为kong网关添加key-auth插件实现安全认证

官方指导文档：https://docs.konghq.com/gateway/latest/get-started/key-authentication/

一、新建一个用户

这里我们新建一个username=luka的用户

[root@min ~]# curl -i -X POST http://localhost:8001/consumers/ \
>   --data username=luka
HTTP/1.1 201 Created
Date: Tue, 30 May 2023 14:16:56 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: http://localhost:8002
X-Kong-Admin-Request-ID: bDQSAZLydiS5oRKeaELyg1ul17eAC7Fo
vary: Origin
Access-Control-Allow-Credentials: true
vary: Origin
Content-Length: 173
X-Kong-Admin-Latency: 18
Server: kong/3.3.0.0-enterprise-edition

{"created_at":1685456216,"custom_id":null,"username":"luka","tags":null,"type":0,"id":"2385bb30-9c0b-4aae-9dc8-34c3b0191589","username_lower":"luka","updated_at":1685456216}[root@min ~]#

二、为用户luka分配一个key

[root@min ~]# curl -i -X POST http://localhost:8001/consumers/luka/key-auth
HTTP/1.1 201 Created
Date: Tue, 30 May 2023 14:20:24 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: http://localhost:8002
X-Kong-Admin-Request-ID: f7kYQ2qPNXyVM1sWh3OwLeDNIHDV77I2
vary: Origin
Access-Control-Allow-Credentials: true
Content-Length: 190
X-Kong-Admin-Latency: 10
Server: kong/3.3.0.0-enterprise-edition

{"created_at":1685456424,"id":"796e126a-5e61-41ad-a4ba-404a71feb3bd","ttl":null,"tags":null,"key":"mZiuw2s2mJvFTbwhVx1zpYzFGaUbS2t1","consumer":{"id":"2385bb30-9c0b-4aae-9dc8-34c3b0191589"}}

这一步我们看到kong给我们分配一个key:mZiuw2s2mJvFTbwhVx1zpYzFGaUbS2t1

三、开启全局的key-auth

1、启用key-auth插件

[root@min ~]# curl -X POST http://localhost:8001/plugins/ \
>     --data "name=key-auth"  \
>     --data "config.key_names=apikey"
{"created_at":1685456863,"consumer":null,"protocols":["grpc","grpcs","http","https","ws","wss"],"updated_at":1685456863,"ordering":null,"enabled":true,"instance_name":null,"id":"b123cd0a-2410-4fb5-8cd1-3953ed095d4f","service":null,"name":"key-auth","tags":null,"config":{"hide_credentials":false,"key_in_body":false,"key_in_query":true,"key_in_header":true,"run_on_preflight":true,"key_names":["apikey"],"anonymous":null},"route":null}

2、不带key进行请求

在这里插入图片描述

3、携带错误的key进行请求

在这里插入图片描述

4、使用正确的key进行请求

在这里插入图片描述

四、查看当前的已经有的插件，并且取消对应插件

1、查看当前已经有的插件

[root@min ~]# curl -X GET http://192.168.19.50:8001/plugins
{
    
    "data":[{
    
    "created_at":1685456863,"consumer":null,"protocols":["grpc","grpcs","http","https","ws","wss"],"updated_at":1685456863,"ordering":null,"enabled":true,"instance_name":null,"id":"b123cd0a-2410-4fb5-8cd1-3953ed095d4f","service":null,"name":"key-auth","tags":null,"config":{
    
    "hide_credentials":false,"key_in_body":false,"key_in_query":true,"key_in_header":true,"run_on_preflight":true,"key_names":["apikey"],"anonymous":null},"route":null}],"next":null}

2、禁用插件

使用api: http://192.168.19.50:8001/plugins/{plugin_id}来进行禁用

[root@min ~]# curl -X PATCH  http://192.168.19.50:8001/plugins/b123cd0a-2410-4fb5-8cd1-3953ed095d4f --data enabled=false
{
    
    "created_at":1685456863,"consumer":null,"protocols":["grpc","grpcs","http","https","ws","wss"],"updated_at":1685458558,"ordering":null,"enabled":false,"instance_name":null,"id":"b123cd0a-2410-4fb5-8cd1-3953ed095d4f","service":null,"name":"key-auth","tags":null,"config":{
    
    "hide_credentials":false,"key_in_body":false,"key_in_query":true,"key_in_header":true,"run_on_preflight":true,"key_names":["apikey"],"anonymous":null},"route":null}

# 3、测试禁用后不携带apikey能够正常访问

在这里插入图片描述

为kong网关添加key-auth插件实现安全认证

一、新建一个用户

二、为用户luka分配一个key

三、开启全局的key-auth

1、启用key-auth插件

2、不带key进行请求

3、携带错误的key进行请求

4、使用正确的key进行请求

四、查看当前的已经有的插件，并且取消对应插件

1、查看当前已经有的插件

2、禁用插件

# 3、测试禁用后不携带apikey能够正常访问

猜你喜欢