时间:2021-07-01 10:21:17 帮助过:147人阅读
anonymous_users启用认证插件后,如果不配置匿名用户,那么如果客户 端不传递凭据,那么就不会通过
每个请求必须要和一个消费者关联,匿名消费者的配置,需要如下:
$ curl -i -X PATCH --url http://localhost:8001/plugins/<your-plugin-id> --data "config.anonymous=<your-consumer-id>"我们可以针对匿名用户配置限流策略
Kong has the ability to configure a given Service to allow both authenticated and anonymous access.
You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access to authenticated users with a higher rate limit.
To configure a Service like this, you first apply your selected authentication plugin, then create a new consumer to represent anonymous users, then configure your authentication plugin to allow anonymous access. Here is an example, which assumes you have already configured a Service named example-service and the corresponding route:
Issue the following cURL request to create example-service pointing to mockbin.org, which will echo the request:
$ curl -i -X POST --url http://localhost:8001/services/ --data ‘name=example-service‘ --data ‘url=http://mockbin.org/request‘
Add a route to the Service:
$ curl -i -X POST --url http://localhost:8001/services/example-service/routes --data ‘paths[]=/auth-sample‘
The url http://localhost:8000/auth-sample will now echo whatever is being requested.
Issue the following cURL request to add a plugin to a Service:
$ curl -i -X POST --url http://localhost:8001/services/example-service/plugins/ --data ‘name=key-auth‘
Be sure to note the created Plugin id - you’ll need it in step 5.
Issue the following cURL request to verify that the key-auth plugin was properly configured on the Service:
$ curl -i -X GET --url http://localhost:8000/auth-sample
Since you did not specify the required apikey header or parameter, and you have not yet enabled anonymous access, the response should be 403 Forbidden:
HTTP/1.1 403 Forbidden
...
{
"message": "No API key found in headers or querystring"
}
Every request proxied by Kong must be associated with a Consumer. You’ll now create a Consumer named anonymous_users (that Kong will utilize when proxying anonymous access) by issuing the following request:
$ curl -i -X POST --url http://localhost:8001/consumers/ --data "username=anonymous_users"
You should see a response similar to the one below:
HTTP/1.1 201 Created
Content-Type: application/json
Connection: keep-alive
{
"username": "anonymous_users",
"created_at": 1428555626000,
"id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
}
Be sure to note the Consumer id - you’ll need it in the next step.
You’ll now re-configure the key-auth plugin to permit anonymous access by issuing the following request (replace the sample uuids below by the id values from step 2 and 4):
$ curl -i -X PATCH --url http://localhost:8001/plugins/<your-plugin-id> --data "config.anonymous=<your-consumer-id>"
The config.anonymous=<your-consumer-id> parameter instructs the key-auth plugin on this Service to permit anonymous access, and to associate such access with the Consumer id we received in the previous step. It is required that you provide a valid and pre-existing Consumer id in this step - validity of the Consumer id is not currently checked when configuring anonymous access, and provisioning of a Consumer id that doesn’t already exist will result in an incorrect configuration.
Confirm that your Service now permits anonymous access by issuing the following request:
$ curl -i -X GET --url http://localhost:8000/auth-sample
This is the same request you made in step #3, however this time the request should succeed, because you enabled anonymous access in step #5.
The response (which is the request as Mockbin received it) should have these elements:
{
...
"headers": {
...
"x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
"x-consumer-username": "anonymous_users",
"x-anonymous-consumer": "true",
...
},
...
}It shows the request was successful, but anonymous.
Anonymous Access的理解
标签:follow iat ready localhost uuid cte proxy nts rmi