Research And Application Of Access Control In Microservices

With the development of cloud computing and Docker container technology,the maturity of continuous delivery and the evolution of software architecture,microservice has become a very popular software development architecture nowadays,which is more suitable for the situation that business expands rapidly and functions rapidly iterate.At the same time It brings agile development,good Scalability and scalability,but also brings many challenges,including the security issues of concern,and access control is an important part of system security.This paper explores the basic concepts and main features of the microservices architecture in depth and compares them with the traditional Monolithic architectures and SOA to get the requirements for access control in the microservices environment.Through the research of traditional authentication technology and access control technology,this paper analyzes the limitations and insufficient in the micro-service environment,and proposes the following two models respectively:Authentication Model in Microservices:This model draws on the basic idea of the CAS SSO model,replaces the simple token with the signature mechanism of JSON Web Token(JWT),and uses the API gateway as the only entry of the system.The use of token conversion mechanism to provide client tokens.All of above enabling the unified management of user identity,single sign-on and single sign-out.Access control model in Microservice:The fine-grained services and scalability of the system in the micro-service environment lead to the difficult use of traditional access control model.Attribute-based access control model(ABAC)model can not account for the interaction between microservices.Therefore,propose the concept of micro-service attributes,and design an extended model of attribute-based access control in micro-service environment,then describe it in formal language.In this paper,the microservices architecture is used to implement the comprehensive access control prototype system of the above two models.Besides the basis of identity authentication and authorization control,the model is distributed,flexible,extensible and fine-grained.Finally,validate the model prototype in a asset management trading system application.