#Overview _
Interfaces exposed through gateways must be configured for routing.
Permission verification is the authentication of the client requesting the interface to confirm whether it can access the interface.
The client can identify itself through the fizz-appid request header, that is, what application it is.
The authentication method of the application can be configured in the management background. Currently, three methods are supported: md5, key, and custom.
Routes can be associated with applications, i.e. client authentication of access interfaces.
Based on the example of "routing-reverse proxy", the following describes the definition of the application and three authentication methods.
#application definition
The management background defines the application client-app-1:
#Configure authentication
#Key authentication
The above configuration: The gateway will check whether the fizz-sign request header is the key in the figure for the client with the request header fizz-appid=client-app-1.
# md5 authentication
The above configuration: Gateway MD5 [client-app-1 + fizz-ts (timestamp, milliseconds) + 95c6990e07714a63aba8354fa6544701], check whether the previous value is consistent with the fizz-sign passed by the client.
#custom _
Select "custom plug-in" as the authentication method, inherit AbstractCustomAuth.java in the gateway code, and implement
public abstract Mono<Result<?>> auth(String appId, String ip, String timestamp, String sign, App fizzAppConfig, ServerWebExchange exchange);
// appId: client-app-1
// ip: 客户端 ip
// timestamp: fizz-ts
// sign: fizz-sign
// fizzAppConfig: 应用配置
The implementation class is marked as @Component , and the gateway needs to be restarted, such as:
@Component
public class MyAuth extends AbstractCustomAuth {
@Override
public Mono<Result<?>> auth(String appId, String ip, String timestamp, String sign, App fizzAppConfig, ServerWebExchange exchange) {
if (fizzAppConfig.secretkey.equals(sign)) {
return Mono.just(Result.succ()); // 认证通过
}
return Mono.just(Result.fail("密钥不对")); // 响应客户端 "密钥不对"
}
}
#Route configuration
On the "router-reverse proxy" example:
After selecting client-app-1 and saving:
After this configuration: only the client-app-1 client can access aservice/a/b, and the gateway will verify the request according to the authentication method of client-app-1.
# Fizz Gateway Introduction
Fizz Gateway is a Java-based microservice aggregation gateway that can achieve hot service orchestration and aggregation, automatic authorization selection, online service script coding, online testing, high-performance routing, API audit management, and callback management. The definition plug-in system can be extended by itself, and provides a friendly graphical configuration interface, which can quickly help enterprises to manage API services, reduce the glue code in the middle layer, reduce coding investment, and improve the stability and security of API services.
Official website: https://www.fizzgate.com
GitHub: https://github.com/wehotel/fizz-gateway-community
Code Cloud: https://gitee.com/fizzgate/fizz-gateway
Getting Started Tutorial: https://www.fizzgate.com/fizz/guide/GettingStarted/
Author: lancer