[GitHub] [apisix] cws1981 commented on issue #487: Who is using APISIX？（欢迎使用 APISIX 的个人和公司在此留言）

[GitBox <gi...@apache.org>]

cws1981 commented on issue #487:
URL: https://github.com/apache/apisix/issues/487#issuecomment-979843903


   ### Apisix 插件开发实现JWT用户身份认证
   
   Apisix 是一个性能优秀的开源网关。
   
   J**SON Web Token（缩写 JWT）**
   
   jwt的详细介绍可以参考：[JSON Web Token 入门教程 - 阮一峰的网络日志 (ruanyifeng.com)](https://link.zhihu.com/?target=https%3A//www.ruanyifeng.com/blog/2018/07/json_web_token-tutorial.html)
   
   ##### jwt的认证交互流程比较清晰简单，如图：
   
   ![jwt验证流程](https://pic4.zhimg.com/80/v2-84c33d0c5bfec26678b0243604cc2617_1440w.jpg)
   
   如图体现了jwt 的整个认证流程，这里对token的验证如果统一放到网关做，后端各个服务就完全不需要关系身份认证的问题，token 验证统一在网关处理，验证通过后放行到后端服务，统一在网关做还能对所有流量做统一监控，架构就如下图：
   
   ![gateway (1)](https://pic4.zhimg.com/80/v2-2ca91ccfff5617a4fa9f4e1e6ab48ad3_1440w.jpg)
   
   ##### Apisix 扩展插件
   
   Apisix 提供了插件扩展机制，可以自定义路由拦截器，这样就可以用Apisix做网关统一实现对请求的用户身份认证，而且认证通过后可以重写request把用户信息如：uid 放到请求头传递到后端服务获取，完美！
   
   插件开发支持python, go, java ,已java为例：
   
   * 首先下载 [apache/apisix-java-plugin-runner: APISIX Plugin Runner in Java (github.com)](https://github.com/apache/apisix-java-plugin-runner) 工程；
   * 然后在apisix-ruuner-plugin模块实现PluginFilter 接口，写自己的验证逻辑，写好后 mvn package 打包 会在dist 目录生成一个打包好的文件；
   * 由于我是用docker部署的Apisix, 插件是以子进程启动的必须要和apisix 在一个容器，所以我写了个 Dockerfile 文件，重写构建一个docker image 把java 包添加进去:
   
   ```dockerfile
   FROM apache/apisix:2.10.0-alpine
   
   RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && apk add --no-cache openjdk8-jre
   
   ADD aapache-apisix-java-plugin-runner-0.1.0-bin.tar.gz /usr/local/
   
   ```
   
   * 然后修改apisix config.yaml 配置文件，加入
   
   ```yaml
   ext-plugin:
     cmd: ['java', '-jar', '-Xmx4g', '-Xms4g', '/usr/local/apisix-runner-bin/apisix-java-plugin-runner.jar']
   ```
   
   这样插件就会随容器一起启动
   
   ##### 最后创建路由测试
   
   ```bash
   $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   {
     "uri": "/*",
     "name": "java-plugin",
     "plugins": {
       "ext-plugin-pre-req": {
         "conf": [
           {
             "name": "CheckTokenFilter",
             "value": "{\"body\":\"hello\"}"
           }
         ]
       }
     },
     "upstream": {
       "nodes": [
         {
           "host": "httpbin.org",
           "port": 80,
           "weight": 1
         }
       ],
       "timeout": {
         "connect": 6,
         "send": 6,
         "read": 6
       },
       "type": "roundrobin",
       "scheme": "http",
       "pass_host": "pass",
       "keepalive_pool": {
         "idle_timeout": 60,
         "requests": 1000,
         "size": 320
       }
     },
     "status": 1
   }
   '
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org