Just a quick question why do we need to create a new git repo for the
authentication?
Can we just add a module in java-chassis?
Willem Jiang
Twitter: willemjiang
Weibo: 姜宁willem
On Mon, May 13, 2019 at 4:51 PM Liubao (A) <bao....@huawei.com> wrote:
>
> Hi,
>
> I am working on integrating spring security to java-chassis to make
> developing authentication and authorization management easier. Now I have
> finished the framework and basic authorization management.
>
> This work is shown in [1].
>
>
> 1. User's can create AuthenticationServer to manage users and roles and
> their confidential information.
>
> 2. User's can add authentication in edge service.
>
> 3. User's can add authentication and authorization in ResouceServer.
> This work project two ways to specify authorization,
>
> using microservice.yaml like :
>
>
>
> ```
>
> servicecomb:
>
> authencation:
>
> access:
>
> needAuth: true
>
> roles:
>
> HandlerAuthEndpoint:
>
> adminSayHello: ADMIN
>
> ```
>
>
>
> or using method security
>
> ```
>
> @PostMapping(path = "/adminSayHello")
>
> @PreAuthorize("hasRole('ADMIN')")
>
> public String adminSayHello(String name) {
>
> return name;
>
> } ```
>
>
> This test cases are show in project Client, in AuthenticationTestCase.java .
>
> I suggest to create a new project, servicecomb-security(or some other name),
> to hosting common components that can be reused to develop authentication and
> authorization.
>
> Future plans of this project(informal):
>
>
> 1. Make OAUTH2 as the default implementation. JWT is the most
> effective authentication mechanism for miscroservices, I think OAUTH2(or
> related Open Connect ID) is the best choice. (based on spring security
> oauth2)
>
> 2. Add common framework to connect other OAUTH2 parties. (like
> keycloak[2], or firebase[3])
>
> 3. Others based on user's feedback.
>
>
> [1] https://github.com/apache/servicecomb-samples/tree/master/authentication
> [2] https://www.keycloak.org/docs/latest/securing_apps/index.html
> [3] https://firebase.google.com/docs/auth/
>
>
>
>
>
