BlessingCR’s Blog
BlessingCR’s Blog

每个人都应该懂的分布式鉴权方案设计

https://blessingcr.com/wp-content/uploads/2024/01/result-3.png

通用流程:

  1. 用户通过gateway访问某服务
  2. 如果该请求未携带token【无token该请求必须是登录,其他请求一定带token,可以在gateway中配置判断】,gateway先请求auth鉴权服务,然后auth根据用户名密码,返回用户的role角色和permission权限。----RBAC
  3. 【选做】如果有需要,可以角色绑定规则,根据规则进行更细粒度鉴权。比如说,只允许9点到6点管理员登陆,或者是只允许某些IP登录。 推荐使用ABAC框架 LoopAuth ----ABAC
  4. gateway收到权限时,可以储存或者不储存到gateway的redis中。储存的意义在于,后续访问的时候可以直接通过用户token获取对应jwt,这样不用访问auth服务,减少io。但是这样做的坏处在于,无法踢人下线,除非auth和gateway公用一个redis。如果不储存,每次访问都需要将用户token发送给auth服务,auth服务通过token返回具体信息给gateway,增加了网络io。将权限角色之类信息放到header中,用jwt发送给微服务。
  5. 后续微服务返回前端的时候,请不要带上jwt,应该放回auth返回的token,auth应该储存token和jwt对应关系,大多数情况应该储存在redis中。
  6. 后续每次都应该gateway/auth将用户token转化为jwt,传递给后续微服务。

回复 https://tinyurl.com/yp2uf8pf 取消回复

textsms
account_circle
email

  • Thanks a bunch for sharing this with all folks you actually know what you’re talking approximately! Bookmarked. Please also discuss with my web site =). We could have a link change agreement among us!

    10 月前 回复
  • I like the valuable info you provide in your articles. I will bookmark your blog and check again here frequently. I am quite certain I will learn plenty of new stuff right here! Best of luck for the next!

    9 月前 回复
  • Definitely believe that which you said. Your favorite justification seemed to be on the net the simplest thing to be aware of. I say to you, I certainly get annoyed while people think about worries that they plainly don’t know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thanks

    9 月前 回复
  • It is truly a great and helpful piece of info. I am happy that you just shared this helpful info with us. Please keep us informed like this. Thank you for sharing.

    8 月前 回复
  • Thank you, I’ve just been looking for info about this topic for ages and yours is the best I’ve discovered so far. But, what about the conclusion? Are you sure about the source?

    8 月前 回复
  • Hi there, You’ve done an incredible job. I will certainly
    digg it and personally recommend to my friends. I am confident they’ll
    be benefited from this site.

    Have a look at my homepage … nordvpn coupons inspiresensation

    6 月前 回复
  • 350fairfax nordvpn coupons inspiresensation
    Nice post. I learn something totally new and challenging on websites I stumbleupon every day.
    It’s always exciting to read articles from other writers and use a little something from other websites.

    6 月前 回复
  • Thanks for the marvelous posting! I certainly enjoyed reading it, you are a great author.
    I will be sure to bookmark your blog and will come back at some point.
    I want to encourage you to continue your great writing, have a nice weekend!

    my blog; eharmony special coupon code 2025

    4 月前 回复
  • First off I would like to say awesome blog! I had a quick question that I’d like to
    ask if you don’t mind. I was curious to find out how you center yourself
    and clear your mind before writing. I have had a tough time clearing my thoughts in getting my ideas out there.
    I truly do take pleasure in writing however it just seems like the first 10 to 15
    minutes tend to be lost simply just trying to figure out
    how to begin. Any ideas or tips? Appreciate it! gamefly 3 month free trial https://tinyurl.com/2ab5s5qz

    3 月前 回复
  • Hey there! Do you know if they make any plugins to assist with
    SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing
    very good gains. If you know of any please share. Thank you!
    https://tinyurl.com/2dhs6xmh what is vpn

    3 月前 回复
  • My programmer is trying to convince me to move to .net from PHP.
    I have always disliked the idea because of the
    expenses. But he’s tryiong none the less. I’ve been using Movable-type on a variety of websites for
    about a year and am nervous about switching to another platform.
    I have heard very good things about blogengine.net.
    Is there a way I can transfer all my wordpress posts into it?
    Any help would be greatly appreciated!

    3 月前 回复
  • I blog often and I truly thank you for your information. The
    article has really peaked my interest. I’m going to book mark your website and keep checking for new information about once
    a week. I subscribed to your RSS feed as well.
    Eharmony special coupon code 2025 https://tinyurl.com/ypubsnjg

    1 月前 回复

BlessingCR’s Blog

每个人都应该懂的分布式鉴权方案设计
通用流程: 用户通过gateway访问某服务 如果该请求未携带token【无token该请求必须是登录,其他请求一定带token,可以在gateway中配置判断】,gateway先请求auth鉴权服务,然后auth根据…
扫描二维码继续阅读
2023-10-28