[KONG series seven] ACL strategy plugin

ACLStrategy plugin

Policy grouping rules:

1) .Assign an authorization policy group to users

2). is api

span>Add authorization strategy grouping plugin.

3).Only users who have the api authorization policy group can call The api.

4). Authorization strategy grouping must be based on the authentication mechanism. The prerequisite for this strategy to take effect, api At least any auth authentication plugin must be enabled.

How to use:

1. Create a ACL plugin

As shown in the figure, create a group, set a whitelistopen, blacklist dev-test, and apply this plug-in to testACL this api .

2.Reverse verification

Because of< span class="s3">ACL must work with the authentication plug-in to take effect. We use the combination of basic authentication basic-auth + ACL for verification.

Previous section Basic authentication has been createdbasic-authUser and secret key:username=csOfBasic,password=testkongpwd.

We use the previous sectionbasic-authcreated consumeraccess:

basic-authuser and secret key:username= csOfBasic,password=testkongpwd

Back Message:{“message”:”You cannot consume this service”}

The user is a legitimate user(has passedbasic-authauthentication), but do not have permission to access testBasicAuth(http://10.110.2.3:8000/test) thisapi.

The authentication and authority of

kong are independent.

3. Assign users a open group

The users in the previous section cannot access because they do not belong to the policy group of ACL=open.

Now, we create an ACL group for the basic-auth user, as follows Figure:

You can also directly use the curl method to add ACL strategy< /p>

curl -X POST http://*.*.*.*:8001/consumers/consumerOfBasic/acls < /span>–data “group=open” //Note here consumerOfBasic and basic-authUser:username=csOfBasicthe difference.

4.Positive verification of legitimate users

Execute again and the verification is passed. The returned results are as follows:

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 1670 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.