You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/03/24 07:09:50 UTC
[GitHub] [incubator-apisix] sshniro edited a comment on issue #1243: request
help: How to white-list consumers for the Keyauth plugin
sshniro edited a comment on issue #1243: request help: How to white-list consumers for the Keyauth plugin
URL: https://github.com/apache/incubator-apisix/issues/1243#issuecomment-603065789
Yes, Agree @soulsoul
I think this can be a separate Access Control Plugin.
This is the scenario I have and I assume this can be a common scenario as well.
We are proxying device data through REST and MQTT and we provide a token to the device. The problem with the current implementation is, if the device has a valid token/key then it can publish data to any routes. We need a way to control it.
@membphis This is how the implementation will look like this:
```bash
curl http://127.0.0.1:9080/apisix/admin/consumers -X PUT -d '
{
"username": "device1",
"plugins": {
"key-auth": {
"key": "keytodeviceone"
}
}
}'
curl http://127.0.0.1:9080/apisix/admin/routes/1 ' -X PUT -d '
{
"uri": "/device1publishroute",
"id": 1,
"plugins": {
"key-auth": {},
"acl-plugin": ['device1', 'device2', 'user1', 'user2']
},
"upstream": {
"type": "roundrobin",
"nodes": {
"39.97.63.215:80": 1
}
}
}'
```
The ACL plugins should be executed after the keyauth plugin.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services