Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to implement request unified authentication in Bumblebe micro service gateway". In daily operation, I believe many people have doubts about how to achieve request unified verification in Bumblebe micro service gateway. The editor consulted all kinds of materials and sorted out simple and useful operation methods. I hope it will be helpful to answer the doubt of "how to request unified verification in Bumblebe micro service gateway". Next, please follow the editor to study!

For the micro-service gateway, unified request verification is a more important and commonly used function, and the back-end service of verification through the gateway does not need to pay attention to request verification; for services on multi-language platforms, it is cumbersome and cumbersome to make verification methods and change verification configuration. Bumblebee provides JWT authentication plug-in, which only needs simple configuration to enable the gateway to request unified authentication.

Reference plug-in

Using JWT in Bumblebee requires reference to two plug-ins, Bumblebee.Configuration and Bumblebee.Jwt. After loading and starting, you can configure the plug-in through the management tool.

G = new Gateway (); g.HttpOptions (o = > {o.Port = 80; o.LogToConsole = true; o.LogLevel = BeetleX.EventArgs.LogType.Error;}); g.Open () G.LoadPlugin (typeof (Bumblebee.Configuration.Management). Assembly, typeof (Bumblebee.Jwt.JwtPlugin). Assembly)

If you don't want to write your own code, you can download the compiled runtime package Bumblebee1.0.6. This version has been added to JWT.

Plug-in management

After running the program, go to the plug-in management page of the configuration management tool, you can see the JWT plug-in, which is not enabled by default.

Database configuration

The use of Bumblebee.Jwt requires a database, which is mainly used to take over the login and generate Token. The plug-in supports three kinds of databases by default, namely: mssql,mysql and pgsql. The relevant login information table must include the following three fields: _ name (user name), _ role (role) and _ password (password). The mysql script is as follows:

CREATE TABLE `_ users` (` _ name` varchar (50) NOT NULL, `_ password` varchar (45) DEFAULT NULL,` _ role` varchar (45) DEFAULT NULL, PRIMARY KEY (`_ name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;JWT configuration

The use of the plug-in needs to be configured. You can enter the relevant configuration page by clicking the plug-in.

The example configuration is as follows:

{"Key": "ExxUqmeDKnAk1eMHV02ICJkwp82RsleM887yRnQS3Gg8OHCxWsLPlzCEAJActCo6y6Mae26JeGDFx7aYkeP7Efl6yh/d1q3XYRCdDLLGbz+kt3vR92H6s78P7JILNgZMiO6XoekKXfT2Qxle7Gyu/1d39NloKhqXgBdgzeobyyo=", "MD5": false, "DBType": "MYSQL", "ConnectionString": "Server=192.168.2.19;Database=world;Uid=root;Pwd=123456;", "VerifyPaths": ["^ / api.*"], "Table": "_ users", "TokenTimeOut": 200, "RemoveHeaders": ["Cookie"], "LoginMaxRps": 200}

Key JWT processing key

Does MD5 want to transfer the password to MD5 for further query?

DBType data type, respectively: MSSQL,MYSQL,PGSQL

ConnectionString database connection string

VerifyPaths needs to validate a list of paths, regular expressions.

Table user Table name

TokenTimeOut credential timeout (in minutes)

Remove header list when RemoveHeaders retweet

LoginMaxRps login limit, allowing concurrency per second, no limit if set to zero

JWT related access interface

Http://host/__system/jwt/login?name=henry&pwd=123456&cookie=true login to get Token access Url,cookie parameter indicates that Token is returned and written to Cookie

Http://host/__system/jwt/singout clears the corresponding Token information for Cookie.

Request Token configuration

If Cookie is written during call login, there is no need to configure relevant Token information during the request. In other invocation modes, you need to configure the returned Token to the Authorization of the request header.

Application example

Directly write a webapi service in aspcore and then use Bumblebee to perform a proxy and set security control access.

Public class ApiController: Controller {/ / GET: / / public IActionResult Index () {return new ContentResult {Content = $"{DateTime.Now} | name: {Request.Headers [" jwt_user "]}; role: {Request.Headers [" jwt_role "]}"} } public IActionResult Hello (string name) {return new ContentResult {Content = $"hello {name} {DateTime.Now} | name: {Request.Headers [" jwt_user "]}; role: {Request.Headers [" jwt_role "]}"};}}

The address at which the service is started is http://localhost:58387/,. Configure related routes at the gateway.

When JWT authentication is turned off, the service can be accessed normally because it has not been verified by the gateway, so the jwt_user and jwt_role information is empty. What happens if JWT authentication is turned on?

Because the request has no credential information, it is intercepted by the gateway and the corresponding error is returned. Next, first visit the login API and obtain the credential http://localhost/__system/jwt/login?name=henry&pwd=123456&cookie=true,. After the credential is obtained, you can access the service, and the jwt_user and jwt_role information can be obtained normally in the service.

At this point, the study on "how to implement request unified authentication in Bumblebe micro service gateway" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.