kong api gateway 插件之acl

来源：互联网发布：剑灵力士捏脸数据大全编辑：程序博客网时间：2024/06/07 18:12

文章来源：http://blog.csdn.net/qq_26656329/article/details/78432565

添加一个API

curl -i -X POST \    --url http://localhost:8001/apis/ \    --data 'name=example-api' \    --data 'uris=/user' \    --data 'upstream_url=http://test.my'

返回值

{    "created_at":1509616750000,    "strip_uri":true,    "id":"ced08536-36d8-4e0f-bc94-5e650b29375b",    "name":"example-api",    "http_if_terminated":false,    "preserve_host":false,    "upstream_url":"http://test.my",    "uris":[        "/user"    ],    "upstream_connect_timeout":60000,    "upstream_send_timeout":60000,    "upstream_read_timeout":60000,    "retries":5,    "https_only":false}

API关联oauth

curl -X POST http://localhost:8001/apis/example-api/plugins \    --data "name=oauth2" \    --data "config.enable_authorization_code=true" \    --data "config.scopes=email,phone,address" \    --data "config.mandatory_scope=true"

返回值

{    "created_at":1509616928000,    "config":{        "token_expiration":7200,        "mandatory_scope":true,        "hide_credentials":false,        "enable_authorization_code":true,        "enable_implicit_grant":false,        "global_credentials":false,        "scopes":[            "email",            "phone",            "address"        ],        "enable_password_grant":false,        "accept_http_if_already_terminated":false,        "anonymous":"",        "enable_client_credentials":false,        "provision_key":"function"    },    "id":"c8cfea25-1523-44fc-a3cd-1f2b7fcb2cea",    "name":"oauth2",    "api_id":"ced08536-36d8-4e0f-bc94-5e650b29375b",    "enabled":true}

添加消费者

curl -X POST http://localhost:8001/consumers/ \    --data "username=user123"

返回值

{    "created_at":1509617000000,    "username":"user123",    "id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"}

创建应用

curl -X POST http://localhost:8001/consumers/e5b491d8-46db-4371-a279-57e2a2ab30d7/oauth2 \    --data "name=test-app" \    --data "redirect_uri=http://test.my"

返回值

{    "client_id":"IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO",    "created_at":1509617348000,    "id":"a4723382-db36-4bfc-8a0e-ecfb4dcd24d5",    "redirect_uri":[        "http://test.my"    ],    "name":"test-app",    "client_secret":"Pat9mbOTd4ynpAZZHSknSo9LGC92vToU",    "consumer_id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"}

消费者分组

curl -X POST http://localhost:8001/consumers/user123/acls \    --data "group=group1"

返回值

{    "group":"group1",    "created_at":1509617164000,    "id":"bdcab065-0eaf-415a-9ce8-d3121bb3dd59",    "consumer_id":"e5b491d8-46db-4371-a279-57e2a2ab30d7"}

测试API访问

# 生成codecurl -X POST https://localhost:8443/user/oauth2/authorize \    --data "client_id=IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO" \    --data "response_type=code" \    --data "provision_key=function" \    --data "authenticated_userid=0" \    --data "scope=email"# 获取tokencurl -X POST https://localhost:8443/user/oauth2/token \    --data client_id=IL9mQYMtIAWw9cTWGrvC0OCyA3sNCmrO \    --data client_secret=Pat9mbOTd4ynpAZZHSknSo9LGC92vToU \    --data provision_key=function \    --data code=Bj8sRhSiUO3lUaD6G8mR0LDYokc7td1T \    --data grant_type=authorization_code# 访问APIcurl https://localhost:8443/user?access_token=Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku

返回值

# code返回值{    "redirect_uri": "http://test.my?code=Bj8sRhSiUO3lUaD6G8mR0LDYokc7td1T"}# token返回值{    "refresh_token": "sKKFXWGkqsrWliDKLHaelU3XtIqL1duD",    "token_type": "bearer",    "access_token": "Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku",    "expires_in": 7200}# 访问API返回值array (  'access_token' => 'Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku',)

api关联acl插件并把group1加入黑名单

curl -X POST http://localhost:8001/apis/example-api/plugins \    --data "name=acl" \    --data "config.blacklist=group1, group2"

返回值

{    "created_at":1509617953000,    "config":{        "whitelist":[            "group1",            "group2"        ]    },    "id":"03890256-0f28-445c-ab1b-435eab73362a",    "name":"acl",    "api_id":"ced08536-36d8-4e0f-bc94-5e650b29375b",    "enabled":true}

再次请求API

curl https://localhost:8443/user?access_token=Iv6l21VPo3ctgLRv1QicWcGBhJS0Rmku

返回值

{    "message": "You cannot consume this service"}

阅读全文

0 0