| With the popularity of micro-services architecture,it is faced with the problems of how to isolate internal services from external services and how to ensure the security of background services.People put forward the concept of API gateway,encapsulate the internal structure of the system,and provide clients with customized rest / HTTP access(Application Programming Interface)to handle all business functions.In the practical application of micro-services architecture and API gateway,all clients and servers are connected to micro-services through API gateway,which needs to be able to open their own services and control the open service authority;need to open some services that they want to share for specific users;need to control the time of open service authority;need to be able to The authentication of the identity of the service sender and the authentication of the authenticity and correctness of the service request content.In order to meet the above requirements,this paper studies the API gateway service access authentication and proposes a dynamic Token based API gateway service access authentication strategy.Secondly,the requirements of API gateway service access authentication system are analyzed and designed in detail.Finally,the development of access authentication system is completed.The research and work of this paper are as follows:(1)Service access authentication policyThis paper proposes a service access authentication strategy for API gateway.At the user level,through authorization mechanism and dynamic Token,the identity of the service requester is double authenticated,including identity authentication and service call authorization authentication.It improves the traditional role-based access control model,uses user elements to replace the original role elements,and authorizes the user's identity and the service authority that the user can access.In addition,when the user does not need the service authority,the service authority is recovered in time.(2)Key and dynamic Token generation schemeThe random id is generated by Snowflake algorithm as the key for users to access the service to ensure the uniqueness of the key.By assigning different service rights to each key,the connection between users and services is established.Based on MD5 algorithm,the parameter content of HTTP request is encrypted according to the improved algorithm flow,and a dynamic Token is obtained,which can be carried by the sender when sending the HTTP request and verified by the receiver when receiving the request.(3)Service access authentication system based on dynamic TokenBased on the proposed service access authentication strategy,the system functional requirements analysis and overall design are carried out for the access authentication system.Starting from the overall requirements of the system,the functional modules of the system are divided,the system architecture and functional module diagram are obtained,and the functional requirements of each module are introduced.Finally,the conceptual design,logical design and structural design of the system database are carried out Dynamic authorization and access authentication of users.The system can meet the needs of the actual project,solve the problem of inconsistent access parameter name types,reduce many ineffective communication between developers,and reduce the pressure of the server.In addition,it effectively solves the security problem of API Gateway Services under the micro-services architecture.At the user level,it has the control to open and share its own services,better control the rights of shared services,and ensure the security of services. |
PDF Full Text Request