---用Kong配置一个first-api服务
在安装并启动Kong之后,使用Kong的管理API端口8001添加一个名称为first-api的服务

curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=first-api' \
--data 'url=http://jcca.tech/first'

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:36:50 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 293
X-Kong-Admin-Latency: 5{"host":"jcca.tech","created_at":1592905010,"connect_timeout":60000,"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa","protocol":"http","name":"first-api","read_timeout":60000,"port":80,"path":"\/first","updated_at":1592905010,"retries":5,"write_timeout":60000,"tags":null,"client_certificate":null}r

-------添加一个路由(paths[]的值必须与first-api服务中的/v1/first-apis一致)

使first-api服务暴露出来以供用户访问,first-api服务没必要添加多个路由。

curl -i -X POST \
--url http://localhost:8001/services/first-api/routes \
--data 'hosts[]=jcca.tech' \
--data 'paths[]=/first'

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:38:42 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 434
X-Kong-Admin-Latency: 7{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d","path_handling":"v0","paths":["\/first"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1592905122,"sources":null,"hosts":["jcca.tech"],"https_redirect_status_code":426,"tags":null,"created_at":1592905122}r

-------通过first-api服务的Path来验证服务是否成功

curl -i -X GET \
--url http://localhost:8000/first\
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Tue, 23 Jun 2020 09:39:25 GMT
X-Kong-Upstream-Latency: 11
X-Kong-Proxy-Latency: 322
Via: kong/2.0.4Hello World---------------first

-------通过first-api服务的Path来验证路由是否成功

curl -i -X GET \
--url http://localhost:8001/services/first-api/routes

HTTP/1.1 200 OK
Date: Tue, 23 Jun 2020 09:41:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 457
X-Kong-Admin-Latency: 2{"next":null,"data":[{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d","path_handling":"v0","paths":["\/first"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1592905122,"sources":null,"hosts":["jcca.tech"],"https_redirect_status_code":426,"tags":null,"created_at":1592905122}]}

为first-api服务的路由{route_id}启动Basic验证插件
URL格式:http://localhost:8001/routes/{route_id}/plugins
curl -i -X POST \
--url http://localhost:8001/routes/a852b4f5-fce4-4a59-a82b-c1993285770d/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:44:18 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 297
X-Kong-Admin-Latency: 7{"created_at":1592905458,"config":{"hide_credentials":true,"anonymous":null},"id":"c68dbdb9-4861-490a-8145-68b31118057e","service":null,"enabled":true,"protocols":["grpc","grpcs","http","https"],"name":"basic-auth","consumer":null,"route":{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d"},"tags":null}

添加第1个username为jack的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者jack映射到另外一个数据库上

curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:45:50 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 116
X-Kong-Admin-Latency: 5{"custom_id":null,"created_at":1592905550,"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b","tags":null,"username":"jack"}

为第1个用户jack启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth

curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "username=jack" \
--data "password=123456"

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:57:41 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 210
X-Kong-Admin-Latency: 6{"created_at":1592906261,"consumer":{"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b"},"id":"b0c162d8-04e4-4df2-a70b-9e2ab7c0bc29","tags":null,"password":"c8fc1290af917665d0bb0e09500a2de6b1508829","username":"jack"}

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
jack:123456 左边的键-值对字符串BASE64编码结果为:amFjazoxMjM0NTY=

使用用户jack的Basic验证方式访问first 数据接口
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 00:58:31 GMT
X-Kong-Upstream-Latency: 3
X-Kong-Proxy-Latency: 1
Via: kong/2.0.4Hello World---------------firstroot

添加第2个username为john的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者john映射到另外一个数据库上
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=john" \
--data "custom_id=abc12345"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:03:32 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 122
X-Kong-Admin-Latency: 6{"custom_id":"abc12345","created_at":1592960612,"id":"67b7abaf-cc01-4d78-8006-8d36fb46da11","tags":null,"username":"john"}

为第2个用户john启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/john/basic-auth \
--data "username=john" \
--data "password=123456"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:04:59 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 210
X-Kong-Admin-Latency: 6{"created_at":1592960699,"consumer":{"id":"67b7abaf-cc01-4d78-8006-8d36fb46da11"},"id":"ca058e63-8d52-4d89-9317-77a082902cde","tags":null,"password":"5febf254a953961c96d7ceb868316a19b943ee28","username":"john"}

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
john:123456 左边的键-值对字符串BASE64编码结果为:
am9objoxMjM0NTY=

使用用户john的Basic验证方式访问first 数据接口
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:08:17 GMT
X-Kong-Upstream-Latency: 11
X-Kong-Proxy-Latency: 2
Via: kong/2.0.4Hello World---------------first

添加第3个username为cathy的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者cathy映射到另外一个数据库上

curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=cathy"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:09:38 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 117
X-Kong-Admin-Latency: 6{"custom_id":null,"created_at":1592960978,"id":"98a8fcab-0a6b-4a0f-aea1-544e192571b7","tags":null,"username":"cathy"}

为第3个用户cathy启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth
curl -i -X POST \
--url http://localhost:8001/consumers/cathy/basic-auth \
--data "username=cathy" \
--data "password=123456"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:10:36 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 211
X-Kong-Admin-Latency: 5{"created_at":1592961036,"consumer":{"id":"98a8fcab-0a6b-4a0f-aea1-544e192571b7"},"id":"b6269ffc-50eb-40fe-957a-a5988551da06","tags":null,"password":"99579e578ced438e5d5959a9bc43b97ba7fb2667","username":"cathy"}r

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
cathy@hotmail.com:123456 左边的键-值对字符串BASE64编码结果为:
Y2F0aHk6MTIzNDU2
使用用户cathy的Basic验证方式访问first数据接口curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:15:09 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 257
Via: kong/2.0.4Hello World---------------firstroot

为first-api服务启用ACL访问控制列表插件,并且定义黑名单group3和group4
URL格式:http://localhost:8001/services/{service}/plugins

curl -i -X POST \
--url http://localhost:8001/services/first-api/plugins \
--data "name=acl"  \
--data "config.blacklist=blacklist_group1, blacklist_group2"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:19:06 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 344
X-Kong-Admin-Latency: 7{"created_at": 1592961546,"config": {"hide_groups_header": false,"blacklist": ["blacklist_group1, blacklist_group2"],"whitelist": null},"id": "d2820ca9-4634-4bb5-bdc0-b25c439be8c9","service": {"id": "672bccd6-f72e-44dd-b601-dc13ba0c32fa"},"enabled": true,"protocols": ["grpc", "grpcs", "http", "https"],"name": "acl","consumer": null,"route": null,"tags": null
}

为first-api服务的路由{route_id}启动ACL访问控制列表插件,并且定义黑名单blacklist_group1,和blacklist_group2
URL格式:http://localhost:8001/routes/{route_id}/plugins

curl -i -X POST \
--url http://localhost:8001/routes/a852b4f5-fce4-4a59-a82b-c1993285770d/plugins \
--data "name=acl"  \
--data "config.blacklist=blacklist_group1, blacklist_group2"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:22:18 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 344
X-Kong-Admin-Latency: 7{"created_at": 1592961738,"config": {"hide_groups_header": false,"blacklist": ["blacklist_group1, blacklist_group2"],"whitelist": null},"id": "1453eb6d-60f7-46da-af28-2166b439b40d","service": null,"enabled": true,"protocols": ["grpc", "grpcs", "http", "https"],"name": "acl","consumer": null,"route": {"id": "a852b4f5-fce4-4a59-a82b-c1993285770d"},"tags": null
}

如果建立黑名单列表blacklist_group1和blacklist_group2,只要没把用户jack、john和cathy任何一个人关联到黑名单blacklist_group1,或者黑名单blacklist_group2
那么以下命令依然可以访问first服务:

-----------------消费者用户jack- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:26:20 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 17
Via: kong/2.0.4Hello World---------------firstroot

-----------------消费者用户john- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic  am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:26:57 GMT
X-Kong-Upstream-Latency: 5
X-Kong-Proxy-Latency: 2
Via: kong/2.0.4Hello World---------------first

-----------------消费者用户cathy- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:28:25 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 272
Via: kong/2.0.4Hello World---------------first

有时间,我们需要把外部访问的消费者做鉴权,所以就可以把黑名单组blacklist_group2关联到消费者jack:
URL格式:http://localhost:8001/consumers/{consumer_id or username}/acls

curl -i -X POST \
--url http://localhost:8001/consumers/jack/acls \
--data "group=blacklist_group2"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:29:51 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 165
X-Kong-Admin-Latency: 7{"created_at":1592962191,"consumer":{"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b"},"id":"cd67bfa0-b376-49a5-af75-150acd70b9d5","group":"blacklist_group2","tags":null}

我们来看下黑名单组blacklist_group2关联到消费者jack的访问

-----------------消费者用户jack- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 403 Forbidden
Date: Wed, 24 Jun 2020 02:00:59 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 45
X-Kong-Response-Latency: 2
Server: kong/2.0.4{"message":"You cannot consume this service"}

没有加入黑名单的用户john和 cathy依然可以访问first服务

-----------------消费者用户john- 的访问接口的url如下-----------

curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic  am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 02:01:17 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 0
Via: kong/2.0.4Hello World---------------firstroot

-----------------消费者用户cathy- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 02:05:05 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 1094
Via: kong/2.0.4Hello World---------------first

Kong 插件ACL的使用方法(访问控制列表黑名单)相关推荐

  1. linux怎么给目录创建acl,LINUX-ACL文件访问控制列表

    在 Linux下,对一个文件(或者资源)可以进行操作的对象被分为三类: file owner(文件的拥有者),group(组,可以不是文件拥有者所在的组), other (其他)而对于每一类别又分别定 ...

  2. 思科ACL访问控制列表常规配置

    一.ACL概述 ACL (Access Control List,访问控制列表)是一系列运用到路由器接口的指令列表.这些指令告诉路由器接收哪些数据包.拒绝哪些数据包,接收或者拒绝根据一定的规则进行,如 ...

  3. Linux 访问文件的acl信息,linux文件权限管理与ACL访问控制列表

    一.文件属性 1.文件属性: 文件属性操作 chown : change owner  ,设置文件所有者 chgrp : change group  ,设置文件的属组 文件属主修改: chown 格式 ...

  4. ACL访问控制列表【笔记|实验】

    一.访问控制列表概述 1.访问控制列表(ACL):读取第三层.第四层包头信息,根据预先丁含义好的规则对包进行过滤. 2.访问控制列表的处理过程:如果匹配第一条规则,则不再往下检查,路由器将决定该数据包 ...

  5. ACL(用访问控制列表实现包过滤)

    ACL概述: ACL(AccessControlList,访问控制列表)是用来实现数据包识别功能的 ACL可以应用于诸多方面 →包过滤防火墙功能 →NAT(NetworkAddressTranslat ...

  6. 华为(访问控制列表ACL)

    目录 一.ACL概述 1.1 访问控制列表在接口应用的方向 1.2 ACL的应用 二.拓展访问控制列表实例 2.1 拓扑图 2.2 AR1配置 2.3 测试结果 一.ACL概述 访问控制列表ACL读取 ...

  7. 访问控制列表(ACL)

    更多文章请移步:www.yanjun.pro 1.访问控制列表(ACL)简介 1.1.ACL 概述 访问控制列表 ACL(Access Control List)是由一条或多条规则组成的集合.所谓规则 ...

  8. 思科三层交换机配置ACL(访问控制列表)的步骤讲解

    ACL访问控制列表是构建安全规范的网络不可缺少的,但在三层交换机上配置ACL却不为一些刚进企业的初级网络管理维护人员所知.下面介绍一下在三层交换机上配置ACL的试验过程. 三层交换机上配置本地Vlan ...

  9. 交换机ACL访问控制列表举例说明

    ACL:access list 访问控制列表 acl 两种: 基本acl(2000-2999):只能匹配源ip地址. 高级acl(3000-3999):可以匹配源ip.目标ip.源端口.目标端口等三层 ...

最新文章

  1. 常用windows命令
  2. 本地连接受限制或无连接的解决办法
  3. hibernate xxx is not mapped 错误原因及解决方法
  4. micronet 测试
  5. Silverlight C# 游戏开发:L2 自定义模型导入
  6. GUI动画演示java_java – 使用JFrame的简单GUI动画
  7. iOS简单动画实现方案
  8. es文件浏览器怎么用_ES文件浏览器VIP直装版
  9. 列车座位应考虑向后摆放
  10. image转base64
  11. 「快手极速版」榜 App Store 总榜第一
  12. MySQL索引优化案例学习总结
  13. Java程序设计基础笔记 • 【第7章 Java中的类和对象】
  14. java实现杨辉三角
  15. 2020杭电多校赛 Multi-University Training Contest
  16. 千年db服务器注册,千年服务器架设说明.doc
  17. winscp是什么软件_文件传输软件WinSCP的使用
  18. 云和恩墨数据库人才招聘
  19. BILSTM原理介绍
  20. linux下 取文件的交集 并集 差集

热门文章

  1. 春节小游戏之图片分类(Pytorch模型部署)
  2. 【shotcut】旋转缩放 输出GIF
  3. elasticsearch安装和配置,elasticsearch启动报错:can not run elasticsearch as root
  4. 【Matlab】M文件编写PID调节传递函数
  5. IE图标不见了,自定义桌面里面也找不到
  6. Bootstrap前端开发框架【使用教程】
  7. 【硬货】vue全家桶+Echarts+百度地图,搭建数据可视化系统
  8. 电源系统分析之电源综合分析
  9. win10下MissionPlanner地面站的安装
  10. python中screen用法_screen命令的使用