kong api gateway 插件之acl

文章来源：http://blog.csdn.net/qq_26656329/article/details/78432565

添加一个API

curl -i -X POST \
    --url http://localhost:8001/apis/ \
    --data 'name=example-api' \
    --data 'uris=/user' \
    --data 'upstream_url=http://test.my'

返回值

{
    "created_at":,
    "strip_uri":true,
    "id":"ced08536-36d8-4e0f-bc94-5e650b29375b",
    "name":"example-api",
    "http_if_terminated":false,
    "preserve_host":false,
    "upstream_url":"http://test.my",
    "uris":[
        "/user"
    ],
    "upstream_connect_timeout":,
    "upstream_send_timeout":,
    "upstream_read_timeout":,
    "retries":,
    "https_only":false
}

API关联oauth

curl -X POST http://localhost:8001/apis/example-api/plugins \
    --data "name=oauth2" \
    --data "config.enable_authorization_code=true" \
    --data "config.scopes=email,phone,address" \
    --data "config.mandatory_scope=true"

返回值

{
    "created_at":,
    "config":{
        "token_expiration":,
        "mandatory_scope":true,
        "hide_credentials":false,
        "enable_authorization_code":true,
        "enable_implicit_grant":false,
        "global_credentials":false,
        "scopes":[
            "email",
            "phone",
            "address"
        ],
        "enable_password_grant":false,
        "accept_http_if_already_terminated":false,
        "anonymous":"",
        "enable_client_credentials":false,
        "provision_key":"function"
    },
    "id":"c8cfea25-1523-44fc-a3cd-1f2b7fcb2cea",
    "name":"oauth2",
    "api_id":"ced08536-36d8-4e0f-bc94-5e650b29375b",
    "enabled":true
}

添加消费者

curl -X POST http://localhost:8001/consumers/ \
    --data "username=user123"

返回值

{
    "created_at":,
    "username":"user123",
    "id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"
}

创建应用

curl -X POST http://localhost:8001/consumers/e5b491d8-46db-4371-a279-57e2a2ab30d7/oauth2 \
    --data "name=test-app" \
    --data "redirect_uri=http://test.my"

返回值

{
    "client_id":"IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO",
    "created_at":,
    "id":"a4723382-db36-4bfc-8a0e-ecfb4dcd24d5",
    "redirect_uri":[
        "http://test.my"
    ],
    "name":"test-app",
    "client_secret":"Pat9mbOTd4ynpAZZHSknSo9LGC92vToU",
    "consumer_id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"
}

消费者分组

curl -X POST http://localhost:8001/consumers/user123/acls \
    --data "group=group1"

返回值

{
    "group":"group1",
    "created_at":,
    "id":"bdcab065-0eaf-415a-9ce8-d3121bb3dd59",
    "consumer_id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"
}

测试API访问

# 生成code
curl -X POST https://localhost:8443/user/oauth2/authorize \
    --data "client_id=IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO" \
    --data "response_type=code" \
    --data "provision_key=function" \
    --data "authenticated_userid=0" \
    --data "scope=email"
# 获取token
curl -X POST https://localhost:8443/user/oauth2/token \
    --data client_id=IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO \
    --data client_secret=Pat9mbOTd4ynpAZZHSknSo9LGC92vToU \
    --data provision_key=function \
    --data code=Bj8sRhSiUO3lUaD6G8mR0LDYokc7td1T \
    --data grant_type=authorization_code
# 访问API
curl https://localhost:8443/user?access_token=Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku

返回值

# code返回值
{
    "redirect_uri": "http://test.my?code=Bj8sRhSiUO3lUaD6G8mR0LDYokc7td1T"
}

# token返回值
{
    "refresh_token": "sKKFXWGkqsrWliDKLHaelU3XtIqL1duD",
    "token_type": "bearer",
    "access_token": "Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku",
    "expires_in": 
}

# 访问API返回值
array (
  'access_token' => 'Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku',
)

api关联acl插件并把group1加入黑名单

curl -X POST http://localhost:8001/apis/example-api/plugins \
    --data "name=acl" \
    --data "config.blacklist=group1, group2"

返回值

{
    "created_at":,
    "config":{
        "whitelist":[
            "group1",
            "group2"
        ]
    },
    "id":"03890256-0f28-445c-ab1b-435eab73362a",
    "name":"acl",
    "api_id":"ced08536-36d8-4e0f-bc94-5e650b29375b",
    "enabled":true
}

再次请求API

返回值

{
    "message": "You cannot consume this service"
}

kong api gateway 插件之acl

继续阅读

gateway集成swagger

Springboot 整合 SpringCloud组件-Gateway 网关服务 (四)

Spring Cloud微服务脚手架搭建实战——SpringCloud Alibaba Sentinel实现熔断与限流介绍

springcloud gateway网关集成abtest（灰度发布、多版本发布）

springcloud gateway自定义过滤器背景描述实现总结其他

SpringCloud Gateway Consul注册中心配置动态路由+过滤器Filter

SpringCloud-Gateway配置过滤器彻底解决跨域问题

小白入门微服务(3) - 什么是 API gateway

Spring Cloud Gateway：新一代微服务API网关

谷粒学院使用nacos注册gateway网关时候报错503

Hadoop指标框架V2

Spring Cloud Alibaba：Gateway网关之Weight路由断言工厂

Spring Cloud Alibaba：Gateway之路由过滤器工厂（一）

Spring Cloud Alibaba：Gateway之路由过滤器工厂（三）

Spring Cloud Alibaba：Gateway网关 & 路由断言工厂

Centos常用网络配置