说明:
- 本文APISIX的配置参考我之前写的《Ubuntu部署Apache APISIX》
创建最小API
首先,确保你已经安装了.NET 6 SDK。创建文件夹“MinimalApiDemo”,VS Code打开文件夹,打开终端
dotnet new web -o MinimalApiDemo
cd MinimalApiDemo
修改Program.cs
var builder = WebApplication.CreateBuilder(args);var app = builder.Build();
builder.WebHost.UseUrls("http://0.0.0.0:5001");
app.MapGet("/",()=>"Hello, World!");
app.MapGet("/protect/{name}",(string name)=>$"Hello, {name}!");
app.Run();
启动项目
dotnet run
浏览器打开“http://192.168.8.220:5001/protect/tom”,显示结果
Hello, tom!
创建消费者
创建两个消费者,管理员admin和用户user
{"username":"admin_role","plugins":{"jwt-auth":{"exp":86400,"key":"admin","secret":"admin1234567890"}}}
{"username":"user_role","plugins":{"jwt-auth":{"exp":86400,"key":"user","secret":"user1234567890"}}}
创建上游
创建公共API端点
为JWT身份验证创建公共API端点
/apisix/plugin/jwt/sign
{"uri":"/gen_token","name":"jwttoken","plugins":{"public-api":{"uri":"/apisix/plugin/jwt/sign"}},"status":1}
浏览器或者Postman等工具,请求如下链接,注意这里的key为admin
http://192.168.8.249:9080/gen_token?key=admin
得到admin的token
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkiOiJhZG1pbiIsImV4cCI6MTcxNzc2ODcwNH0.YeuyvRJmRHwajqmFm6G8ffYtguIW4PFoZ7LY3iDO8Kg
同理,接下来使用key为user
http://192.168.8.249:9080/gen_token?key=user
得到user的token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyIiwiZXhwIjoxNzE3NzY4ODc0fQ.ZSpDGNmBHVjoKtLxxic6S5C4auNJx1FlAJThvJReq6k
创建测试路由
测试之前的最小API接口
http://192.168.8.220:5001/protect/tom
【更多】【查看】的内容如下
{"uri":"/protect/*","name":"protect","methods":["GET"],"plugins":{"consumer-restriction":{"whitelist":["admin_role"]},"jwt-auth":{}},"upstream_id":"516993931985027773","status":1}
测试JWT认证
使用Postman工具,访问如下接口
http://192.168.8.249:9080/protect/tom
Postman提示
{"message":"Missing JWT token in request"}
Headers中Key填写“Authorization”,Value填写“Bearer [token]”(注意Bearer和[token]之间有一个空格)
使用user的token
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyIiwiZXhwIjoxNzE3NzY4ODc0fQ.ZSpDGNmBHVjoKtLxxic6S5C4auNJx1FlAJThvJReq6k
Postman提示如下。网关阻止了user用户请求
{"message":"The consumer_name is forbidden."}
接下来使用admin的token
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkiOiJhZG1pbiIsImV4cCI6MTcxNzc2ODcwNH0.YeuyvRJmRHwajqmFm6G8ffYtguIW4PFoZ7LY3iDO8Kg
admin用户顺序访问受保护的接口
参考
- 公共 API | Apache APISIX®——云原生 API 网关 — public-api | Apache APISIX® – Cloud-Native API Gateway
- 什么是基于JWT的token认证,如何配置token认证_API 网关(API Gateway)-阿里云帮助中心 (aliyun.com)
- How To Use JWT Authentication With Web API (c-sharpcorner.com)
- jwt-auth | Apache APISIX® – Cloud-Native API Gateway
版权归原作者 VinciYan 所有, 如有侵权,请联系我们删除。