You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/20 06:07:47 UTC

[GitHub] [apisix] vincentwc edited a comment on issue #4274: request help: it doesn't work when use consumer-restriction with jwt-auth

vincentwc edited a comment on issue #4274:
URL: https://github.com/apache/apisix/issues/4274#issuecomment-844726675


   One, create consumer 1:
   {
       "username": "jack_jwt",
       "desc" : "jack jwt hs256",
       "plugins": {
           "jwt-auth": {
               "key": "user-key-jack",
               "secret": "my-secret-key"
           }
       }
   }
   Two, create consumer 2:
   {
       "username": "jwt_rs256",
       "desc" : "jack jwt rs256",
       "plugins": {
           "jwt-auth": {
               "key": "user-key-rs256",
               "public_key": "-----BEGIN PUBLIC KEY-----\n……\n-----END PUBLIC KEY-----",
               "private_key": "-----BEGIN RSA PRIVATE KEY-----\n……\n-----END RSA PRIVATE KEY-----",
               "algorithm": "RS256"
           }
       }
   }
   Three, create route:
   {
       "desc": "my-product-demo-85",
           "labels":{
           "demo_env" : "prod",
           "prod_env" : "prod"
       },
       "uri": "/product/hello",
       "upstream": {
           "type": "roundrobin",
           "nodes": {
               "10.255.249.3:8085": 1
           }
       }
   }
   Four, patch the route, add jwt-auth:
   {
       "plugins" : {
           "jwt-auth": {}
       }
   }
   Five,get jwt-auth token by step two key : user-key-rs256
   Six: send request to product route and add step five's response Authorization info in headers, get product_route response info
   Seven, add consumer-restriction plugin at product route,whitelist just add step one consumer name:
   {
       "plugins" : {
           "jwt-auth": {},
           "consumer-restriction" :{
               "whitelist" : [
                   "jack_jwt"
               ]
           }
       }
   }
   then,send request to product route and add Authorization[step two],It's could get response,why ?
   At step seven, i just set step one consumer name in whitelist but step two consumer is useful?
   第七步：添加consumer-restriction插件并仅仅加入jack_jwt到白名单，但是jwt_rs256对应的token依然可以访问？


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org