The Design And Implementation Of Agile Development Platform Security Mechanism Based On Microservice Architecture

In recent years,with the continuous development of Internet technology,the traditional software system architecture has gradually shifted from a single-type architecture to a service-oriented architecture model.The service-oriented architecture model has gradually become a new research hotspot in the field of software development.Baidu's software development collaboration platform has the following advantages: simple and easy to use,visual operation,short-term continuous delivery,support for high concurrency,rich reporting,flexible configuration,etc.However,there are also some problems in the platform: high degree of coupling of the framework,low functional reuse rate,low independent scalability,poor stability,and difficulty in large-scale deployment.In order to solve the above problems,we did decide to introduce the microservice architecture for the platform,however,after introducing the microservice architecture,there are still some security risks.First of all,the data transmission between the front-end and back-end of the platform is via JSON,and JSON is transmitted in plaintext.Therefore,if the attacker intercepts the JSON data packets between the front-end and back-end transmissions,it will result in the leakage of data and this is a great security risk.Secondly,for the user's identity authentication and authentication,the current platform uses the method of querying the database to verify the user name and password to authenticate the user.Multiple visits in a short time require multiple authentications,and there is no fine-grained granularity for the service API level operational authority control.Finally,if the client communicates directly with the back-end microservices,the client business logic will become complex in order to handle the different characteristics of each microservice.Combining the development needs and performance requirements of platform services,this paper proposes the following solution:(1)The API gateway is introduced between the client and the microserver as the only entry for the user to access the microservice,and the client logic caused by the direct communication between the client and the server is avoided;(2)Intercept user requests at the API gateway and implement rights verification,flow control,route mapping,load balancing,reverse proxy and other functions;(3)Use the OAuth2.0-based Token mechanism for user authentication and authentication in the authentication server,avoid short-term frequent authentication and implement service API-level operation permission control;(4)Combine the AES private key encryption algorithm and the RSA public key encryption algorithm to design an authenticated hybrid encryption/decryption solution to solve the problem of secure transmission of front-end and back-end data.This security scheme is designed in conjunction with platform functional requirements and non-functional requirements.After verification,this solution achieves the following results: After introducing the API gateway,it greatly simplifies the calling logic of the client,improves the response speed of service calls and the amount of platform concurrency,reduces the number of authentication times in a short period of time,and realizes the API-level operation permission control;improves the security of data transmitted before and after the transmission without affecting the transmission performance.At present,the latest version of the system has been deployed safely and steadily on the platform server to provide security for the stable operation of the platform services.