CN114444058A - Authentication system and method for micro-service, electronic equipment and storage medium - Google Patents

Authentication system and method for micro-service, electronic equipment and storage medium Download PDF

Info

Publication number
CN114444058A
CN114444058A CN202111633788.6A CN202111633788A CN114444058A CN 114444058 A CN114444058 A CN 114444058A CN 202111633788 A CN202111633788 A CN 202111633788A CN 114444058 A CN114444058 A CN 114444058A
Authority
CN
China
Prior art keywords
access
information
access domain
service
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111633788.6A
Other languages
Chinese (zh)
Inventor
吕辉
吕向峰
黄亮
彭轶喆
祁中翚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Digital Video Beijing Ltd
Original Assignee
China Digital Video Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Digital Video Beijing Ltd filed Critical China Digital Video Beijing Ltd
Priority to CN202111633788.6A priority Critical patent/CN114444058A/en
Publication of CN114444058A publication Critical patent/CN114444058A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides an authentication system, a method, electronic equipment and a storage medium of micro service, wherein the system comprises: the user equipment is used for sending a login request to the authentication center; the login request comprises user information; the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, the JWT information is sent to the user equipment; the access domain is the access authority of the user information for each micro service; the registration center is used for synchronizing the access domain to the gateway in real time; the gateway is used for verifying JWT information to be verified in an access request according to an access domain when receiving the access request aiming at the target micro service sent by the user equipment so as to determine whether the user equipment is allowed to access the target micro service. The user access domain can be synchronized in real time, and the access request of the user is quickly authenticated in the gateway based on the access domain, so that the authentication efficiency and the operation performance of the micro-service are improved.

Description

Authentication system and method for micro-service, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of micro services, in particular to an authentication system of a micro service, an authentication method of a micro service, electronic equipment and a storage medium.
Background
Microservice (or microservice architecture, microservice system) is a cloud-native architecture approach in which a single application consists of many loosely-coupled and independently deployable smaller components or services. With the development of business system architecture, the traditional single architecture starts to move to micro-service architecture, and the core feature of micro-service is to decompose the highly coupled single architecture.
In a micro-service architecture (system), a plurality of small and independent micro-services are operated, and the small and independent micro-services are characterized by being stateless and can be deployed in a multi-node cluster, so that a unified gateway is needed to provide access entries for the independent micro-services, but the micro-services are not allowed to be directly accessed by users logged in through an authentication center, but can be accessed by users with certain system access rights. Currently, it is usually verified directly in the current microservice whether the current user has the right to access the microservice or some interfaces of the microservice, but in such a manner, the gateway must initiate a time-consuming connection request to the upstream microservice, and if the system has a high requirement on the performance of the gateway, this operation obviously degrades the throughput of the gateway, which is not beneficial to construct a microservice system with a high-performance and high-throughput gateway service.
Disclosure of Invention
The embodiment of the invention provides an authentication system and an authentication method for micro services, which aim to solve the problems that a large amount of system resources are consumed for micro service access authentication and system performance is influenced in the prior art.
The embodiment of the invention discloses an authentication system of micro-services, which is characterized by comprising user equipment, an authentication center, a registration center and a gateway, wherein the registration center is registered with a plurality of micro-services, wherein:
the user equipment is used for sending a login request to the authentication center; the login request comprises user information;
the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, sending the JWT information to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
the registry is used for synchronizing the access domain to the gateway in real time;
the gateway is used for verifying JWT information to be verified in the access request according to the access domain when receiving the access request aiming at the target micro service sent by the user equipment, so as to determine whether the user equipment is allowed to access the target micro service.
Optionally, the authentication center is further configured to modify an access domain corresponding to the user information, and send the modified access domain to the registration center;
the registry is further configured to synchronize the modified access domain to the gateway in real time.
Optionally, the registry is further configured to obtain micro service information of the micro service, and register the micro service according to the micro service information; the micro-service information includes an identification, an IP address, and a port of the micro-service.
Optionally, the gateway is further configured to extract JWT information to be verified, which is carried in the access request; the JWT information to be verified comprises an access domain to be verified for the target microservice; and when the access domain contains the access domain to be verified aiming at the target micro service, allowing the user equipment to access the target micro service.
Optionally, the gateway is further configured to deny the user equipment from accessing the target micro service and prompt an error message when the access domain in the target JWT information does not include the access domain for the target micro service.
The embodiment of the invention also discloses an authentication method of the micro-service, which is characterized by comprising user equipment, an authentication center, a registration center and a gateway, wherein the registration center is registered with a plurality of micro-services, and the method comprises the following steps:
the user equipment sends a login request to the authentication center; the login request comprises user information;
the authentication center acquires an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, the JWT information is sent to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
the registry synchronizes the access domain to the gateway in real time;
when receiving an access request aiming at a target micro service sent by the user equipment, the gateway verifies JWT information to be verified in the access request according to the access domain so as to determine whether the user equipment is allowed to access the target micro service.
Optionally, the method further comprises:
the authentication center modifies the access domain corresponding to the user information and sends the modified access domain to the registration center;
and the registry synchronizes the modified access domain to the gateway in real time.
Optionally, the method further comprises:
the registration center acquires micro service information of the micro service and registers the micro service according to the micro service information; the micro-service information includes an identification, an IP address, and a port of the micro-service.
Optionally, the verifying the to-be-verified JWT information in the access request according to the access domain to determine whether to allow the user equipment to access the target microservice includes:
the gateway extracts JWT information to be verified carried in the access request; the JWT information to be verified comprises an access domain to be verified for the target microservice;
and when the access domain contains the access domain to be verified aiming at the target micro service, allowing the user equipment to access the target micro service.
Optionally, the verifying the to-be-verified JWT information in the access request according to the JWT information to determine whether to allow the user equipment to access the target microservice includes:
and when the access domain in the target JWT information does not contain the access domain aiming at the target micro service, the gateway refuses the user equipment to access the target micro service and prompts error information.
The embodiment of the invention discloses electronic equipment, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the authentication method of the microservice are realized.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the authentication method of the microservice are realized.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides an authentication system of micro service, which comprises: the user equipment is used for sending a login request to the authentication center; the login request comprises user information; the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, the JWT information is sent to the user equipment; the access domain is the access authority of the user information aiming at each micro service; the registration center is used for synchronizing the access domain to the gateway in real time; the gateway is used for verifying JWT information to be verified in an access request according to an access domain when receiving the access request aiming at the target micro service sent by the user equipment so as to determine whether the user equipment is allowed to access the target micro service. The embodiment of the invention can synchronize the user access domain in real time, and quickly authenticate the access request of the user based on the access domain in the gateway, thereby improving the authentication efficiency and the operation performance of the micro-service.
Drawings
Fig. 1 is a block diagram of an authentication system for microservices according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an authentication process of the authentication system of the microservice of the present invention;
fig. 3 is a flowchart illustrating steps of an embodiment of a method for authenticating microservice according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Micro-services, a cloud-native architecture approach in which a single application consists of many loosely coupled and independently deployable smaller components or services, advocates dividing a single application into a set of small services that coordinate, interwork, and provide ultimate value to the user. Each service runs in an independent process, and the services communicate with each other by adopting a lightweight communication mechanism. Each service is built around a specific business and can be deployed independently to a production environment, a production-like environment, and the like. Therefore, a unified gateway is needed to provide access to these independent micro services, but not all users logged in through the authentication center are allowed to directly access all micro services, and some micro services need to have access rights of some systems to access, so that the access requests of the micro services need to be authenticated.
The existing authentication mode of the micro service is usually to directly verify whether a current user has the right to access the micro service or some interfaces of the micro service in the current micro service, but in such a mode, a gateway must initiate a time-consuming connection request to an upstream micro service, and if the system has a high requirement on the performance of the gateway, the operation obviously degrades the throughput of the gateway, which is not beneficial to constructing a micro service system with a high-performance and high-throughput gateway service. Therefore, the embodiment of the invention provides an authentication system for micro services, which can synchronize user access domains in real time, quickly authenticate access requests of users based on the access domains in a gateway, and improve the authentication efficiency and the operation performance of the micro services.
Referring to fig. 1, which shows a block diagram of an authentication system of a microservice according to an embodiment of the present invention, an authentication system 100 of a microservice may include: the system comprises user equipment 101, an authentication center 102, a registration center 103 and a gateway 104, wherein the registration center 103 registers a plurality of micro services, and the specific details are as follows:
the user equipment 101 is configured to send a login request to the authentication center; the login request comprises user information;
in the embodiment of the invention, the microservice can be accessed through the user equipment, and before accessing the microservice, the user equipment needs to perform login authentication, specifically, the user equipment sends a login request to an authentication center in the microservice system, and the login request can carry user information of a user, so that the authentication center verifies the user information in the login request. The user equipment may be a terminal device for accessing the microservice, and specifically may include a mobile phone, a tablet computer, a desktop computer, and the like. The user information may include identification information that can be used to distinguish the user, such as the user's name, account number, and password.
The authentication center 102 is configured to acquire an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, send the JWT information to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
specifically, the authentication center may be a unified authentication center (AuthServer) in the microserver, and may be configured to perform login authentication for a user, and return authentication information to the user who has successfully verified the login, where the authentication information may include user information and access domain information of the user.
The access domain (Scope) is right information of access rights of a user to one or more micro services, and may be included in user information of the user, that is, when the user logs in, the authentication center may obtain a corresponding access domain through the user information of the user.
Jwt (JSON web Token), a JSON-based open standard (RFC 7519) implemented for passing assertions between web application environments, is designed to be compact and secure, particularly for single sign-on (SSO) scenarios for distributed sites. The assertion of JWT is typically used to pass authenticated user identity information between the identity provider and the service provider to facilitate resource acquisition from the resource server, and may add some additional assertion information necessary for other business logic.
In a specific implementation, the authentication center may verify user information of the user when the user logs in for the first time, combine the user information of the user and the access domain into JWT information after the verification is passed, and return the combined JWT information to the user equipment. After receiving the JWT information, the user equipment may use the JWT information as verification information of a subsequent access request, and in a subsequent access to the microservice, the user information of the user may not be authenticated by the authentication center any more.
The registry 103 is configured to synchronize the access domain to the gateway in real time;
in the embodiment of the present invention, the registry may be a unified registry (registry) in the microserver, which provides microserver registration and service discovery, and the registry stores access domains of all users, and can synchronize the access domains into the gateway in real time.
In an exemplary embodiment, the registry is further configured to obtain micro service information of the micro service, and register the micro service according to the micro service information; the micro-service information includes an identification, an IP address, and a port of the micro-service.
The method comprises the steps that the service registration of the micro-service means that information such as host names, IP addresses, port numbers, version numbers, service configuration and the like of the micro-service is provided for a registration center when the service is started, and a service registration table is formed in the registration center, is a core part of service discovery and is a database containing network addresses of all service instances; the service discovery is that a service discovery client synchronizes a service registry from a service discovery center periodically and caches the service registry at the client, and when a request for a certain service is required, a service instance locates a target service network address through the registry. If the target service has a plurality of network addresses, one of the plurality of service instances is selected by using a load balancing algorithm, and then a request is sent.
The gateway 104 is configured to, when receiving an access request for a target micro service sent by the user equipment, verify JWT information to be verified in the access request according to the access domain, so as to determine whether to allow the user equipment to access the target micro service.
In the embodiment of the present invention, the Gateway may be a unified Gateway service (Gateway) in the microservice system, may preload the access domain of the user provided by the registry into the cache, and subscribe to the access domain of the registry, and may update the access domain in the cache in real time when the access domain of the registry is changed. And further verifying whether the user access domain in the JWT to be verified meets the access condition according to the access domain to determine whether the user equipment is allowed to access the target micro service.
In the embodiment of the invention, the user equipment is used for sending a login request to the authentication center; the login request comprises user information; the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, the JWT information is sent to the user equipment; the access domain is the access authority of the user information aiming at each micro service; the registration center is used for synchronizing the access domain to the gateway in real time; the gateway is used for verifying JWT information to be verified in an access request according to the JWT information when receiving the access request aiming at the target micro service sent by the user equipment so as to determine whether the user equipment is allowed to access the target micro service. The embodiment of the invention can synchronize the user access domain in real time, and quickly authenticate the access request of the user based on the access domain in the gateway, thereby improving the authentication efficiency and the operation performance of the micro-service.
In an exemplary embodiment, the authentication center is further configured to modify an access domain corresponding to the user information, and send the modified access domain to the registration center;
the registry is further configured to synchronize the modified access domain to the gateway in real time.
In a specific implementation, the access domain of a user is usually determined when the user registers and logs in, for example, user a and user B, it is assumed that the access domain of user a can access microservice 1, microservice 2 and microservice 3, and the access domain of user B can access microservice 1; at this point, when user B initiates an access request to microservice 2, it will be denied because user B's access domain is not eligible to access microservice 2. One possible scenario is that the access domain corresponding to the user needs to be modified.
An example is that an access domain corresponding to a user may be modified in an authentication center, and the modified access domain is sent to a registry, and is synchronized to a gateway in real time through the registry, so that the gateway can authenticate an access request of the user according to the modified access domain. For example, the access domain of the user B may be modified, the access right of the user B to the microservice 2 is increased, at this time, the access domain of the user B is capable of accessing the microservices 1 and 2, and then the modified access domain of the user B is sent to the registry, and is synchronized to the gateway by the registry. When the user B initiates an access request to the micro-service 2 again, the gateway authenticates the user B as a user capable of accessing the micro-service 2, and then allows the user B to access the micro-service 2. Of course, this is only an example of modifying the user access domain, and the specific modification manner may be determined according to practical situations, and the embodiment of the present invention is not limited to this.
In the above exemplary embodiment, the authentication center in the authentication system for micro services may modify the access domain corresponding to the user, send the modified access domain to the registration center, synchronize the access domain to the gateway through the registration center, and authenticate the access of the user to the micro services by using the gateway. The modification of the user access domain can be realized, the flexibility of the micro-service authentication is improved, and the modified micro-service authentication can be synchronized to the authentication gateway in real time to ensure the instantaneity of the micro-service authentication.
In an exemplary embodiment, the gateway is further configured to
Extracting JWT information to be verified carried in the access request; the JWT information to be verified comprises an access domain to be verified aiming at the target micro service;
and when the access domain contains the access domain to be verified aiming at the target micro service, allowing the user equipment to access the target micro service.
In a specific implementation, after the user equipment successfully logs in, the user equipment receives JWT information returned by the authentication center as verification information for subsequent access. When the user equipment initiates an access request aiming at the microservice, JWT information to be verified is carried in the access request. The gateway can extract the to-be-verified JWT information in the access request, wherein the to-be-verified JWT information comprises the to-be-verified access domain of the user.
In particular, the gateway may cache access domains when synchronizing the access domains of the registry, and thus, a plurality of different access domains may be stored in the gateway.
The gateway can verify the access domain in the target JWT information, specifically, determine whether the access domain synchronized from the registration center contains the access domain of the target micro service that the access request wants to access, and allow the user equipment to access the target micro service when the access domain contains the access domain to be verified for the target micro service.
In an exemplary embodiment, the gateway is further configured to, when the access domain does not include an access domain to be authenticated for the target micro service, deny the user equipment from accessing the target micro service, and prompt an error message.
When the access domain does not contain the access domain to be verified for the target micro service, it indicates that the access request does not satisfy the access condition of the target micro service, i.e. the user equipment initiating the access request does not have the access right to access the target micro service, so the gateway can deny the user equipment from accessing the target micro service and prompt the user equipment with error information.
In the above exemplary embodiment, the gateway verifies the user information to be verified in the JWT information to be verified carried by the access request and the access domain to be verified, and can authenticate the validity of the access request and the access domain at the gateway level, thereby implementing the fast authentication of the micro service system on the access request and improving the authentication efficiency of the micro service.
In order to make those skilled in the art better understand the technical solutions of the embodiments of the present invention, the following describes the embodiments of the present invention by way of an example, with reference to fig. 2.
Referring to fig. 2, a schematic diagram of an authentication process of the authentication system of the microservice of the present invention is shown. The user is user equipment, the Gateway is a Gateway, the service A is a target micro-service, the AuthServer is an authentication center, and the scope is an access domain of the user equipment. In fig. 2, the registry has been hidden to simplify the flow, but its role in the authentication system of a microservice of the present invention is not affected. Wherein, serviceA is the micro-service registered by the registration center, and the JWT information of AuthServer and Gateway is synchronized by the registration center.
1. The user1 and the user2 send login requests to the authentication center, the authentication center verifies the received login requests, and after the login requests of the user1 and the user2 are successfully verified, JWT information carrying the access domain is returned to the user1 and the user2 respectively;
2. the user1 and the user2 send access requests carrying JWT information to be verified to the target micro-service, and the gateway intercepts the access requests and authenticates the access requests;
3. the gateway verifies the access domain to be verified in JWT information of the user1 and the user2, after verification, the user1 is determined not to have the access right to access the target micro service, the access request of the user1 is rejected, and 403 error prompt information is returned; and determining that the user2 has the access right to access the target micro service, sending the access request of the user2 to the target micro service, obtaining data returned by the access request of the user2 from the target micro service, and returning the data to the user 2.
In the embodiment of the invention, the user equipment is used for sending a login request to the authentication center; the login request comprises user information; the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, the JWT information is sent to the user equipment; the access domain is the access authority of the user information aiming at each micro service; the registration center is used for synchronizing the JWT information to the gateway in real time; the gateway is used for verifying JWT information to be verified in an access request according to an access domain when receiving the access request aiming at the target micro service sent by the user equipment so as to determine whether the user equipment is allowed to access the target micro service. The embodiment of the invention can synchronize the user access domain in real time, and quickly authenticate the access request of the user based on the access domain in the gateway, thereby improving the authentication efficiency and the operation performance of the micro-service.
Referring to fig. 3, a flowchart illustrating steps of an embodiment of an authentication method for micro services according to the present invention is shown, where the method includes a user equipment, an authentication center, a registry and a gateway, where the registry is registered with a plurality of micro services, and the method includes:
step 301, the user equipment sends a login request to the authentication center; the login request comprises user information;
step 302, the authentication center acquires an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, sends the JWT information to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
step 303, the registry synchronizes the access domain to the gateway in real time;
step 304, when receiving an access request for a target micro service sent by the user equipment, the gateway verifies JWT information to be verified in the access request according to the access domain to determine whether to allow the user equipment to access the target micro service.
In an exemplary embodiment, the method further comprises:
the authentication center modifies the access domain corresponding to the user information and sends the modified access domain to the registration center;
and the registry synchronizes the modified access domain to the gateway in real time.
In an exemplary embodiment, the method further comprises:
the registration center acquires micro-service information of the micro-service and registers the micro-service according to the micro-service information; the micro-service information includes an identification, an IP address, and a port of the micro-service.
In an exemplary embodiment, the step 304 of verifying the to-be-verified JWT information in the access request according to the access domain to determine whether to allow the user equipment to access the target micro service includes:
the gateway extracts JWT information to be verified carried in the access request; the JWT information to be verified comprises an access domain to be verified for the target microservice;
and when the access domain contains the access domain to be verified aiming at the target micro service, allowing the user equipment to access the target micro service.
In an exemplary embodiment, the step 304 of verifying the to-be-verified JWT information in the access request according to the access domain to determine whether to allow the user equipment to access the target microservice includes:
and when the access domain does not contain the access domain aiming at the target micro service, the gateway refuses the user equipment to access the target micro service and prompts error information.
As for the method embodiment, since it is basically similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.
The embodiment of the invention discloses electronic equipment, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the authentication method embodiment of the microservice are realized.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the embodiment of the authentication method of the microservice are realized.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The authentication system of the micro service, the authentication method of the micro service, the electronic device and the storage medium provided by the invention are introduced in detail, and specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (8)

1. An authentication system of micro services, comprising a user equipment, an authentication center, a registry and a gateway, wherein the registry is registered with a plurality of micro services, wherein:
the user equipment is used for sending a login request to the authentication center; the login request comprises user information;
the authentication center is used for acquiring an access domain corresponding to the user information, and after combining the user information and the access domain into JWT information, sending the JWT information to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
the registry is used for synchronizing the access domain to the gateway in real time;
the gateway is used for verifying JWT information to be verified in the access request according to the access domain when receiving the access request aiming at the target micro service sent by the user equipment, so as to determine whether the user equipment is allowed to access the target micro service.
2. The system of claim 1,
the authentication center is also used for modifying the access domain corresponding to the user information and sending the modified access domain to the registration center;
the registry is further configured to synchronize the modified access domain to the gateway in real time.
3. The system of claim 1,
the registration center is also used for acquiring micro service information of the micro service and registering the micro service according to the micro service information; the micro-service information includes an identification, an IP address, and a port of the micro-service.
4. The system of claim 2, wherein the gateway is further configured to
Extracting JWT information to be verified carried in the access request; the JWT information to be verified comprises an access domain to be verified for the target microservice;
and when the access domain contains the access domain to be verified aiming at the target micro service, allowing the user equipment to access the target micro service.
5. The system of claim 4,
the gateway is further configured to deny the user equipment access to the target micro service and prompt an error message when the access domain does not include an access domain to be verified for the target micro service.
6. An authentication method for micro services, comprising a user equipment, an authentication center, a registration center and a gateway, wherein the registration center is registered with a plurality of micro services, the method comprising:
the user equipment sends a login request to the authentication center; the login request comprises user information;
the authentication center acquires an access domain corresponding to the user information, and after the user information and the access domain are combined into JWT information, the JWT information is sent to the user equipment; wherein the access domain is the access authority of the user information for each micro service;
the registry synchronizes the access domain to the gateway in real time;
when receiving an access request aiming at a target micro service sent by the user equipment, the gateway verifies JWT information to be verified in the access request according to the access domain so as to determine whether the user equipment is allowed to access the target micro service.
7. An electronic device, characterized in that it comprises a processor, a memory and a computer program stored on said memory and capable of running on said processor, said computer program, when executed by said processor, implementing the steps of the authentication method of a microservice according to claim 6.
8. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the authentication method of a microservice according to claim 6.
CN202111633788.6A 2021-12-28 2021-12-28 Authentication system and method for micro-service, electronic equipment and storage medium Pending CN114444058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111633788.6A CN114444058A (en) 2021-12-28 2021-12-28 Authentication system and method for micro-service, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111633788.6A CN114444058A (en) 2021-12-28 2021-12-28 Authentication system and method for micro-service, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114444058A true CN114444058A (en) 2022-05-06

Family

ID=81366125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111633788.6A Pending CN114444058A (en) 2021-12-28 2021-12-28 Authentication system and method for micro-service, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114444058A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065717A (en) * 2022-05-24 2022-09-16 中原银行股份有限公司 Micro-service calling processing method and device
CN116319090A (en) * 2023-05-18 2023-06-23 中国电子信息产业集团有限公司第六研究所 Power and environment monitoring system and method based on micro-service

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065717A (en) * 2022-05-24 2022-09-16 中原银行股份有限公司 Micro-service calling processing method and device
CN116319090A (en) * 2023-05-18 2023-06-23 中国电子信息产业集团有限公司第六研究所 Power and environment monitoring system and method based on micro-service
CN116319090B (en) * 2023-05-18 2023-08-11 中国电子信息产业集团有限公司第六研究所 Power and environment monitoring system and method based on micro-service

Similar Documents

Publication Publication Date Title
US10158627B2 (en) Location determination for user authentication
US9043591B2 (en) Image forming apparatus, information processing method, and storage medium
US9152781B2 (en) Secure mobile client with assertions for access to service provider applications
CN112131021B (en) Access request processing method and device
US11012233B1 (en) Method for providing authentication service by using decentralized identity and server using the same
CN110351269A (en) The method for logging in open platform by third-party server
US10122697B2 (en) Native authentication experience with failover
JP2017004301A (en) Authentication server system, method, program, and storage medium
CN114444058A (en) Authentication system and method for micro-service, electronic equipment and storage medium
US11444954B2 (en) Authentication/authorization server, client, service providing system, access management method, and medium
CN112491776B (en) Security authentication method and related equipment
CN114039759A (en) High-performance gateway authentication method and system for credit creation field
JP2020035079A (en) System and data processing method
CN111800426A (en) Method, device, equipment and medium for accessing native code interface in application program
CN113938886A (en) Identity authentication platform test method, device, equipment and storage medium
CN112291221A (en) Method and system for authenticating service access between micro services
CN112352411B (en) Registration of the same domain with different cloud service networks
Wu et al. Design and implementation of cloud API access control based on OAuth
CN113901429A (en) Access method and device of multi-tenant system
US11445372B2 (en) Scalable public key identification model
Lämmel et al. Enhancing cloud based data platforms for smart cities with authentication and authorization features
KR102118282B1 (en) Method for automating the authentication of use (login information authentication) from a app content
US8996607B1 (en) Identity-based casting of network addresses
CN116055151A (en) Service authority token acquisition method, system, electronic equipment and storage medium
JP7445017B2 (en) Mobile application forgery/alteration detection method using user identifier and signature collection, computer program, computer readable recording medium, and computer device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination