openresty 请求鉴权

请求发往后端前，先对请求进行鉴权，鉴权通过发往后端

请求鉴权

auth_request 鉴权

请求发往后端前，auth_request发送子请求；
返回的状态码2xx，请求通过
返回的状态码4xx，拒绝通过# 示例location / {# 发起子请求，进行鉴权auth_request /auth;# 鉴权通过后，将请求发送给后端处理proxy_pass/fastcgi_pass/postgres_pass/...}

ngx.capture 子请求鉴权

Note that when calling ngx.exit(ngx.OK) within a access_by_lua_block
handler, the Nginx request processing control flow will still continue
to the content handler. To terminate the current request from within a
access_by_lua_block handler, call ngx.exit with status >= 200 (ngx.HTTP_OK)
and status < 300 (ngx.HTTP_SPECIAL_RESPONSE) for successful quits and
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) (or its friends) for failures
* 调用ngx.exit(ngx.OK)会结束access_by_lua_block，继续执行后续操作
* status为2xx，access_by_lua_block执行成功
* status为4xx、5xx，access_by_lua_block执行失败# 示例：使用ngx.location.capture模拟auth_request鉴权请求location / {# 子请求鉴权access_by_lua_block {local res = ngx.location.capture("/auth")if res.status == ngx.HTTP_OK thenreturnendif res.status == ngx.HTTP_FORBIDDEN thenngx.exit(res.status)endngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)}# 鉴权通过后，将请求发送给后端处理proxy_pass/fastcgi_pass/postgres_pass/...}

使用示例

***********

后端应用

HelloController

@RestController
public class HelloController {@RequestMapping("/auth")public void auth(HttpServletRequest request, HttpServletResponse response){Enumeration<String> enumeration = request.getHeaderNames();while (enumeration.hasMoreElements()){String name = enumeration.nextElement();System.out.println(name + " ==> " + request.getHeader(name));}String authorization = request.getHeader("Authorization");if ("gtlx".equalsIgnoreCase(authorization)){response.setStatus(200);}else {response.setStatus(401);}}@RequestMapping("/hello")public String hello(){return "瓜田李下";}
}

Dockerfile

from java:8workdir /usr/local/jar
copy hello.jar app.jarexpose 8080
entrypoint ["java", "-jar", "app.jar"]

edit configuration ==>docker

启动docker 应用

.   ____          _            __ _ _/\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \\\/  ___)| |_)| | | | | || (_| |  ) ) ) )'  |____| .__|_| |_|_| |_\__, | / / / /=========|_|==============|___/=/_/_/_/:: Spring Boot ::                (v2.7.2)2022-07-29 02:09:24.518  INFO 1 --- [           main] com.example.demo.DemoApplication         : Starting DemoApplication v0.0.1-SNAPSHOT using Java 1.8.0_111 on d61d6b0d8d4f with PID 1 (/usr/local/jar/app.jar started by root in /usr/local/jar)
2022-07-29 02:09:24.526  INFO 1 --- [           main] com.example.demo.DemoApplication         : No active profile set, falling back to 1 default profile: "default"
2022-07-29 02:09:26.075  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2022-07-29 02:09:26.105  INFO 1 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2022-07-29 02:09:26.106  INFO 1 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.65]
2022-07-29 02:09:26.237  INFO 1 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2022-07-29 02:09:26.238  INFO 1 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1604 ms
2022-07-29 02:09:26.851  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2022-07-29 02:09:26.871  INFO 1 --- [           main] com.example.demo.DemoApplication         : Started DemoApplication in 3.005 seconds (JVM running for 3.557)
2022-07-29 02:09:28.459  INFO 1 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-07-29 02:09:28.459  INFO 1 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2022-07-29 02:09:28.465  INFO 1 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 6 ms

***********

openresty

default.conf

server {listen       80;server_name  localhost;location / {root   /usr/local/openresty/nginx/html;index  index.html index.htm;}location /test {auth_request /check;proxy_pass http://172.18.0.4:8080/hello;}location /test2 {access_by_lua_block {local cjson = require 'cjson';local res, err = ngx.location.capture("/check");-- ngx.say("res ==> ", cjson.encode(res));if res.status == 200 thenngx.exit(200);elsengx.exit(res.status);end}proxy_pass http://172.18.0.4:8080/hello;}location /check {proxy_pass http://172.18.0.4:8080/auth;proxy_set_header Authorization $http_Authorization;proxy_set_header name 'hzw';}error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/local/openresty/nginx/html;}}

创建openresty容器

docker run -it -d --net fixed --ip 172.18.0.2 -p 9000:80 \
-v /Users/huli/lua/openresty/core/default.conf:/etc/nginx/conf.d/default.conf \
--name open-auth lihu12344/openresty

***********

使用测试

localhost:9000/test ==> Authorization=gtlx

# springboot 控制台输出
authorization ==> gtlx
name ==> hzw
host ==> 172.18.0.4:8080
connection ==> close
user-agent ==> PostmanRuntime/7.29.0
accept ==> */*
postman-token ==> fecbb948-e9a3-45c4-a39c-ea25c67f9e1f
accept-encoding ==> gzip, deflate, br

localhost:9000/test ==>Authorization=gtlx2

# springboot 控制台输出
authorization ==> gtlx2
name ==> hzw
host ==> 172.18.0.4:8080
connection ==> close
user-agent ==> PostmanRuntime/7.29.0
accept ==> */*
postman-token ==> 168aae93-d5e2-4243-8278-014f44db3ce9
accept-encoding ==> gzip, deflate, br

localhost:9000/test2 ==> Authorization=gtlx

# springboot 控制台输出
authorization ==> gtlx
name ==> hzw
host ==> 172.18.0.4:8080
connection ==> close
user-agent ==> PostmanRuntime/7.29.0
accept ==> */*
postman-token ==> 8aadba89-c3a9-4d8d-a09d-f3beab7df55f
accept-encoding ==> gzip, deflate, br

localhost:9000/test2 ==> Authorization=gtlx2

# springboot 控制台输出
authorization ==> gtlx2
name ==> hzw
host ==> 172.18.0.4:8080
connection ==> close
user-agent ==> PostmanRuntime/7.29.0
accept ==> */*
postman-token ==> b887942a-64c2-410d-b1e9-37cd778ef85e
accept-encoding ==> gzip, deflate, br

openresty 请求鉴权相关推荐

签名（Signature）认证实现方式-用于请求鉴权
常用的请求认证方式有两种: 1.Signature认证一次性的身份校验方式,常见于不同项目间的api通信一般形式是通过 AppID/AccessKey/AppSecret 及签名算法针对通信数据生 ...
网关的其中一个重要功能，就是实现请求的鉴权：zuulFilter
Zuul作为网关的其中一个重要功能,就是实现请求的鉴权.而这个动作我们往往是通过Zuul提供的过滤器来实现的. ZuulFilter ZuulFilter是过滤器的顶级父类.在这里我们看一下其中定义的 ...
快速搭建一个网关服务，动态路由、鉴权看完就会（含流程图）
[文章来源]https://sourl.cn/tcbSPi 前言本文记录一下我是如何使用Gateway搭建网关服务及实现动态路由的,帮助大家学习如何快速搭建一个网关服务,了解路由相关配置,鉴权的流 ...
Amazon S3和Swift鉴权机制分析
基于Base64编码的HTTP Basic Authentication由于安全问题,已经不再广泛使用了.在云存储中,数据的安全性一直被广泛关注.亚马逊的AWS S3和Openstack Swift分 ...
前端开发：关于鉴权的使用总结
前言前端开发过程中,关于鉴权(权限的控制)是非常重要的内容,尤其是前端和后端之间数据传递时候的请求鉴权校验.前端鉴权的本质就是控制前端视图层的显示和前端向后台所发送的请求,但是只有前端鉴权,没有后端 ...
云存储的两种鉴权机制(转载)
1.AWS S3(Amazon Web Services)(Storage Area Network,简称SAN). AWS是亚马逊公司旗下云计算服务平台,为全世界范围内的客户提供云解决方案.AWS面 ...
java造轮子：快速搭建一个网关服务，动态路由、鉴权看完就会（含流程图）
前言本文记录一下我是如何使用Gateway搭建网关服务及实现动态路由的,帮助大家学习如何快速搭建一个网关服务,了解路由相关配置,鉴权的流程及业务处理,有兴趣的一定看到最后,非常适合没接触过网关服务的 ...
请求令牌接口_时序图说明JWT用户认证及接口鉴权的细节
JWT用户认证及接口鉴权的细节以及原理一.回顾JWT的授权及鉴权流程在笔者的上一篇文章中,已经为大家介绍了JWT以及其结构及使用方法.其授权与鉴权流程浓缩为以下两句话: 授权:使用可信用户信息(用 ...
vue从url中获取token并加入到请求头里_BATJ都会用到的接口鉴权cookie、session 和token...
鉴权鉴权是指验证用户是否拥有访问系统的权利-鉴定权限. cookie.session和token 为什么会有cookie.session和token? 1. http是无状态协议什么是无状态呢? ...

openresty 请求鉴权

openresty 请求鉴权

请求鉴权

使用示例

openresty 请求鉴权相关推荐

最新文章

热门文章