| With the rapid development of network, traditional network service architecture has been gradually developed from a single web site to a distributed development. For this kind of architecture also has a wide range of applications in EMC company, EMC research and development center in Shanghai will be responsible for the development and maintenance of a large number of micro services on the network. Micro service has a variety of functions related to the business, the relevant third party applications in need to call these micro services in order to maintain the EMC’s business. And different micro service has different access restrictions, and how to protect the security of micro services in a wide range of network in a reasonable way to become a key issue. Due to the security is divided into two parts, authentication and authorization, then both need to verify the identity of the third party’s legitimate to determine whether there is sufficient permissions. The errors may result in information leaks and other serious losses.Currently has a number of mature standards such as OAuth2 has provided a reliable solution for the industry. So EMC draws on this standard and provides authentication server system for authentication management system and storage and authentication authorization. Which management system using MVC architecture, combined with MVC Spring, Hibernate and other mature framework for the registration of the application of the third parties to provide a platform. While the verification server and micro service with the help of Security Redis and Spring and so on to form a reliable authentication and authorization process. And provides the token refresh mechanism to ensure the third party application of the authentication time limit.The whole security system is developed with the consideration of reliability and ease of use. The current version of the system has been deployed to run on the test server, providing a reliable support for EMC’s business. |
