美文网首页
APISIX Consumer用法 - consumer-res

APISIX Consumer用法 - consumer-res

作者: heichong | 来源:发表于2023-01-13 13:40 被阅读0次

    本篇文章讲述如果通过consumer-restriction来限制路由的访问权限(黑白名单机制)

    原始情况

    我有一个消费者配置如下:

    {
  "username": "helloConsumer",
  "desc": "hello消费者",
  "plugins": {
    "key-auth": {
      "disable": false,
      "key": "1234567890"
    }
  }
}

    我有两个路由:

    • 路由test1
    {
  "uri": "/test1/**",
  "name": "test1",
  "methods": [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "HEAD",
    "OPTIONS",
    "CONNECT",
    "TRACE",
    "PURGE"
  ],
  "plugins": {
    "key-auth": {
      "disable": false,
      "header": "token"
    },
    "proxy-rewrite": {
      "regex_uri": [
        "^/test1/(.*)",
        "/$1"
      ]
    }
  },
  "upstream_id": "442135180308644824",
  "status": 1
}
    • 路由test2
    {
  "uri": "/test2/*",
  "name": "test2",
  "methods": [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "HEAD",
    "OPTIONS",
    "CONNECT",
    "TRACE",
    "PURGE"
  ],
  "plugins": {
    "key-auth": {
      "disable": false,
      "header": "token"
    },
    "proxy-rewrite": {
      "regex_uri": [
        "^/test2/(.*)",
        "/$1"
      ]
    }
  },
  "upstream_id": "442135180308644824",
  "status": 1
}

    正常情况下,通过以下方式,两个路由都可以访问

    [root@KSSYSDEV ~]# curl http://10.3.23.191:9906/test1/hello -H 'token:1234567890'
Hello World, From Port 9999
[root@KSSYSDEV ~]# curl http://10.3.23.191:9906/test2/hello -H 'token:1234567890'
Hello World, From Port 9998

    目的

    如果我想/test1可以被helloConsumer访问,而/test2不能被helloConsumer访问,改如何处理?

    这里就需要使用consumer-restriction,它可以给路由配置黑白名单

    调整配置

    重新修改路由如下:

    • 修改路由1
    {
  "uri": "/test1/**",
  "name": "test1",
  "methods": [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "HEAD",
    "OPTIONS",
    "CONNECT",
    "TRACE",
    "PURGE"
  ],
  "plugins": {
    "consumer-restriction": {
      "disable": false,
      "whitelist": [
        "helloConsumer"
      ]
    },
    "key-auth": {
      "disable": false,
      "header": "token"
    },
    "proxy-rewrite": {
      "regex_uri": [
        "^/test1/(.*)",
        "/$1"
      ]
    }
  },
  "upstream_id": "442135180308644824",
  "status": 1
}
    • 修改路由2
    {
  "uri": "/test2/*",
  "name": "test2",
  "methods": [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "HEAD",
    "OPTIONS",
    "CONNECT",
    "TRACE",
    "PURGE"
  ],
  "plugins": {
    "consumer-restriction": {
      "disable": false,
      "rejected_code": 403,
      "rejected_msg": "您没有权限访问此服务!",
      "whitelist": [
        "helloConsumer2"
      ]
    },
    "key-auth": {
      "disable": false,
      "header": "token"
    },
    "proxy-rewrite": {
      "regex_uri": [
        "^/test2/(.*)",
        "/$1"
      ]
    }
  },
  "upstream_id": "442135180308644824",
  "status": 1
}

    这里helloConsumer2是我随便配的,可以改成自己的consumerName。

    • 我们再次尝试访问/test1和/test2
    [root@KSSYSDEV ~]#
[root@KSSYSDEV ~]# curl http://10.3.23.191:9906/test1/hello -H 'token:1234567890'
Hello World, From Port 9999[root@KSSYSDEV ~]#
[root@KSSYSDEV ~]#
[root@KSSYSDEV ~]# curl http://10.3.23.191:9906/test2/hello -H 'token:1234567890'
{"message":"您没有权限访问此服务!"}

    可以看到,此consumer只能访问/test1,而无法访问/test2

    相关文章

      网友评论

          本文标题:APISIX Consumer用法 - consumer-res

          本文链接:https://www.haomeiwen.com/subject/ehugcdtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|APISIX Consumer用法 - consumer-res|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!