unit and a second service unit, the second service unit in which the service data requested by the tenant is stored; the second service unit determines the corresponding relation between the requested data item and the first service unit, and returns the service data corresponding to the requested data item to the first service unit.
Specifically, the internal interaction submodule 441 determines a second service unit according to the storage relationship between the relevant data stored in the first service unit and the service unit. And then, the second service unit confirms the corresponding relation between the requested data item and the second service unit, determines that the first service unit has the authority of operating the related data, and then returns the data corresponding to the requested data item.
The verification sub-module 442 is used for the first service unit to establish a link with the second service unit, and send a data item requested to be acquired, and a corresponding relationship between the requested data item and the first service unit.
Specifically, the second service unit of the first service unit box sends a corresponding relationship between the data item and the first service unit, and the corresponding relationship can be proved by a field number, a connection relationship between data tables, and the like.
According to the scheme, the service data required by the user can be collected in the first service unit through the link between the service units and transmitted to the user in a unified mode, the safety of data access is guaranteed, and the control complexity of the link is reduced.
Please refer to fig. in some optional implementations of the embodiment, the obtaining module 44 further includes a data synchronization sub-module 443.
The verification sub-module 442 is further configured to: determining that the service data requested by the tenant is stored in the accessed first service unit, and the data stored on the first service unit is dependent data;
when the service data requested by the tenant is dependent data, corresponding data is directly returned to the tenant, and data deviation can be caused. At this time, the data needs to be synchronized to ensure the accuracy of the data.
The synchronization verification sub-module 442 is configured to: a second service unit of the primary data store corresponding to the dependent data on the first service unit is determined, and the dependent data is synchronized with the primary data on the second server module.
The request module 42 is further configured to return the tenant synchronized data through the first service unit.
The deviation of the subordinate data is eliminated through the synchronization with the main data so as to ensure the accuracy of the data. The slave data with the offset removed is then returned to the tenant via the first service unit, while the intermediate verification process is transparent to the tenant. Thus, the accuracy of the data is ensured. The scheme not only ensures the distributed storage and calling of the data, but also ensures the reliability of data reading.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 6, fig. 6 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 6 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It is noted that only a computer device 6 having components 61-63 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable gate array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 61 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. In other embodiments, the memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are provided on the computer device 6. Of course, the memory 61 may also comprise both an internal storage unit of the computer device 6 and an external storage device thereof. In this embodiment, the memory 61 is generally used for storing an operating system installed in the computer device 6 and various types of application software, such as a program code of a service isolated data transmission method. Further, the memory 61 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 62 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 6. In this embodiment, the processor 62 is configured to execute the program code stored in the memory 61 or process data, for example, execute the program code of the service isolated data transmission method.
The network interface 63 may comprise a wireless network interface or a wired network interface, and the network interface 63 is typically used for establishing a communication connection between the computer device 6 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer readable storage medium storing a service isolated data transmission program, which is executable by at least one processor to cause the at least one processor to execute the steps of a service isolated data transmission method as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1. A service isolated data transmission method, comprising the steps of:
determining a tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user, and generating an access request;
sending an access request of a tenant to a first service unit, wherein service data are stored in the first service unit;
judging whether the tenant has the acquisition authority on the service data of the first service unit;
if the user has the acquisition right to the service data of the first service unit, judging whether the service data required by the access request is stored in the accessed first service unit;
if the requested service data is stored in the accessed first service unit, acquiring the requested service data from the first service unit;
if the requested service data is not stored in the accessed first service unit, accessing a second service unit which is in communication connection with the first service unit through a communication template, and acquiring the service data to be requested from the second service unit;
and returning the acquired service data to the user.
2. The service isolated data transmission method according to claim 1, wherein the step of determining the tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user and generating the access request specifically includes:
determining the data type included in the service accessed by the user according to the service type required to be accessed by the user and the service data corresponding to the service type;
determining the data type which the user intends to access according to the role of the user and the data type included in the service;
determining the access frequency and the interactive data volume of the user according to the role of the user and the data type which is intended to be accessed so as to determine the tenant of the user;
and binding the user with the tenant to which the user belongs, and generating an access request according to the identity of the tenant.
3. The service isolated data transmission method according to claim 2, wherein determining the data type that the user intends to access, according to the role of the user and the data type included in the service, specifically comprises:
recording the data type accessed by each role through the field information operated in each access;
and counting the access frequency of the quantity type of the access of the same role, and determining the data type which is intended to be accessed by the current role from the data types included in the service according to the access frequency.
4. The service isolated data transmission method of claim 2, wherein: the access request of the tenant is sent to the first service unit, and specifically, the access load of the tenant is balanced to each node in the first service unit according to the access frequency and the interaction number of the access request of the tenant.
5. The service isolated data transmission method of claim 4, wherein: the balancing of the access load of the tenant to each node in the first service unit specifically includes: and (3) allocating the tenants with larger access amount to the nodes with less task amount, and/or allocating the users with higher access frequency to the nodes with more execution threads and stronger multithreading capability.
6. The service isolated data transmission method of claim 1, wherein: the first service unit stores the relevant data related to the first service unit and the corresponding relation between the relevant data and the second service unit; the step of accessing a second service unit in communication connection with the first service unit through a preset communication protocol and acquiring service data to be requested from the second service unit specifically includes:
determining a second service unit stored by the service data requested by the tenant according to the corresponding relation between the associated data related to the first service unit and the second service unit;
the first service unit establishes a link to the second service unit through a preset communication protocol, and sends the service data requested to be acquired and the corresponding relation between the requested service data and the first service unit so that the second service unit determines the corresponding relation between the requested service data and the first service unit;
and receiving the service data returned by the second service unit.
7. The service isolated data transmission method according to any one of claims 1 to 6, wherein: the service data comprises main data and subordinate data, wherein the subordinate data and the main data have the same data type and data content; the step of acquiring the requested service data from the first service unit specifically includes:
identifying a category of service data to be requested by an access request stored on the first service unit;
if the data is the subordinate data, determining a second service unit of the corresponding main data storage according to the subordinate data;
synchronizing the dependent data with the primary data on the second server module;
and taking the synchronized slave data as data returned to the tenant.
8. A service isolated data transmission apparatus, comprising:
the generation module is used for determining the tenant to which the user belongs according to the service type required to be accessed by the user and the role of the user and generating an access request;
the tenant access control system comprises a request module, a first service unit and a second service unit, wherein the request module is used for sending an access request of a tenant to the first service unit, and service data are stored in the first service unit; the system is also used for returning the acquired service data to the user;
the judging module is used for judging whether the tenant has the acquisition permission on the service data of the first service unit, and if the user has the acquisition permission on the service data of the first service unit, judging whether the service data required by the access request is stored in the accessed first service unit; and
and the acquisition module acquires the requested service data from the first service unit if the requested service data is stored in the accessed first service unit, otherwise, accesses a second service unit which is in communication connection with the first service unit through the communication template, and acquires the service data to be requested from the second service unit.
9. A computer device comprising a memory having stored therein a computer program and a processor implementing the steps of the service isolated data transmission method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, realizes the steps of the service isolated data transmission method according to any one of claims 1 to 7.
CN202010037398.1A 2020-01-14 2020-01-14 Service isolation data transmission method and device, computer equipment and storage medium Pending CN111291045A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010037398.1A CN111291045A (en) 2020-01-14 2020-01-14 Service isolation data transmission method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010037398.1A CN111291045A (en) 2020-01-14 2020-01-14 Service isolation data transmission method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111291045A true CN111291045A (en) 2020-06-16

Family

ID=71021221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010037398.1A Pending CN111291045A (en) 2020-01-14 2020-01-14 Service isolation data transmission method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111291045A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865980A (en) * 2020-07-20 2020-10-30 北京百度网讯科技有限公司 Information processing method and device of information storage center
CN115103018A (en) * 2022-06-16 2022-09-23 珠海格力电器股份有限公司 Data transmission method, device, system, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865980A (en) * 2020-07-20 2020-10-30 北京百度网讯科技有限公司 Information processing method and device of information storage center
CN115103018A (en) * 2022-06-16 2022-09-23 珠海格力电器股份有限公司 Data transmission method, device, system, electronic equipment and storage medium
CN115103018B (en) * 2022-06-16 2024-04-05 珠海格力电器股份有限公司 Data transmission method, device and system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108737325B (en) Multi-tenant data isolation method, device and system
CN111427971B (en) Business modeling method, device, system and medium for computer system
CN112199442B (en) Method, device, computer equipment and storage medium for distributed batch downloading files
CN110569298A (en) data docking and visualization method and system
WO2021208762A1 (en) Data storage and query
CN112380227A (en) Data synchronization method, device and equipment based on message queue and storage medium
CN112182004B (en) Method, device, computer equipment and storage medium for checking data in real time
CN109639598A (en) Request processing method, server, storage medium and device based on micro services
CN107819886A (en) A kind of intelligent cloud platform library
CN112328486A (en) Interface automation test method and device, computer equipment and storage medium
CN111611249A (en) Data management method, device, equipment and storage medium
CN111752944A (en) Data allocation method and device, computer equipment and storage medium
CN111291045A (en) Service isolation data transmission method and device, computer equipment and storage medium
WO2022156087A1 (en) Data blood relationship establishing method and apparatus, computer device, and storage medium
CN112631884A (en) Pressure measurement method and device based on data synchronization, computer equipment and storage medium
CN113254106B (en) Task execution method and device based on Flink, computer equipment and storage medium
CN112256760B (en) Data prediction method and device, computer equipment and storage medium
CN114070847B (en) Method, device, equipment and storage medium for limiting current of server
KR20130089890A (en) Management system and method for knowledge information of industrial technology
CN110851853B (en) Data isolation method, device, computer equipment and storage medium
CN111045928B (en) Interface data testing method, device, terminal and storage medium
WO2024041056A1 (en) Storage location allocation method and apparatus, electronic device and computer readable medium
CN117094729A (en) Request processing method, device, computer equipment and storage medium
CN115640457A (en) Information management method, apparatus, device, medium, and program product
CN115543428A (en) Simulated data generation method and device based on strategy template

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination