+1
greate!!!
Liubao (A) <[email protected]> 于2019年5月13日周一 下午4:51写道:
> Hi,
>
> I am working on integrating spring security to java-chassis to make
> developing authentication and authorization management easier. Now I have
> finished the framework and basic authorization management.
>
> This work is shown in [1].
>
>
> 1. User's can create AuthenticationServer to manage users and roles
> and their confidential information.
>
> 2. User's can add authentication in edge service.
>
> 3. User's can add authentication and authorization in
> ResouceServer. This work project two ways to specify authorization,
>
> using microservice.yaml like :
>
>
>
> ```
>
> servicecomb:
>
> authencation:
>
> access:
>
> needAuth: true
>
> roles:
>
> HandlerAuthEndpoint:
>
> adminSayHello: ADMIN
>
> ```
>
>
>
> or using method security
>
> ```
>
> @PostMapping(path = "/adminSayHello")
>
> @PreAuthorize("hasRole('ADMIN')")
>
> public String adminSayHello(String name) {
>
> return name;
>
> } ```
>
>
> This test cases are show in project Client, in
> AuthenticationTestCase.java .
>
> I suggest to create a new project, servicecomb-security(or some other
> name), to hosting common components that can be reused to develop
> authentication and authorization.
>
> Future plans of this project(informal):
>
>
> 1. Make OAUTH2 as the default implementation. JWT is the most
> effective authentication mechanism for miscroservices, I think OAUTH2(or
> related Open Connect ID) is the best choice. (based on spring security
> oauth2)
>
> 2. Add common framework to connect other OAUTH2 parties. (like
> keycloak[2], or firebase[3])
>
> 3. Others based on user's feedback.
>
>
> [1]
> https://github.com/apache/servicecomb-samples/tree/master/authentication
> [2] https://www.keycloak.org/docs/latest/securing_apps/index.html
> [3] https://firebase.google.com/docs/auth/
>
>
>
>
>
>
