技术领域Technical Field
本申请涉及通信领域,一种权限获取方法、设备和系统。The present application relates to the field of communications and is concerned with a permission acquisition method, device and system.
背景技术Background technique
网络管理协议提供一套网络设备管理的机制,用户可以使用这套机制通过客户端设备增加、修改、删除、获取服务端设备的配置和状态等数据信息。The network management protocol provides a mechanism for managing network devices. Users can use this mechanism to add, modify, delete, and obtain data information such as the configuration and status of server devices through client devices.
网络配置协议(Network Configuration Protocol,NETCONF)是互联网工程任务组(Internet Engineering Task Force,IETF)NETCONF工作组于2006年正式推出的全新的网络管理协议,在IETF请求意见稿(Request for comments,RFC)6241中做了定义。该协议提供一套网络设备的管理机制,网络管理系统可以使用这套机制查询、增加、修改、删除网络设备的配置,获取网络设备的配置和状态信息,该机制采用客户端、服务端模式进行网络设备配置管理,客户端设备向服务端设备发送请求报文,服务端设备接收接收请求报文,生成响应报文,并向客户端设备发送响应报文,客户端设备接收响应报文。The Network Configuration Protocol (NETCONF) is a new network management protocol officially launched by the NETCONF Working Group of the Internet Engineering Task Force (IETF) in 2006, and is defined in the IETF Request for comments (RFC) 6241. The protocol provides a set of network device management mechanisms, which can be used by the network management system to query, add, modify, and delete the configuration of network devices, and obtain the configuration and status information of network devices. The mechanism adopts the client and server mode to manage the configuration of network devices. The client device sends a request message to the server device, the server device receives the request message, generates a response message, and sends a response message to the client device, and the client device receives the response message.
同时,NETCONF协议定义了一套接入控制模型(NETCONF Access Control Model,NACM),用于定义操作层和内容层的访问控制机制。在定义的访问控制机制中,客户端设备与服务端设备建立会话,服务端设备基于使用该客户端设备的用户信息以及定义的NACM鉴权规则列表进行访问权限控制,当收到客户端的请求报文后,根据请求报文中的数据节点、操作确定该用户的权限,如果存在权限则执行请求的操作,如果不存在该权限则不执行该操作,该操作可以为查询、修改或删除等。服务端设备根据上述操作结果生成响应报文并将响应报文发送给客户端设备。上述的权限信息通常由超级管理员或权限管理员进行管理,普通用户不具备权限配置或查询的权限。At the same time, the NETCONF protocol defines a set of access control models (NETCONF Access Control Model, NACM) to define the access control mechanism of the operation layer and the content layer. In the defined access control mechanism, the client device establishes a session with the server device. The server device performs access permission control based on the user information of the client device and the defined NACM authentication rule list. After receiving the request message from the client, the user's permission is determined according to the data node and operation in the request message. If the permission exists, the requested operation is performed. If the permission does not exist, the operation is not performed. The operation can be query, modify or delete, etc. The server device generates a response message based on the above operation results and sends the response message to the client device. The above permission information is usually managed by the super administrator or permission administrator. Ordinary users do not have the permission to configure or query permissions.
在一些情况下,当用户通过客户端设备对服务端设备进行操作,对应的操作为读权限类操作如查询操作,服务端设备返回的响应报文中所含数据节点数据信息为空时,用户无法确切得知是因为没有权限还是因为没有数据导致,需要再次与超级管理员或权限管理员确认权限信息,导致网络管理复杂。In some cases, when a user operates a server device through a client device, and the corresponding operation is a read permission operation such as a query operation, and the data node data information contained in the response message returned by the server device is empty, the user cannot know for sure whether it is because of lack of permission or lack of data, and needs to confirm the permission information with the super administrator or permission administrator again, which makes network management complicated.
发明内容Summary of the invention
本申请提供了一种权限获取方法、设备和系统,用于明确在操作过程中,使用客户端设备的用户的操作权限,减少所述用户与权限管理员确认的权限信息的次数。The present application provides a permission acquisition method, device and system for clarifying the operation permissions of a user using a client device during an operation, thereby reducing the number of times the user confirms permission information with a permission administrator.
本申请实施例提供的技术方案如下:The technical solutions provided by the embodiments of this application are as follows:
第一方面,提供了一种权限获取方法,所述方法包括:In a first aspect, a method for obtaining permissions is provided, the method comprising:
客户端设备生成并向服务端设备发送请求报文,该请求报文中携带指示所述服务端设备所要做的操作,该操作针对的数据节点和权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示使用该客户端设备的用户对所述数据节点执行所述操作的权限信息;The client device generates and sends a request message to the server device, the request message carries an instruction on the operation to be performed by the server device, the data node targeted by the operation and permission request parameters, the permission request parameters are used to request permission results, and the permission results indicate permission information of the user using the client device to perform the operation on the data node;
所述客户端设备接收响应报文,所述响应报文携带所述权限结果。The client device receives a response message, where the response message carries the permission result.
这样,所述客户端设备能够及时向使用所述客户端设备的用户反馈该用户对要操作的数据节点的权限信息,减少所述用户与权限管理员确认的权限信息的次数,帮助降低网络管理复杂度。In this way, the client device can promptly feedback the user's permission information on the data node to be operated to the user using the client device, reducing the number of times the user confirms permission information with the permission administrator, and helping to reduce the complexity of network management.
在一种可能的方式中,所述操作可以为查询、修改或删除等操作,对应的权限信息为是否可以查询,是否可以修改或是否可以删除等。In a possible manner, the operation may be an operation such as query, modification or deletion, and the corresponding permission information is whether the operation can be queried, modified or deleted.
在一种可能的方式中,当所述操作为读操作时,所述操作进一步可为查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。In one possible manner, when the operation is a read operation, the operation may further be a query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full) operation, and this application does not make specific limitations.
这样,所述客户端设备发送请求报文后,在收到的所述服务端设备发送的响应报文中可同时获取到所述用户对所述数据节点执行所述操作的权限信息,减少管理复杂度,降低权限管理的难度。In this way, after the client device sends a request message, the permission information of the user to perform the operation on the data node can be obtained in the response message received from the server device, thereby reducing management complexity and lowering the difficulty of permission management.
在一种可能的方式中,在所述客户端设备发送所述请求报文之前,所述客户端设备向所述服务端设备发送能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。In a possible manner, before the client device sends the request message, the client device sends a capability notification message to the server device, where the capability notification message indicates that the client device has the capability to request a permission result.
在一种可能的方式中,在所述客户端设备发送所述请求报文之前,所述客户端设备接收所述服务端设备发送的能力通告消息,所述能力通告消息携带权限响应能力,所述权限响应能力指示所述服务端设备是否支持返回所述权限结果的能力。In one possible manner, before the client device sends the request message, the client device receives a capability notification message sent by the server device, the capability notification message carries a permission response capability, and the permission response capability indicates whether the server device supports the ability to return the permission result.
这样,在客户端设备在确认服务端设备具有权限响应能力之后,再发送请求报文,可以避免客户端设备盲目地发送携带权限请求参数的请求报文导致请求失败。In this way, after the client device confirms that the server device has the permission response capability, it sends the request message, which can avoid the client device blindly sending the request message carrying the permission request parameter and causing the request failure.
在一种可能的方式中,所述请求报文为表现层状态转换配置协议RESTCONF的请求报文或网络配置协议NETCONF的请求报文,支持在多种管理协议下使用本方法。In a possible manner, the request message is a request message of the presentation layer state transfer configuration protocol RESTCONF or a request message of the network configuration protocol NETCONF, and the method can be used under multiple management protocols.
在一种可能的方式中,权限请求参数包含在所述请求报文的统一资源标识符或可扩展标记语言中。In a possible manner, the permission request parameter is included in a uniform resource identifier or an extensible markup language of the request message.
基于上述可能的方式,在延用已有NETCONF或RESTCONF协商、通信、鉴权的基础上,通过在NETCONF或RESTCONF中支持在请求报文中携带权限请求参数,可以复用网络管理协议的已有机制,不必重新定义一套机制,减少方案复杂度。Based on the above possible methods, while continuing to use the existing NETCONF or RESTCONF negotiation, communication, and authentication, by supporting the carrying of permission request parameters in request messages in NETCONF or RESTCONF, the existing mechanisms of the network management protocol can be reused without having to redefine a set of mechanisms, thereby reducing the complexity of the solution.
第二方面,提供了一种权限获取方法,所述方法包括:In a second aspect, a method for obtaining permissions is provided, the method comprising:
服务端设备接收客户端设备发送的请求报文,所述请求报文中携带指示所述服务端设备所要做的操作,所述操作针对的数据节点,以及权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示所述用户对所述数据节点执行所述操作的权限信息;The server device receives a request message sent by the client device, wherein the request message carries an instruction on the operation to be performed by the server device, a data node targeted by the operation, and a permission request parameter, wherein the permission request parameter is used to request a permission result, and the permission result indicates permission information of the user to perform the operation on the data node;
所述服务端设备生成响应报文,所述响应报文中携带所述权限结果;The server device generates a response message, wherein the response message carries the permission result;
所述服务端设备向所述客户端设备发送响应报文,所述响应报文中携带所述权限结果。The server device sends a response message to the client device, wherein the response message carries the permission result.
这样,所述服务端设备能够及时向使用所述客户端设备的用户反馈该用户对要操作的数据节点的权限信息,帮助降低网络管理复杂度。In this way, the server device can timely feed back to the user of the client device the authority information of the user on the data node to be operated, thereby helping to reduce the complexity of network management.
在一种可能的方式中,所述操作为对应的操作可以为查询、修改或删除等操作,对应的权限信息为是否可以查询,是否可以修改或是否可以删除等。In a possible manner, the operation corresponding to the operation may be an operation such as query, modification or deletion, and the corresponding permission information is whether it can be queried, modified or deleted.
在一种可能的方式中,所述操作进一步为读操作时,可为查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。In one possible manner, when the operation is further a read operation, it may be a query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full) and the like, and this application does not make any specific limitation.
在一种可能的方式中,在所述服务端设备接收所述请求报文之前,所述服务端设备接收所述客户端设备发送的能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。In a possible manner, before the server device receives the request message, the server device receives a capability notification message sent by the client device, where the capability notification message indicates that the client device has the capability to request a permission result.
在一种可能的方式中,在所述服务端设备接收所述请求报文之前,所述服务端设备向所述客户端设备发送能力通告消息,所述能力通告消息携带权限响应能力,所述权限响应能力指示所述服务端设备是否支持返回所述权限结果的能力。In one possible manner, before the server device receives the request message, the server device sends a capability notification message to the client device, the capability notification message carries a permission response capability, and the permission response capability indicates whether the server device supports the ability to return the permission result.
这样,在客户端设备在确认服务端设备具有权限响应能力之后,再发送请求报文,可以避免客户端设备盲目地发送携带权限请求参数的请求报文导致请求失败。In this way, after the client device confirms that the server device has the permission response capability, it sends the request message, which can avoid the client device blindly sending the request message carrying the permission request parameter and causing the request to fail.
在一种可能的方式中,所述请求报文为表现层状态转换配置协议RESTCONF的请求报文或网络配置协议NETCONF的请求报文,支持在多种管理协议下使用本方法。In a possible manner, the request message is a request message of the presentation layer state transfer configuration protocol RESTCONF or a request message of the network configuration protocol NETCONF, and the method can be used under multiple management protocols.
在一种可能的方式中,权限请求参数包含在所述请求报文的统一资源标识符或可扩展标记语言中。In a possible manner, the permission request parameter is included in a uniform resource identifier or an extensible markup language of the request message.
基于上述可能的方式,在延用已有NETCONF或RESTCONF协商、通信、鉴权的基础上,通过在NETCONF或RESTCONF中支持在请求报文中携带权限请求参数,可以复用已有机制,不必重新定义一套机制,减少方案难度。同时使得所述客户端设备发送请求报文后,在收到的所述服务端设备发送的响应报文中可同时获取到所述用户对所述数据节点执行所述操作的权限信息,减少管理复杂度,降低权限管理的难度。Based on the above possible methods, on the basis of continuing to use the existing NETCONF or RESTCONF negotiation, communication, and authentication, by supporting the carrying of permission request parameters in the request message in NETCONF or RESTCONF, the existing mechanism can be reused without having to redefine a set of mechanisms, thereby reducing the difficulty of the solution. At the same time, after the client device sends a request message, the permission information of the user to perform the operation on the data node can be obtained in the response message received from the server device, thereby reducing management complexity and reducing the difficulty of permission management.
第三方面,提供了一种客户端设备,包括:In a third aspect, a client device is provided, including:
存储器,Memory,
与所述存储器相连的处理器,所述处理器用于执行所述存储器中的计算机可读指令使得所述客户端设备执行以下操作:A processor connected to the memory, the processor being configured to execute computer-readable instructions in the memory so that the client device performs the following operations:
生成并向服务端设备发送请求报文,所述请求报文携带指示所述服务端设备所要做的操作,所述操作针对的数据节点和权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示使用所述客户端设备的用户对所述数据节点执行所述操作的权限信息;Generate and send a request message to a server device, the request message carrying an instruction on the operation to be performed by the server device, the data node targeted by the operation and a permission request parameter, the permission request parameter is used to request a permission result, and the permission result indicates permission information of a user using the client device to perform the operation on the data node;
接收所述服务端设备发送的响应报文,所述响应报文携带所述权限结果。A response message sent by the server device is received, wherein the response message carries the permission result.
这样,所述客户端设备能够及时向使用所述客户端设备的用户反馈该用户对要操作的数据节点的权限信息,帮助降低网络管理复杂度。In this way, the client device can timely feed back to the user using the client device the authority information of the user on the data node to be operated, thereby helping to reduce the complexity of network management.
在一种可能的方式中,所述操作可以为查询、修改或删除等操作,对应的权限信息为是否可以查询,是否可以修改,是否可以删除等。In a possible manner, the operation may be an operation such as query, modification or deletion, and the corresponding permission information includes whether the operation can be queried, modified or deleted.
在一种可能的方式中,所述操作进一步为读操作时,可为查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。In one possible manner, when the operation is further a read operation, it may be a query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full) and the like, and this application does not make any specific limitation.
在一种可能的方式中,在所述客户端设备发送所述请求报文之前,所述处理器用于执行所述存储器中的计算机可读指令使得所述客户端设备执行以下操作:In a possible manner, before the client device sends the request message, the processor is used to execute the computer-readable instructions in the memory so that the client device performs the following operations:
所述客户端设备向所述服务端设备发送能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。The client device sends a capability notification message to the server device, where the capability notification message indicates that the client device has the capability to request a permission result.
在一种可能的方式中,在所述客户端设备发送所述请求报文之前,所述处理器还用于执行所述存储器中的计算机可读指令使得所述客户端设备执行以下操作:接收所述服务端设备发送的能力通告消息,所述能力通告消息携带权限响应能力,所述权限响应能力指示所述服务端设备是否支持返回所述权限结果的能力。In one possible embodiment, before the client device sends the request message, the processor is also used to execute computer-readable instructions in the memory so that the client device performs the following operations: receiving a capability notification message sent by the server device, the capability notification message carrying a permission response capability, and the permission response capability indicating whether the server device supports the ability to return the permission result.
在一种可能的方式中,所述请求报文为表现层状态转换配置协议RESTCONF的请求报文或网络配置协议NETCONF的请求报文,支持在多种管理协议下使用本方法。In a possible manner, the request message is a request message of the presentation layer state transfer configuration protocol RESTCONF or a request message of the network configuration protocol NETCONF, and the method can be used under multiple management protocols.
在一种可能的方式中,权限请求参数包含在所述请求报文的统一资源标识符或可扩展标记语言中。In a possible manner, the permission request parameter is included in a uniform resource identifier or an extensible markup language of the request message.
基于上述可能的方式,在延用已有NETCONF或RESTCONF协商、通信、鉴权的基础上,通过在NETCONF或RESTCONF中支持在请求报文中携带权限请求参数,可以复用已有机制,不必重新定义一套机制,减少方案难度。同时使得所述客户端设备发送请求报文后,在收到的所述服务端设备发送的响应报文中可同时获取到所述用户对所述数据节点执行所述操作的权限信息,减少管理复杂度,降低权限管理的难度。Based on the above possible methods, on the basis of continuing to use the existing NETCONF or RESTCONF negotiation, communication, and authentication, by supporting the carrying of permission request parameters in the request message in NETCONF or RESTCONF, the existing mechanism can be reused without having to redefine a set of mechanisms, thereby reducing the difficulty of the solution. At the same time, after the client device sends a request message, the permission information of the user to perform the operation on the data node can be obtained in the response message received from the server device, thereby reducing management complexity and reducing the difficulty of permission management.
第四方面,提供了一种客户端设备,所述客户端设备具有实现上述第一方面或第一方面任一种可选方式中客户端设备的功能。该装置包括至少一个模块,所述至少一个模块用于实现上述第一方面或第一方面任一种可选方式所提供的权限获取方法。In a fourth aspect, a client device is provided, wherein the client device has the function of implementing the client device in the first aspect or any optional manner of the first aspect. The device includes at least one module, and the at least one module is used to implement the permission acquisition method provided by the first aspect or any optional manner of the first aspect.
第五方面,提供了一种服务端设备,包括:In a fifth aspect, a server device is provided, including:
存储器,Memory,
与存储器相连的处理器,处理器用于执行存储器中的计算机可读指令使得所述服务端设备执行以下操作:A processor connected to the memory, the processor is used to execute computer-readable instructions in the memory so that the server device performs the following operations:
接收客户端设备发送的请求报文,所述请求报文中携带指示所述服务端设备所要做的操作,所述操作针对的数据节点,以及权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示所述用户对所述数据节点执行所述操作的权限信息;Receive a request message sent by a client device, wherein the request message carries an instruction indicating an operation to be performed by the server device, a data node targeted by the operation, and a permission request parameter, wherein the permission request parameter is used to request a permission result, and the permission result indicates permission information of the user to perform the operation on the data node;
生成响应报文,所述响应报文中携带所述权限结果;Generate a response message, wherein the response message carries the permission result;
向所述客户端设备发送响应报文,所述响应报文中携带所述权限结果。A response message is sent to the client device, wherein the response message carries the permission result.
这样,所述服务端设备能够及时向使用所述客户端设备的用户反馈该用户对要操作的数据节点的权限信息,帮助降低网络管理复杂度。In this way, the server device can timely feed back to the user of the client device the authority information of the user on the data node to be operated, thereby helping to reduce the complexity of network management.
在一种可能的方式中,所述操作为对应的操作可以为查询、修改或删除等操作,对应的权限信息为是否可以查询,是否可以修改,是否可以删除等。In a possible manner, the operation corresponding to the operation may be an operation such as query, modification or deletion, and the corresponding permission information is whether it can be queried, modified, deleted, etc.
在一种可能的方式中,所述操作进一步为读操作,可为查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。In one possible manner, the operation is further a read operation, which may be a query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full) and the like, and this application does not make any specific limitation.
在一种可能的方式中,在所述服务端设备接收所述请求报文之前,所述处理器用于执行所述存储器中的计算机可读指令使得所述服务端设备执行以下操作:In a possible manner, before the server device receives the request message, the processor is used to execute the computer-readable instructions in the memory so that the server device performs the following operations:
向所述客户端设备发送能力通告消息,所述能力通告消息携带权限响应能力,所述权限响应能力指示所述服务端设备是否支持返回所述权限结果的能力。A capability notification message is sent to the client device, where the capability notification message carries a permission response capability, and the permission response capability indicates whether the server device supports a capability of returning the permission result.
在一种可能的方式中,在所述服务端设备接收所述请求报文之前,所述处理器还用于执行所述存储器中的计算机可读指令使得所述服务端设备执行以下操作:接收所述客户端设备发送的能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。In one possible embodiment, before the server device receives the request message, the processor is also used to execute computer-readable instructions in the memory so that the server device performs the following operations: receiving a capability notification message sent by the client device, wherein the capability notification message indicates that the client device has the ability to request a permission result.
在一种可能的方式中,所述请求报文为表现层状态转换配置协议RESTCONF的请求报文或网络配置协议NETCONF的请求报文,支持在多种管理协议下使用本方法。In a possible manner, the request message is a request message of the presentation layer state transfer configuration protocol RESTCONF or a request message of the network configuration protocol NETCONF, and the method can be used under multiple management protocols.
在一种可能的方式中,权限请求参数包含在所述请求报文的统一资源标识符或可扩展标记语言中。In a possible manner, the permission request parameter is included in a uniform resource identifier or an extensible markup language of the request message.
基于上述可能的方式,在延用已有NETCONF或RESTCONF协商、通信、鉴权的基础上,通过在NETCONF或RESTCONF中支持在请求报文中携带权限请求参数,可以复用已有机制,不必重新定义一套机制,减少方案难度。同时使得所述客户端设备发送请求报文后,在收到的所述服务端设备发送的响应报文中可同时获取到所述用户对所述数据节点执行所述操作的权限信息,减少管理复杂度,降低权限管理的难度。Based on the above possible methods, on the basis of continuing to use the existing NETCONF or RESTCONF negotiation, communication, and authentication, by supporting the carrying of permission request parameters in the request message in NETCONF or RESTCONF, the existing mechanism can be reused without having to redefine a set of mechanisms, thereby reducing the difficulty of the solution. At the same time, after the client device sends a request message, the permission information of the user to perform the operation on the data node can be obtained in the response message received from the server device, thereby reducing management complexity and reducing the difficulty of permission management.
第六方面,提供了一种服务端设备,所述服务端设备具有实现上述第二方面或第二方面任一种可选方式中服务端设备的功能。该装置包括至少一个模块,所述至少一个模块用于实现上述第二方面或第二方面任一种可选方式所提供的权限获取方法。In a sixth aspect, a server device is provided, wherein the server device has the function of implementing the server device in the second aspect or any optional method of the second aspect. The device includes at least one module, and the at least one module is used to implement the permission acquisition method provided by the second aspect or any optional method of the second aspect.
第七方面,提供了一种通信系统,该通信系统包括客户端设备以及服务端设备,所述客户端设备执行上述第一方面或第一方面任一种可选方式所述的方法,所述服务端设备用于执行上述第二方面或第二方面任一种可选方式所述的方法。In the seventh aspect, a communication system is provided, which includes a client device and a server device, wherein the client device executes the method described in the first aspect or any optional method of the first aspect, and the server device is used to execute the method described in the second aspect or any optional method of the second aspect.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本申请实施例提供的通信系统的示意图;FIG1 is a schematic diagram of a communication system provided in an embodiment of the present application;
图2为本申请实施例提供的一种权限获取方法的流程图;FIG2 is a flow chart of a method for obtaining permissions provided in an embodiment of the present application;
图3为本申请实施例提供的一种通信方法的流程图;FIG3 is a flow chart of a communication method provided in an embodiment of the present application;
图4为本申请实施例提供的一种请求报文的格式示意图;FIG4 is a schematic diagram of a format of a request message provided in an embodiment of the present application;
图5为本申请实施例提供的一种请求报文的格式示意图;FIG5 is a schematic diagram of a format of a request message provided in an embodiment of the present application;
图6为本申请实施例提供的一种响应报文的格式示意图;FIG6 is a schematic diagram of a format of a response message provided in an embodiment of the present application;
图7为本申请实施例提供的一种客户端设备的示意图;FIG7 is a schematic diagram of a client device provided in an embodiment of the present application;
图8为本申请实施例提供的一种客户端设备的示意图;FIG8 is a schematic diagram of a client device provided in an embodiment of the present application;
图9为本申请实施例提供的一种服务端设备的示意图;FIG9 is a schematic diagram of a server device provided in an embodiment of the present application;
图10为本申请实施例提供的一种服务端设备的示意图。FIG. 10 is a schematic diagram of a server device provided in an embodiment of the present application.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions and advantages of the present application more clear, the implementation methods of the present application will be further described in detail below with reference to the accompanying drawings.
以下对本申请涉及的术语进行解释:The following is an explanation of the terms involved in this application:
NETCONF:NETCONF协议是互联网工程任务组IETF NETCONF工作组于2006年正式推出的全新的网络配置协议,在IETF请求意见稿(Request for comments)RFC6241中做了定义。该协议提供一套网络设备的管理机制,网络管理系统可以使用这套机制查询、增加、修改或删除网络设备的配置,获取网络设备的配置和状态信息。NETCONF: NETCONF is a new network configuration protocol officially launched by the Internet Engineering Task Force (IETF) NETCONF Working Group in 2006. It is defined in the IETF Request for Comments (RFC6241). The protocol provides a set of network device management mechanisms, which can be used by the network management system to query, add, modify or delete the configuration of network devices and obtain the configuration and status information of network devices.
YANG(Yet Another Next Generation):YANG是NETCONF的数据建模语言,由NETMOD工作组提出并发布在IETF RFC6020。YANG (Yet Another Next Generation): YANG is the data modeling language of NETCONF, proposed by the NETMOD working group and published in IETF RFC6020.
REST表现层状态转换(Representational State Transfer):一种万维网软件架构风格,目的是便于不同软件/程序在网络(如互联网)中互相传递信息。是基于超文本传输协议HTTP之上而确定的一组约束和属性,是一种设计提供万维网络服务的软件构建风格。匹配或兼容于这种架构风格(简称为REST或RESTFUL)的网络服务,允许客户端发出以统一资源标识符URI访问和操作网络资源的请求,而与预先定义好的无状态操作集一致化。REST Representational State Transfer: A software architecture style for the World Wide Web, which aims to facilitate information transfer between different software/programs in a network (such as the Internet). It is a set of constraints and properties based on the Hypertext Transfer Protocol HTTP, and is a software construction style designed to provide World Wide Web services. Network services that match or are compatible with this architectural style (abbreviated as REST or RESTFUL) allow clients to issue requests to access and operate network resources using a uniform resource identifier URI, consistent with a pre-defined set of stateless operations.
RESTCONF表现层状态转换配置协议:RESTCONF是一种满足RESTFUL架构风格的协议,在RFC8040中做了定义。该协议基于HTTP承载,可访问YANG中定义的数据,以及使用NETCONF中定义的数据存储Datastore。通过HTTP的操作来编辑、查询YANG模型定义的数据,POST操作还可以用来执行YANG模型定义的远程过程调用RPC方法。RESTCONF presentation layer state transfer configuration protocol: RESTCONF is a protocol that meets the RESTFUL architectural style and is defined in RFC8040. This protocol is based on HTTP bearer and can access data defined in YANG and use the data store defined in NETCONF. The data defined in the YANG model can be edited and queried through HTTP operations. The POST operation can also be used to execute the remote procedure call RPC method defined in the YANG model.
以下,示例性介绍本申请的系统架构。The following is an exemplary introduction to the system architecture of the present application.
参见图1,该图为本申请实施例提供的一种通信系统的架构图。Refer to Figure 1, which is an architecture diagram of a communication system provided in an embodiment of the present application.
本申请实施例提供的通信系统可以包括客户端设备10和服务端设备11,客户端设备10和服务端设备11通信。The communication system provided in the embodiment of the present application may include a client device 10 and a server device 11, and the client device 10 and the server device 11 communicate with each other.
其中,客户端设备10是指部署了RESTCONF或NETCONF协议客户端的设备,例如可以是手机、个人计算机(personal computer,PC),平板电脑(tablet personal computer,Tablet PC)、笔记本电脑、超级移动个人计算机、个人数字助理、服务器设备。The client device 10 refers to a device that has a RESTCONF or NETCONF protocol client deployed, such as a mobile phone, a personal computer (PC), a tablet personal computer (Tablet PC), a laptop computer, a super mobile personal computer, a personal digital assistant, or a server device.
服务端设备11是指部署了支持RESTCONF或NETCONF协议服务端的设备,该服务端设备可以为互联网协议(internet protocol,IP)网络设备、波分复用(wavelengthdivision multiplexing,WDM)网络设备、光传送网(optical transport network,OTN)网络设备等类型的网络设备,也可以是服务器等设备,本申请实施例不做具体限定。服务端设备11的存储单元中保存有服务端设备的配置数据和状态数据,客户端设备10可以通过发起请求报文的方法对服务端设备11中保存的数据进行操作,操作可以是查询、修改或删除等操作。The server device 11 refers to a device that is deployed with a server supporting the RESTCONF or NETCONF protocol. The server device can be an Internet Protocol (IP) network device, a wavelength division multiplexing (WDM) network device, an optical transport network (OTN) network device, or a server or other device, which is not specifically limited in the embodiments of the present application. The storage unit of the server device 11 stores the configuration data and status data of the server device. The client device 10 can operate the data stored in the server device 11 by initiating a request message. The operation can be query, modify or delete operations.
在现有的实现方案中,当客户端设备与服务端设备建立连接前,先进行用户认证,当使用客户端设备的用户认证通过,客户端设备与服务端设备建立连接后,在连接的信息比如session中包括用户信息,使得在客户端设备与服务端设备在该连接断开前的所有交互都带有用户信息。当客户端设备10向服务端设备发送的请求报文为读操作类请求报文时,可能包含多个操作对象,即为对多个数据节点请求读操作。当使用客户端访问的用户对某个数据节点没有对应的操作权限时,则服务器端返回的响应报文中,对应数据节点部分的信息为空;与用户对该数据节点具备读操作权限,但是该服务端设备对应数据节点为数据信息时返回的信息一致,导致用户无法判断自己是因为没有权限还是服务器端没有对应数据而导致的对应数据节点信息为空。需要用户再次与拥有权限管理的管理员进行确认,导致网络管理复杂。In the existing implementation scheme, before the client device establishes a connection with the server device, user authentication is performed first. When the user authentication of the client device is passed, after the client device and the server device establish a connection, the user information is included in the connection information such as session, so that all interactions between the client device and the server device before the connection is disconnected carry user information. When the request message sent by the client device 10 to the server device is a read operation request message, it may contain multiple operation objects, that is, requesting read operations on multiple data nodes. When the user who uses the client to access does not have the corresponding operation authority for a certain data node, the information of the corresponding data node part in the response message returned by the server is empty; it is consistent with the information returned when the user has the read operation authority for the data node, but the corresponding data node of the server device is data information, resulting in the user being unable to judge whether the corresponding data node information is empty because he has no authority or the server does not have the corresponding data. The user needs to confirm again with the administrator who has authority management, which makes network management complicated.
图1所示的通信系统通过应用下述图2实施例提供的方法,此处仅做简要描述。The communication system shown in FIG. 1 applies the method provided by the embodiment of FIG. 2 described below, which is only briefly described here.
图1所示的客户端设备10生成并向服务端设备11发送请求报文,该请求报文中携带指示服务端设备11所要做的操作,该操作对应的数据节点以及权限请求参数。服务端设备11在接收到请求报文后,分析该请求报文,根据使用该客户端的用户信息、数据节点以及操作信息进行鉴权,根据鉴权结果判断是否执行操作,生成并发送响应报文,响应报文中携带有指示该用户是否对所请求数据节点具备执行对应操作的权限信息。The client device 10 shown in FIG1 generates and sends a request message to the server device 11, which carries the operation to be performed by the server device 11, the data node corresponding to the operation, and the permission request parameter. After receiving the request message, the server device 11 analyzes the request message, performs authentication based on the user information, data node, and operation information of the client, determines whether to perform the operation based on the authentication result, and generates and sends a response message, which carries information indicating whether the user has the authority to perform the corresponding operation on the requested data node.
以下,示例性介绍本申请的方法流程。参见图2,该图为本申请实施例提供的权限获取方法的流程图。如图2所示,该方法的交互主要包括客户端设备和服务端设备,客户端设备和服务端设备之间可以互相访问,客户端设备可以是图1所示的系统架构中的客户端10,服务端设备可以是图1所示的系统架构中的服务端11,该方法可以包括如下步骤:The following is an exemplary introduction to the method flow of the present application. See Figure 2, which is a flow chart of the permission acquisition method provided by an embodiment of the present application. As shown in Figure 2, the interaction of the method mainly includes a client device and a server device. The client device and the server device can access each other. The client device can be the client 10 in the system architecture shown in Figure 1, and the server device can be the server 11 in the system architecture shown in Figure 1. The method can include the following steps:
S201:客户端设备向服务端设备发送请求报文。S201: The client device sends a request message to the server device.
在本申请实施例中,客户端设备向服务端设备发送请求报文,请求报文中携带请求的操作,操作针对的数据节点以及权限请求参数。权限请求参数例如可以是“access-permit”或其他自定义的参数,本申请不做限定,权限请求参数例如可以定义在RFC ietf-netconf-acm YANG文件中,定义参数的方法可参考RFC 6241定义的方法,以及RFC6243的示例,本申请不再赘述。In an embodiment of the present application, a client device sends a request message to a server device, and the request message carries the requested operation, the data node targeted by the operation, and permission request parameters. The permission request parameters may be, for example, "access-permit" or other custom parameters, which are not limited in this application. The permission request parameters may be defined in the RFC ietf-netconf-acm YANG file, and the method for defining the parameters may refer to the method defined in RFC 6241 and the example in RFC6243, which will not be described in detail in this application.
可选的,请求的操作为查询(get)、修改(update)或删除(delete)等操作,本申请不做具体限定。Optionally, the requested operation is query (get), modification (update) or deletion (delete) and the present application does not make any specific limitation.
可选的,当请求的操作为读操作时,所述读操作可以包括查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。Optionally, when the requested operation is a read operation, the read operation may include operations such as query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full), which is not specifically limited in this application.
可选的,在客户端设备向服务端设备发送请求报文之前,为了支持对应的能力,客户端和服务端建立会话时需要通告自己支持的能力。如图3所示,NETCONF会话一旦建立,客户端和服务端向对端发送本端的hello消息,通告自己支持的能力。在交换过Hello消息后,客户端向服务端发送RPC请求报文,服务端为每个RPC请求报文回应RPC-reply响应报文。Optionally, before the client device sends a request message to the server device, in order to support the corresponding capabilities, the client and server need to announce the capabilities they support when establishing a session. As shown in Figure 3, once the NETCONF session is established, the client and server send their own hello messages to the other end to announce the capabilities they support. After exchanging Hello messages, the client sends an RPC request message to the server, and the server responds to each RPC request message with an RPC-reply response message.
在一个示例中,客户端设备向服务端设备发送的能力通告的hello消息中携带权限响应能力,所述权限响应能力可以是“access-permit”或其他自定义的能力,本申请不做具体限定。In one example, the hello message of the capability notification sent by the client device to the server device carries the permission response capability, and the permission response capability can be "access-permit" or other customized capabilities, which is not specifically limited in this application.
在一个示例中,服务端设备发送给客户端设备的能力通告的hello消息中携带权限响应能力,所述权限响应能力可以是“access-permit”或其他自定义的能力,本申请不做具体限定。In one example, the hello message of the capability notification sent by the server device to the client device carries the permission response capability, and the permission response capability can be "access-permit" or other customized capabilities, which is not specifically limited in this application.
可选的,所述请求报文为支持RESTCONF协议的请求报文,参见图4,该图为Restconf协议请求报文的格式示意图。在该图中,请求报文中可以包括操作方法(method)、URI、HTTP协议版本(version number)、头部字段名(header-name)和可选的请求消息体(optional request body)等。其中,操作方法定义了对服务端设备的数据进行的操作的类型,操作类型例如包括查询(get)、创建(post)、更新(put)、更改(patch)或删除(delete)等操作,本申请不做具体限定。Optionally, the request message is a request message supporting the RESTCONF protocol, see Figure 4, which is a format diagram of the Restconf protocol request message. In this figure, the request message may include an operation method (method), URI, HTTP protocol version (version number), header field name (header-name) and an optional request message body (optional request body), etc. Among them, the operation method defines the type of operation performed on the data of the server device, and the operation type includes, for example, query (get), create (post), update (put), change (patch) or delete (delete) operations, which are not specifically limited in this application.
可选的,在RESTCONF协议的请求报文中,所述权限请求参数包含在URI中,在一个示例中,URI可以为“http://192.168.12.100:80/restconf/data/huawei-system:system/systeminfo?access-permit”。其中,192.168.12.100是服务器的IP地址,80为服务器的端口号,restconf/data代表请求的是restconf协议的数据,huawei-system:system/systeminfo代表数据节点access-permit代表权限请求参数。Optionally, in a RESTCONF protocol request message, the permission request parameter is included in a URI. In an example, the URI may be "http://192.168.12.100:80/restconf/data/huawei-system:system/systeminfo?access-permit". 192.168.12.100 is the IP address of the server, 80 is the port number of the server, restconf/data indicates that the request is for data of the restconf protocol, huawei-system:system/systeminfo indicates a data node, and access-permit indicates a permission request parameter.
可选的,所述请求报文为NETCONF协议的请求报文。Optionally, the request message is a request message of the NETCONF protocol.
在一个示例中,参见图5,该图为NETCONF请求报文的示例。在该图中,请求报文中的协议操作层的操作类型例如包括查询(get),查询配置(get-config),全量同步(sync-full)或增量同步(sync-increment)等等操作,本申请不做具体限定。请求报文中的管理对象层,指明了所做操作的数据节点,请求报文中可以包含一个或多个数据节点,本申请不做具体限定。In one example, see Figure 5, which is an example of a NETCONF request message. In this figure, the operation types of the protocol operation layer in the request message include, for example, query (get), query configuration (get-config), full synchronization (sync-full) or incremental synchronization (sync-increment) and other operations, which are not specifically limited in this application. The management object layer in the request message specifies the data node on which the operation is performed. The request message may contain one or more data nodes, which are not specifically limited in this application.
可选的,NETCONF请求报文的可扩展标记语言中携带权限请求参数。Optionally, the extensible markup language of the NETCONF request message carries the permission request parameter.
如图5所示的示例中,所述NETCONF请求报文的可扩展标记语言XML包括如下部分:In the example shown in FIG. 5 , the extensible markup language XML of the NETCONF request message includes the following parts:
<access-permit xmlns=“urn:ietf:params:xml:ns:yang:ietf-netconf-acm”></access-permit>,其中,access-permit是权限请求参数,表明需要获取对应操作对象的权限结果。<access-permit xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"></access-permit>, where access-permit is a permission request parameter, indicating that the permission result of the corresponding operation object needs to be obtained.
S202:服务端设备接收该请求报文。S202: The server device receives the request message.
接收到请求报文后,服务端设备需要分析该请求报文所要求的操作以及操作针对的数据节点,以及是否存在权限请求参数,服务端设备可根据请求报文中的这些参数执行请求报文要求的操作,如:对使用该客户端的用户进行鉴权,判断该用户是否具备对数据节点执行该操作的权限,所述数据节点可以是一个或多个数据节点,本申请不做具体限定,根据鉴权结果判断是否需要对数据节点执行对应的操作,根据权限请求参数判断返回的响应报文中是否需要携带权限结果信息。After receiving the request message, the server device needs to analyze the operation required by the request message and the data node targeted by the operation, as well as whether there are permission request parameters. The server device can perform the operation required by the request message based on these parameters in the request message, such as: authenticating the user using the client to determine whether the user has the authority to perform the operation on the data node. The data node can be one or more data nodes, which is not specifically limited in this application. It is determined whether the corresponding operation needs to be performed on the data node based on the authentication result, and whether the returned response message needs to carry permission result information based on the permission request parameters.
在一个示例中,如图5所示的一个NETCONF请求报文所示,所述请求报文中的操作为查询(get),对应操作的数据节点为groups,且该请求报文中携带了权限请求参数,在本示例中,该权限请求参数为“access-permit”,则服务端设备需要执行,如:对使用该客户端的用户进行鉴权,判断该用户是否具备对数据节点groups执行查询操作的权限,根据鉴权结果判断是否对数据节点groups执行查询操作。如果用户对groups数据节点具备查询操作权限,则对数据节点groups执行查询操作,如果用户对groups不具备查询权限操作权限,则不对数据节点groups执行查询操作,因为请求报文携带权限请求参数,则判断返回的响应报文中需要携带权限结果,即鉴权结果信息。In one example, as shown in a NETCONF request message shown in FIG5 , the operation in the request message is query (get), the corresponding data node is groups, and the request message carries a permission request parameter. In this example, the permission request parameter is "access-permit", then the server device needs to perform, such as: authenticating the user using the client, determining whether the user has the permission to perform query operations on the data node groups, and determining whether to perform query operations on the data node groups based on the authentication result. If the user has the query operation permission for the groups data node, the query operation is performed on the data node groups. If the user does not have the query permission operation permission for groups, the query operation is not performed on the data node groups. Because the request message carries the permission request parameter, it is determined that the returned response message needs to carry the permission result, that is, the authentication result information.
举例来说,可以为通用数据节点定义一种权限结果属性,表明该用户对节点是否具有权限。对应权限结果属性可以例如为access-permit或其他任意定义的属性,本申请不做具体限定。该属性的值可以为True或False,也可以为1或0,如当属性值为true或1时,表示用户对该节点存在权限,如果标识值为false或0时,表示用户对该节点不存在权限,也可以为其他任何表达是否有权限的值,本申请不做具体限定。对应属性的定义方法可参考RFC6020,本申请不再赘述。For example, a permission result attribute can be defined for a general data node to indicate whether the user has permission to the node. The corresponding permission result attribute can be, for example, access-permit or other arbitrarily defined attributes, which are not specifically limited in this application. The value of this attribute can be True or False, or 1 or 0. For example, when the attribute value is true or 1, it indicates that the user has permission to the node. If the identification value is false or 0, it indicates that the user does not have permission to the node. It can also be any other value that expresses whether the user has permission. This application does not make specific limitations. The definition method of the corresponding attribute can refer to RFC6020, which will not be repeated in this application.
在一个示例中,NETCONF响应报文包含如下权限结果示例:In an example, the NETCONF response message contains the following permission result example:
<vm access-permit=”true”></vm><vm access-permit="true"></vm>
表明用户对该vm数据节点存在读权限,<vmInput2access-permit=“false”></vmInput2>,则表明用户对该vmInput2数据节点不存在读权限。It indicates that the user has read permission for the vm data node. <vmInput2access-permit="false"></vmInput2> indicates that the user does not have read permission for the vmInput2 data node.
S203:服务端设备生成响应报文,响应报文中携带权限结果。S203: The server device generates a response message, which carries the permission result.
参见图6所示的一个示例中,该图为RESTCONF响应报文的格式示意图,在该图中,响应报文包括HTTP协议版本(version number)、状态码(status code)、消息(message)、头部字段名(header-name)和可选的响应消息体(optional response body)等。其中,权限结果可以携带在响应报文的可选的响应消息体中。Referring to an example shown in FIG. 6 , the figure is a schematic diagram of the format of a RESTCONF response message, in which the response message includes an HTTP protocol version (version number), a status code (status code), a message (message), a header field name (header-name) and an optional response message body (optional response body), etc. Among them, the permission result can be carried in the optional response message body of the response message.
可选的,服务端设备发送的响应报文中还可以携带操作结果数据。Optionally, the response message sent by the server device may also carry operation result data.
可选的,服务端设备在收到请求报文后,可以先判断自身支持的能力中是否有包含请求报文中的权限响应能力,如果是,则认为服务端设备中有对应的权限响应能力,如果存在,则响应报文中需要携带权限结果。Optionally, after receiving the request message, the server device can first determine whether the capabilities it supports include the permission response capabilities in the request message. If so, it is considered that the server device has the corresponding permission response capability. If so, the response message needs to carry the permission result.
可选的,服务端设备为了支持权限响应能力,即对对应数据节点执行对应操作后返回对应权限结果的能力,需要预先定义相应的能力(capability)。所谓能力是一种可选的NETCONF协议或RESTCONF协议特性,由支持该特性的服务端设备展现,每个能力都有一个URI进行标识。关于能力介绍和定义的相关内容可以参见RFC8040协议第9.3节或参考RFC6243的方法,此处不再赘述。Optionally, in order to support the permission response capability, that is, the ability to return the corresponding permission result after performing the corresponding operation on the corresponding data node, the server device needs to pre-define the corresponding capability. The so-called capability is an optional NETCONF protocol or RESTCONF protocol feature, which is presented by the server device that supports the feature. Each capability is identified by a URI. For the relevant content about the introduction and definition of capabilities, please refer to Section 9.3 of the RFC8040 protocol or refer to the method of RFC6243, which will not be repeated here.
在一个示例中,例如权限请求参数为“access-permit”,那么如果服务端设备中存在一个能力其URI中包含“access-permit”,那么则认为该能力为权限响应能力。In an example, for example, if the permission request parameter is "access-permit", then if there is a capability in the server device whose URI contains "access-permit", then the capability is considered to be a permission response capability.
在一个示例中,对于服务端设备支持权限响应能力而言,该权限响应能力对应的URI可以例如为<capability>http://www.huawei.com/netconf/capability/access-permit></capability>。在该URI中,“www.huawei.com”表示华为公司定义的能力;“netconf/capability”为netconf协议下的能力,该能力名称可以为“access-permit”也可以为任何自定义的能力名字,本发明不做具体限定,该能力“access-permit”表示支持接收含有权限请求参数的请求报文并能返回权限结果的能力。In an example, for the server device supporting permission response capability, the URI corresponding to the permission response capability may be, for example, <capability>http://www.huawei.com/netconf/capability/access-permit></capability>. In the URI, "www.huawei.com" indicates the capability defined by Huawei; "netconf/capability" is the capability under the netconf protocol, and the capability name may be "access-permit" or any custom capability name, which is not specifically limited in the present invention. The capability "access-permit" indicates the capability of supporting receiving request messages containing permission request parameters and returning permission results.
S204:服务端设备发送响应报文,响应报文携带权限结果。S204: The server device sends a response message, and the response message carries the permission result.
可选的,服务端设备发送的响应报文中携带权限结果和操作结果数据。Optionally, the response message sent by the server device carries permission result and operation result data.
S205:客户端设备接收服务端设备发送的响应报文,响应报文携带权限结果。S205: The client device receives a response message sent by the server device, and the response message carries the permission result.
客户端设备接收服务端设备发送的响应报文,并根据响应报文中返回的权限结果判断用户对对应节点数据是否存在对应操作权限。The client device receives the response message sent by the server device, and determines whether the user has the corresponding operation authority for the corresponding node data according to the authority result returned in the response message.
在一种示例中,权限结果可以为true或false,如果属性值为true时,表示用户对该节点存在对应操作权限,如果属性值为false时,表示用户对该节点不存在对应操作权限。如果操作结果数据为空,且权限结果为true时,即表明用户有权限但数据为空。如果结果数据为空,且权限结果为false时,即表明用户对该数据节点没有请求报文中要求的操作权限。In one example, the permission result can be true or false. If the attribute value is true, it means that the user has the corresponding operation permission for the node. If the attribute value is false, it means that the user does not have the corresponding operation permission for the node. If the operation result data is empty and the permission result is true, it means that the user has permission but the data is empty. If the result data is empty and the permission result is false, it means that the user does not have the operation permission required in the request message for the data node.
本申请实施例通过客户端设备生成携带权限请求参数的请求报文并向服务端设备发送,使得服务端设备在接收到请求报文之后,获取使用所述客户端的用户对对应数据节点执行请求报文中请求的操作的权限信息,并向客户端设备发送携带权限结果的报文,使得客户端设备能够获取到使用该客户端设备的用户对应权限结果,避免出现执行查询等读操作类请求报文后,返回响应报文数据为空的情况下,用户不清楚是因为没有数据还是不具备对应查询权限而导致的情况,降低管理复杂度。In the embodiment of the present application, a client device generates a request message carrying permission request parameters and sends it to a server device, so that after receiving the request message, the server device obtains the permission information of the user using the client to perform the operation requested in the request message on the corresponding data node, and sends a message carrying the permission result to the client device, so that the client device can obtain the corresponding permission result of the user using the client device, avoiding the situation where the response message data is empty after executing a read operation request message such as a query, and the user is unclear whether it is because there is no data or the corresponding query permission is not possessed, thereby reducing management complexity.
如图7所示,本申请实施例提供了一种客户端设备700,该客户端设备700包括发送模块701,接收模块702,执行以下操作:As shown in FIG. 7 , an embodiment of the present application provides a client device 700, which includes a sending module 701 and a receiving module 702, and performs the following operations:
发送模块701,用于客户端设备发送请求报文,请求报文携带指示所述服务端设备所要做的操作,所述操作针对的数据节点和权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示使用所述客户端设备的用户对所述数据节点执行所述操作的权限信息;Sending module 701, used for the client device to send a request message, the request message carries an instruction on the operation to be performed by the server device, the data node targeted by the operation and a permission request parameter, the permission request parameter is used to request a permission result, and the permission result indicates the permission information of the user using the client device to perform the operation on the data node;
可选的,所述操作可以为查询、修改、删除等操作,对应的权限信息可以为是否可以查询,是否可以修改,是否可以删除等操作,本申请不做具体限定。Optionally, the operation may be query, modify, delete, etc., and the corresponding permission information may be whether the operation can be queried, modified, deleted, etc., which is not specifically limited in this application.
可选的,所述操作可以进一步为读操作,包括查询(get),查询配置(get-config),全量同步(sync-full),增量同步(sync_increment)等操作,本申请不做具体限定。Optionally, the operation may be further a read operation, including query (get), query configuration (get-config), full synchronization (sync-full), incremental synchronization (sync_increment) and other operations, which are not specifically limited in this application.
可选的,该发送模块701还用于发送能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。Optionally, the sending module 701 is further configured to send a capability notification message, wherein the capability notification message indicates that the client device has the capability to request a permission result.
可选的,请求报文为基于RESTCONF协议或NETCONF协议的请求报文。Optionally, the request message is a request message based on the RESTCONF protocol or the NETCONF protocol.
可选的,该请求报文中的统一资源标识符URI中包括权限请求参数。Optionally, the uniform resource identifier URI in the request message includes permission request parameters.
可选的,该请求报文中的XML中包括权限请求参数。Optionally, the XML in the request message includes permission request parameters.
接收模块702,用于接收服务端设备发送的响应报文,所述响应报文携带所述权限结果。The receiving module 702 is used to receive a response message sent by the server device, where the response message carries the permission result.
可选的,该接收模块702还用于接收服务端设备发送的能力通告消息,所述通告消息包括权限响应能力,所述权限响应能力为所述服务端设备支持返回所述权限结果的能力。Optionally, the receiving module 702 is further configured to receive a capability notification message sent by the server device, wherein the notification message includes a permission response capability, and the permission response capability is a capability supported by the server device to return the permission result.
需要说明的一点是,图7实施例提供的客户端设备700,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将客户端设备的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的客户端设备与上述权限的方法实施例属于同一构思,其具体实现过程详见方法实施例,上述所有可选技术方案,可以采用任意结合形成本申请的可选实施例,在此不再一一赘述。It should be noted that the client device 700 provided in the embodiment of FIG. 7 is only illustrated by the division of the above-mentioned functional modules. In actual applications, the above-mentioned functions can be assigned to different functional modules as needed, that is, the internal structure of the client device can be divided into different functional modules to complete all or part of the functions described above. In addition, the client device provided in the above embodiment and the method embodiment of the above permissions belong to the same concept, and the specific implementation process is detailed in the method embodiment. All the above-mentioned optional technical solutions can be used in any combination to form optional embodiments of the present application, and will not be described one by one here.
同时,上述实施例提供的客户端设备与上述权限获取的方法实施例属于同一构思,其具体实现过程详见方法实施例,例如发送模块701,用于执行如图2所示的步骤S201;接收模块702,用于执行如图2所示的步骤S205,这里不再赘述。At the same time, the client device provided in the above embodiment and the above method embodiment for obtaining permission belong to the same concept, and the specific implementation process is detailed in the method embodiment, such as the sending module 701, which is used to execute step S201 as shown in Figure 2; the receiving module 702, which is used to execute step S205 as shown in Figure 2, will not be repeated here.
参见图8,该图为本申请实施例提供的一种客户端设备800的示意图。该网络设备800可以应用于图1所示的架构中,例如可以是图1所示的网络架构中的客户端设备10。用于执行图2所示实施例的通信方法中客户端设备所执行的操作。如图8所示,客户端设备800可以包括处理器810,与所述处理器810耦合连接的存储器820,收发器830。处理器810可以是中央处理器(central processing unit,CPU),网络处理器(network processor,NP)或者CPU和NP的组合。处理器还可以是专用集成电路(application-specific integratedcircuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device,CPLD),现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。处理器810可以是指一个处理器,也可以包括多个处理器。存储器820可以包括易失性存储器(volatile memory),例如随机存取存储器(random-access memory,RAM);存储器也可以包括非易失性存储器(non-volatile memory),例如只读存储器(read-only memory,ROM),快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD);存储器还可以包括上述种类的存储器的组合。存储器820还可以包括上述种类的存储器的组合。存储器820可以是指一个存储器,也可以包括多个存储器。在一个实施方式中,存储器820中存储有计算机可读指令举例来说,存储器820中存储用于实现发送模块701,和接收模块702功能的程序代码。处理器810用于执行存储器820中的计算机可读指令使得客户端设备800执行图2中的步骤S201和S205。Referring to FIG8 , this figure is a schematic diagram of a client device 800 provided in an embodiment of the present application. The network device 800 can be applied to the architecture shown in FIG1 , for example, it can be the client device 10 in the network architecture shown in FIG1 . It is used to execute the operations performed by the client device in the communication method of the embodiment shown in FIG2 . As shown in FIG8 , the client device 800 may include a processor 810, a memory 820 coupled to the processor 810, and a transceiver 830. The processor 810 may be a central processing unit (CPU), a network processor (NP), or a combination of a CPU and an NP. The processor may also be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof. The processor 810 may refer to one processor or may include multiple processors. The memory 820 may include a volatile memory, such as a random-access memory (RAM); the memory may also include a non-volatile memory, such as a read-only memory (ROM), a flash memory, a hard disk drive (HDD) or a solid-state drive (SSD); the memory may also include a combination of the above-mentioned types of memories. The memory 820 may also include a combination of the above-mentioned types of memories. The memory 820 may refer to a memory or may include multiple memories. In one embodiment, the memory 820 stores computer-readable instructions. For example, the memory 820 stores program codes for implementing the functions of the sending module 701 and the receiving module 702. The processor 810 is used to execute the computer-readable instructions in the memory 820 so that the client device 800 performs steps S201 and S205 in Figure 2.
参见图9,该图为本申请实施例提供的一种服务端设备900的结构示意图,该服务端设备包括:Referring to FIG. 9 , this figure is a schematic diagram of the structure of a server device 900 provided in an embodiment of the present application, and the server device includes:
接收模块901,用于接收客户端设备发送的请求报文,所述请求报文中携带指示所述服务端设备所要做的操作,所述操作针对的数据节点,以及权限请求参数,所述权限请求参数用于请求权限结果,所述权限结果指示所述用户对所述数据节点执行所述操作的权限信息;The receiving module 901 is used to receive a request message sent by a client device, wherein the request message carries an instruction on the operation to be performed by the server device, a data node targeted by the operation, and a permission request parameter, wherein the permission request parameter is used to request a permission result, and the permission result indicates permission information of the user to perform the operation on the data node;
可选的,接收模块901,还用于接收客户端设备发送的能力通告消息,所述能力通告消息指示所述客户端设备具有请求权限结果的能力。Optionally, the receiving module 901 is further configured to receive a capability notification message sent by a client device, where the capability notification message indicates that the client device has the capability to request a permission result.
生成模块902,用于生成响应报文,所述响应报文中携带所述权限结果;A generating module 902 is used to generate a response message, wherein the response message carries the permission result;
发送模块903,用于向所述客户端设备发送响应报文,所述响应报文中携带所述权限结果。The sending module 903 is used to send a response message to the client device, wherein the response message carries the permission result.
可选的,所述操作可以为查询、修改或删除等操作,对应的权限信息可以为是否可以查询,是否可以修改,是否可以删除等操作。Optionally, the operation may be an operation such as query, modification or deletion, and the corresponding permission information may be whether the operation can be queried, modified or deleted.
可选的,所述操作进一步为读操作时,可为查询(get)、查询配置(get-config)、增量同步(sync-increment)或全量同步(sync-full)等操作,本申请不做具体限定。Optionally, when the operation is further a read operation, it may be a query (get), query configuration (get-config), incremental synchronization (sync-increment) or full synchronization (sync-full) and the like, which is not specifically limited in this application.
可选的,发送模块903还用于发送能力通告消息,所述能力通告消息携带权限响应能力,所述权限响应能力指示所述服务端设备是否支持返回所述权限结果的能力。Optionally, the sending module 903 is further configured to send a capability notification message, wherein the capability notification message carries a permission response capability, and the permission response capability indicates whether the server device supports the capability of returning the permission result.
可选的,所述请求报文为表现层状态转换配置协议RESTCONF的请求报文或网络配置协议NETCONF的请求报文,支持在多种管理协议下使用本方法。Optionally, the request message is a request message of a presentation layer state transfer configuration protocol RESTCONF or a request message of a network configuration protocol NETCONF, and the method can be used under multiple management protocols.
可选的,权限请求参数包含在所述请求报文的统一资源标识符或可扩展标记语言中。Optionally, the permission request parameter is included in a uniform resource identifier or an extensible markup language of the request message.
需要说明的一点是,上述实施例提供的服务端设备与上述权限获取的方法实施例属于同一构思,其具体实现过程详见方法实施例,上述所有可选技术方案,可以采用任意结合形成本申请的可选实施例,在此不再一一赘述。One point that needs to be explained is that the server device provided in the above embodiment and the above method embodiment for obtaining permission belong to the same concept, and the specific implementation process is detailed in the method embodiment. All the above optional technical solutions can be combined in any way to form optional embodiments of the present application, and will not be described one by one here.
图10是本申请提供的一种服务端设备1000的示意图。该服务端设备1000可以应用于图1所示的架构中,例如可以是图1所示的网络架构中的服务端设备11。用于执行图2所示实施例的通信方法中服务端设备所执行的操作。如图10所示,服务端设备1000可以包括处理器1010,与所述处理器1010耦合连接的存储器1020,收发器1030。处理器1010可以是中央处理器(central processing unit,CPU),网络处理器(network processor,NP)或者CPU和NP的组合。处理器还可以是专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device,CPLD),现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。处理器1010可以是指一个处理器,也可以包括多个处理器。存储器1020可以包括易失性存储器(volatile memory),例如随机存取存储器(random-access memory,RAM);存储器也可以包括非易失性存储器(non-volatile memory),例如只读存储器(read-onlymemory,ROM),快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD);存储器还可以包括上述种类的存储器的组合。存储器1020还可以包括上述种类的存储器的组合。存储器1020可以是指一个存储器,也可以包括多个存储器。在一个示例中,存储器1020中存储有计算机可读指令,举例来说,存储器1020中存储用于实现接收模块901、生成模块902和发送模块903功能的程序代码。处理器1010用于执行存储器1020中的计算机可读指令使得服务端端设备1000执行图2中的步骤S202、S203和S204。FIG10 is a schematic diagram of a server device 1000 provided by the present application. The server device 1000 can be applied to the architecture shown in FIG1 , for example, it can be the server device 11 in the network architecture shown in FIG1 . It is used to execute the operations performed by the server device in the communication method of the embodiment shown in FIG2 . As shown in FIG10 , the server device 1000 may include a processor 1010, a memory 1020 coupled to the processor 1010, and a transceiver 1030. The processor 1010 may be a central processing unit (CPU), a network processor (NP) or a combination of a CPU and an NP. The processor may also be an application-specific integrated circuit (ASIC), a programmable logic device (PLD) or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL) or any combination thereof. The processor 1010 may refer to one processor or may include multiple processors. The memory 1020 may include a volatile memory, such as a random-access memory (RAM); the memory may also include a non-volatile memory, such as a read-only memory (ROM), a flash memory, a hard disk drive (HDD) or a solid-state drive (SSD); the memory may also include a combination of the above-mentioned types of memories. The memory 1020 may also include a combination of the above-mentioned types of memories. The memory 1020 may refer to a memory or may include multiple memories. In one example, the memory 1020 stores computer-readable instructions. For example, the memory 1020 stores program codes for implementing the functions of the receiving module 901, the generating module 902 and the sending module 903. The processor 1010 is used to execute the computer-readable instructions in the memory 1020 so that the server-end device 1000 performs steps S202, S203 and S204 in Figure 2.
本申请实施例还提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行以上的权限获取方法。The embodiment of the present application also provides a computer-readable storage medium, including instructions, which, when executed on a computer, enables the computer to execute the above permission acquisition method.
本申请的说明书和权利要求书及上述附图中的术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "including" and "having" and any variations thereof in the specification and claims of the present application and the above-mentioned drawings are intended to cover non-exclusive inclusions. For example, a process, method, system, product or apparatus comprising a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to these processes, methods, products or apparatuses.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be an indirect coupling or communication connection through some interfaces, devices or units, which can be electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能模块可以集成在一个模块中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In addition, each functional module in each embodiment of the present application can be integrated into one module, or each module can exist physically separately, or two or more modules can be integrated into one module. The above integrated modules can be implemented in the form of hardware or software functional modules.
所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated module is implemented in the form of a software function module and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application can be essentially or partly or all or partly embodied in the form of a software product that contributes to the prior art. The computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art will appreciate that in one or more of the above examples, the functions described in the present invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented using software, the functions may be stored in a computer-readable medium or transmitted as one or more instructions or codes on a computer-readable medium. Computer-readable media include computer storage media and communication media, wherein communication media include any media that facilitates the transmission of a computer program from one place to another. The storage medium may be any available medium that a general or special-purpose computer can access.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已。The specific implementation methods described above further illustrate the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific implementation methods of the present invention.
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。As described above, the above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present application.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910690284.4ACN112307486B (en) | 2019-07-29 | 2019-07-29 | A method, device and system for obtaining permissions |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910690284.4ACN112307486B (en) | 2019-07-29 | 2019-07-29 | A method, device and system for obtaining permissions |
| Publication Number | Publication Date |
|---|---|
| CN112307486A CN112307486A (en) | 2021-02-02 |
| CN112307486Btrue CN112307486B (en) | 2024-06-18 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910690284.4AActiveCN112307486B (en) | 2019-07-29 | 2019-07-29 | A method, device and system for obtaining permissions |
| Country | Link |
|---|---|
| CN (1) | CN112307486B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113139870B (en)* | 2021-04-30 | 2023-01-31 | 东吴在线(上海)金融信息服务有限公司 | Bond market acquiring and trading method, system, storage medium and computer equipment |
| CN113672570B (en)* | 2021-07-09 | 2024-11-29 | 济南浪潮数据技术有限公司 | Client cache synchronization method and device for distributed storage system and storage medium |
| CN115694845A (en)* | 2021-07-21 | 2023-02-03 | 华为技术有限公司 | An authentication method, device and equipment |
| CN115701042B (en)* | 2021-07-29 | 2025-06-06 | 华为技术有限公司 | Configuration update method, device, system and computer readable storage medium |
| CN115695134A (en)* | 2021-07-30 | 2023-02-03 | 华为技术有限公司 | Query method, device and equipment |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019109210A1 (en)* | 2017-12-04 | 2019-06-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Network management device and centralized authorization server for netconf |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457555A (en)* | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN103004135B (en)* | 2011-07-25 | 2015-04-29 | 华为技术有限公司 | Access control method and access control server |
| CN105827424A (en)* | 2015-01-07 | 2016-08-03 | 中兴通讯股份有限公司 | Data acquisition method and data acquisition device |
| CN105827423A (en)* | 2015-01-07 | 2016-08-03 | 中兴通讯股份有限公司 | Data acquisition method and data acquisition device |
| CN109409119A (en)* | 2017-08-17 | 2019-03-01 | 北京京东尚科信息技术有限公司 | Data manipulation method and device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019109210A1 (en)* | 2017-12-04 | 2019-06-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Network management device and centralized authorization server for netconf |
| Publication number | Publication date |
|---|---|
| CN112307486A (en) | 2021-02-02 |
| Publication | Publication Date | Title |
|---|---|---|
| CN112307486B (en) | A method, device and system for obtaining permissions | |
| CN103731451B (en) | A kind of method and system that file uploads | |
| WO2014067311A1 (en) | Resource subscription method and device | |
| US20180063879A1 (en) | Apparatus and method for interoperation between internet-of-things devices | |
| KR102158654B1 (en) | Resource subscription method, resource subscription device, and resource subscription system | |
| WO2019237974A1 (en) | Network configuration method and communication device | |
| WO2015188440A1 (en) | Resource subscription processing method and device | |
| WO2010003347A1 (en) | Device and corresponding system for mashup service, and method for establishing and using mashup service | |
| EP2512064A1 (en) | Data configuration method and apparatus | |
| CN104883266A (en) | Network configuration accessing method and device thereof | |
| JP7679509B2 (en) | Processing service requests | |
| CN105005500A (en) | Remote procedure calling method, server side and client | |
| CN112202877A (en) | Gateway linkage method, gateway, cloud server and user terminal | |
| CN113079029B (en) | Configuration information subscription method and device | |
| CN114025005B (en) | Data communication method, system, electronic equipment and storage medium | |
| WO2020098284A1 (en) | Communication method, client device, and server device | |
| CN106598758B (en) | A centralized forwarding and calling method and system | |
| US8924520B2 (en) | Method, remote access server and system for configuring a quality of service parameter | |
| CN103139236A (en) | Metadata processing method and device, and content delivery network (CDN) intercommunicating system | |
| WO2010124571A1 (en) | Node information acquirement method, client, and server | |
| WO2017136979A1 (en) | Implementation method, apparatus and system for remote access | |
| CN106878352A (en) | A method for realizing remote access, AllJoyn gateway agent, cloud server and mobile device | |
| CN105306238B (en) | Terminal access method, device and system | |
| CN114979269A (en) | Method, storage medium and system for receiving management end to manage Web middleware | |
| JP4532238B2 (en) | On-demand service provision system |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |