openresty 请求鉴权,
openresty 请求鉴权,
openresty 请求鉴权
请求发往后端前,先对请求进行鉴权,鉴权通过发往后端
请求鉴权
auth_request 鉴权
请求发往后端前,auth_request发送子请求; 返回的状态码2xx,请求通过 返回的状态码4xx,拒绝通过 # 示例 location / { # 发起子请求,进行鉴权 auth_request /auth; # 鉴权通过后,将请求发送给后端处理 proxy_pass/fastcgi_pass/postgres_pass/... }
ngx.capture 子请求鉴权
Note that when calling ngx.exit(ngx.OK) within a access_by_lua_block handler, the Nginx request processing control flow will still continue to the content handler. To terminate the current request from within a access_by_lua_block handler, call ngx.exit with status >= 200 (ngx.HTTP_OK) and status < 300 (ngx.HTTP_SPECIAL_RESPONSE) for successful quits and ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) (or its friends) for failures * 调用ngx.exit(ngx.OK)会结束access_by_lua_block,继续执行后续操作 * status为2xx,access_by_lua_block执行成功 * status为4xx、5xx,access_by_lua_block执行失败 # 示例:使用ngx.location.capture模拟auth_request鉴权请求 location / { # 子请求鉴权 access_by_lua_block { local res = ngx.location.capture("/auth") if res.status == ngx.HTTP_OK then return end if res.status == ngx.HTTP_FORBIDDEN then ngx.exit(res.status) end ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) } # 鉴权通过后,将请求发送给后端处理 proxy_pass/fastcgi_pass/postgres_pass/... }
使用示例
***********
后端应用
HelloController
@RestController public class HelloController { @RequestMapping("/auth") public void auth(HttpServletRequest request, HttpServletResponse response){ Enumeration<String> enumeration = request.getHeaderNames(); while (enumeration.hasMoreElements()){ String name = enumeration.nextElement(); System.out.println(name + " ==> " + request.getHeader(name)); } String authorization = request.getHeader("Authorization"); if ("gtlx".equalsIgnoreCase(authorization)){ response.setStatus(200); }else { response.setStatus(401); } } @RequestMapping("/hello") public String hello(){ return "瓜田李下"; } }
Dockerfile
from java:8 workdir /usr/local/jar copy hello.jar app.jar expose 8080 entrypoint ["java", "-jar", "app.jar"]
edit configuration ==> docker
启动docker 应用
. ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.7.2) 2022-07-29 02:09:24.518 INFO 1 --- [ main] com.example.demo.DemoApplication : Starting DemoApplication v0.0.1-SNAPSHOT using Java 1.8.0_111 on d61d6b0d8d4f with PID 1 (/usr/local/jar/app.jar started by root in /usr/local/jar) 2022-07-29 02:09:24.526 INFO 1 --- [ main] com.example.demo.DemoApplication : No active profile set, falling back to 1 default profile: "default" 2022-07-29 02:09:26.075 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 2022-07-29 02:09:26.105 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2022-07-29 02:09:26.106 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.65] 2022-07-29 02:09:26.237 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2022-07-29 02:09:26.238 INFO 1 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1604 ms 2022-07-29 02:09:26.851 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2022-07-29 02:09:26.871 INFO 1 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 3.005 seconds (JVM running for 3.557) 2022-07-29 02:09:28.459 INFO 1 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 2022-07-29 02:09:28.459 INFO 1 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2022-07-29 02:09:28.465 INFO 1 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 6 ms
***********
openresty
default.conf
server { listen 80; server_name localhost; location / { root /usr/local/openresty/nginx/html; index index.html index.htm; } location /test { auth_request /check; proxy_pass http://172.18.0.4:8080/hello; } location /test2 { access_by_lua_block { local cjson = require 'cjson'; local res, err = ngx.location.capture("/check"); -- ngx.say("res ==> ", cjson.encode(res)); if res.status == 200 then ngx.exit(200); else ngx.exit(res.status); end } proxy_pass http://172.18.0.4:8080/hello; } location /check { proxy_pass http://172.18.0.4:8080/auth; proxy_set_header Authorization $http_Authorization; proxy_set_header name 'hzw'; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/openresty/nginx/html; } }
创建openresty容器
docker run -it -d --net fixed --ip 172.18.0.2 -p 9000:80 \ -v /Users/huli/lua/openresty/core/default.conf:/etc/nginx/conf.d/default.conf \ --name open-auth lihu12344/openresty
***********
使用测试
localhost:9000/test ==> Authorization=gtlx
# springboot 控制台输出 authorization ==> gtlx name ==> hzw host ==> 172.18.0.4:8080 connection ==> close user-agent ==> PostmanRuntime/7.29.0 accept ==> */* postman-token ==> fecbb948-e9a3-45c4-a39c-ea25c67f9e1f accept-encoding ==> gzip, deflate, br
localhost:9000/test ==> Authorization=gtlx2
# springboot 控制台输出 authorization ==> gtlx2 name ==> hzw host ==> 172.18.0.4:8080 connection ==> close user-agent ==> PostmanRuntime/7.29.0 accept ==> */* postman-token ==> 168aae93-d5e2-4243-8278-014f44db3ce9 accept-encoding ==> gzip, deflate, br
localhost:9000/test2 ==> Authorization=gtlx
# springboot 控制台输出 authorization ==> gtlx name ==> hzw host ==> 172.18.0.4:8080 connection ==> close user-agent ==> PostmanRuntime/7.29.0 accept ==> */* postman-token ==> 8aadba89-c3a9-4d8d-a09d-f3beab7df55f accept-encoding ==> gzip, deflate, br
localhost:9000/test2 ==> Authorization=gtlx2
# springboot 控制台输出 authorization ==> gtlx2 name ==> hzw host ==> 172.18.0.4:8080 connection ==> close user-agent ==> PostmanRuntime/7.29.0 accept ==> */* postman-token ==> b887942a-64c2-410d-b1e9-37cd778ef85e accept-encoding ==> gzip, deflate, br
评论暂时关闭