test/apisix
1
0
Fork 0
mirror of https://gitee.com/iresty/apisix.git synced 2024-12-15 01:11:58 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
8cc3380250
apisix/doc/plugins/wolf-rbac.md
iGeeky 7fe2272492
doc: add wolf-rbac plugin (#1116) 
Co-authored-by: jie <jie123108@163.com>
2020-02-14 11:08:11 +08:00

6.0 KiB
Raw Blame History

中文

Summary

Name

wolf-rbac is an authentication and authorization (rbac) plugin. It needs to work with consumer. Also need to add wolf-rbac to a service or route. The rbac feature is provided by wolf. For more information about wolf, please refer to wolf documentation.

Attributes

  • server: Set the service address of wolf-server. If not set, the default is: http://127.0.0.1:10080.
  • appid: Set the app id. The app id must be added in wolf-console.

Dependencies

Install wolf and start the service

Wolf quick start

Add application, admin, normal user, permission, resource and user authorize

Wolf-console usage

How To Enable

  1. set a consumer and config the value of the wolf-rbac
curl http://127.0.0.1:9080/apisix/admin/consumers -X PUT -d '
{
  "username":"wolf_rbac",
  "plugins":{
    "wolf-rbac":{
      "server":"http://127.0.0.1:10080",
      "appid":"restful"
    }
  },
  "desc":"wolf-rbac"
}'

You can visit the dashboard: http://127.0.0.1:9080/apisix/dashboard/, to complete the above operations through the web interface, first add a consumer:

Then add the wolf-rbac plugin to the consumer page:

Notes: The appid filled in above needs to already exist in the wolf system.

  1. Add a Route or Service and enable the wolf-rbac plugin.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d '
{
    "methods": ["GET"],
    "uri": "/*",
    "plugins": {
        "wolf-rbac": {}
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "www.baidu.com:80": 1
        }
    }
}'

Test Plugin

Login and get wolf-rbac token:

The following appid, username, and password must be real ones in the wolf system.

  • Login as POST application/json
curl http://127.0.0.1:9080/apisix/plugin/wolf-rbac/login -i \
-H "Content-Type: application/json" \
-d '{"appid": "restful", "username":"test", "password":"user-password"}'

HTTP/1.1 200 OK
Date: Wed, 24 Jul 2019 10:33:31 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX web server
{"rbac_token":"V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts","user_info":{"nickname":"test","username":"test","id":"749"}}
  • Login as POST x-www-form-urlencoded
curl http://127.0.0.1:9080/apisix/plugin/wolf-rbac/login -i \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'appid=restful&username=test&password=user-password'

try request with token

  • without token
curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" -i

HTTP/1.1 401 Unauthorized
...
{"message":"Missing rbac token in request"}
  • request header(Authorization) with token:
curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" \
-H 'Authorization: V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -i

HTTP/1.1 200 OK

<!DOCTYPE html>
  • request header(x-rbac-token) with token:
curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" \
-H 'x-rbac-token: V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -i


HTTP/1.1 200 OK

<!DOCTYPE html>
  • request params with token:
curl 'http://127.0.0.1:9080?rbac_token=V1%23restful%23eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -H"Host: www.baidu.com" -i


HTTP/1.1 200 OK

<!DOCTYPE html>
  • request cookie with token:
curl http://127.0.0.1:9080 -H"Host: www.baidu.com" \
--cookie x-rbac-token=V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts -i


HTTP/1.1 200 OK

<!DOCTYPE html>

Disable Plugin

When you want to disable the wolf-rbac plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:

curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d '
{
    "methods": ["GET"],
    "uri": "/*",
    "plugins": {
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "www.baidu.com:80": 1
        }
    }
}'