Now there is a demand:
1, there are a lot of subsystems,
2, these subsystems with the same user data, according to the platform to do purview division,
Now my idea is to do an authentication center, and then integrated gateway, the gateway unified authentication and authorization, after to send request to subsystem, foreign only open the gateway, the subsystem is not open,
Right this way, please?
There are other better way?
CodePudding user response:
This way you can, is similar to the aws cognito (equivalent to your authentication center) and API getway (equivalent to your integration gateway)
CodePudding user response:
Zuul or Gateway have their respective Filter, is easy to implement,
CodePudding user response:
Zuul or Gateway have their respective Filter, is easy to implement,
CodePudding user response:
reference 1st floor qybao response: can this way, it is similar to the aws cognito (equivalent to your authentication center) and API getway (equivalent to your integration gateway) I am wanted to do authentication and authorization, the gateway subsystem is absolutely no security check, this way please CodePudding user response:
reference 3 floor DayDayUp, reply: Zuul or Gateway each have their own Filter, is easy to implement, Another problem is that if I do authentication and authorization in the gateway, authorization, I don't know the service interface need permission check, those who don't need to do permission to check, have what way to solve this? CodePudding user response:
Do is ok in the gateway, also will be able to distinguish between don't need to verify the interface, define an exclude list. CodePudding user response:
In general, the gateway to do the authority certification, subsystem will continue to do token validation and permissions check? Now feel subsystem is completely transparent, though he is trying, CodePudding user response:
refer to 7th floor citric acid sweet reply: general, did access authentication gateway, the subsystem will continue to do token validation and permissions check? Now feel subsystem is completely transparent, although he trying, Don't direct external accessible, don't need to do, CodePudding user response:
The concrete implementation steps? This is what I want: Do a certification center, the certification center used to generate a token (I am using JWT), Process a browser to access gateway, the gateway has a global filter, judge whether the header has a token, if there is no thought login directly prompt the user login, Process two, there are token in the header, the gateway call certification center of the method validation token is correct, check completed, gateway and then call the authorization of certification center method to judge whether the request has the authority, if you have permissions, are distributed to specific downstream services; Without permission, the gateway directly to prompt the user without permission, Do it right? CodePudding user response:
Another problem is that I was supposed to access the resources of the downstream of the service, but now in the gateway for rights management, how am I in the gateway to access authentication center? By means of RPC? CodePudding user response:
Add the JWT authentication function to the gateway service, don't need to do the authentication function separate a service CodePudding user response:
11 references, DayDayUp, reply: add JWT authentication function to the gateway service, don't need to do the authentication function separate a service You mean the authentication of certification? Or the permission to check? CodePudding user response:
Certification or authentication CodePudding user response:
refer to the 13th floor DayDayUp, reply: authentication, or permissions can What are you using JWT and signature algorithm? CodePudding user response:
Zuul or Gateway have their respective Filter, it is very easy to implement