<p class="shortdesc">auth-request认证插件是一种比较灵活的认证方式，系统只需要提供一个认证服务接口，即可将认证过滤处理提升到接入层网关层面。同时插件提供认证缓存时间，避免每个请求都会请求认证服务。</p> <p class="p"><strong class="ph b">2.0.3版本及以后支持</strong></p> <section class="section" id="auth-request__section_inc_rpw_2sb"><h2 class="doc-tairway">流程图</h2> <p class="p"><img class="image" id="auth-request__image_gzv_ypw_2sb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220910180811-1df4ccf698e7.png" width="800"></p> <p class="p">注意：</p> <ol class="ol" id="auth-request__ol_h21_2qw_2sb"> <li class="li">在请求后端认证服务时，会将前端请求的querydata/postdata/header/cookie传入到后端。由后端提取数据认证。</li> <li class="li">后端认证服务需要返回是json格式的body数据，插件会根据返回结果中的一个字段值来判断是否认证成功。（用于判断的字段名和字段值可配置）</li> <li class="li">插件会根据配置的cache_header/cache_cookie/cache_querydata/cache_postdata字段名获取相应的字段值，然后根据key=value字符排序生成用于缓存的Key。</li> <li class="li">如果后端认证失败，则会将后端认证服务的返回结果直接返回给客户端。</li> </ol> </section> <section class="section" id="auth-request__section_a2z_fqw_2sb"><h2 class="doc-tairway">插件配置字段说明</h2> <div class="p"> <table class="table" id="auth-request__table_axr_hqw_2sb"><caption></caption><colgroup><col><col><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry align-left" id="auth-request__table_axr_hqw_2sb__entry__1">参数名</th> <th class="entry align-left" id="auth-request__table_axr_hqw_2sb__entry__2">参数类型</th> <th class="entry align-left" id="auth-request__table_axr_hqw_2sb__entry__3">是否必须</th> <th class="entry align-left" id="auth-request__table_axr_hqw_2sb__entry__4">默认值</th> <th class="entry align-left" id="auth-request__table_axr_hqw_2sb__entry__5">参数说明</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">url</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">string</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 "></td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">后端认证服务接口地址。（需要保证Kong到该服务地址网络通）</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">method</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">string</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">POST</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">后端认证服务接口请求方法</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">anonymous_uris</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">array</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 "></td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">不用于认证的请求地址。例如[“/login”]</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">cache_time</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">number</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">0</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">缓存有效期，单位为秒</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">cache_header</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">array</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">N</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">[]</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">用于生成缓存Key的header字段名列表</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">cache_cookie</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">array</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">N</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">[]</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">用于生成缓存Key的cookie字段名列表</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">cache_querydata</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">array</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">N</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">[]</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">用于生成缓存Key的querydata字段名列表</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">cache_postdata</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">array</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">N</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">[]</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">用于生成缓存Key的postdata字段名列表。（使用此字段，请保证请求体为json格式。并且字段是一级字段）</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">result_check_field</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">string</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">retcode</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">认证结果用于判断的字段名</td> </tr> <tr class="row"> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__1 ">result_check_value</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__2 ">string</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__3 ">Y</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__4 ">200</td> <td class="entry align-left" headers="auth-request__table_axr_hqw_2sb__entry__5 ">认证结果用于判断的字段值</td> </tr> </tbody></table> </div> </section> <section class="section" id="auth-request__section_oxb_3qw_2sb"><h2 class="doc-tairway">插件配置示例</h2> <p class="p"><img class="image" id="auth-request__image_tmn_4qw_2sb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220910180811-1fd72e259c2a.png" width="800"></p> </section>