This is an automated email from the ASF dual-hosted git repository.
dengliming pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shenyu-website.git
The following commit(s) were added to refs/heads/main by this push:
new 4bc0f2e6e9 [type:refactor] refactor sign doc (#709)
4bc0f2e6e9 is described below
commit 4bc0f2e6e93ff9bb0964cfd87ace2f52b891a478
Author: moremind <[email protected]>
AuthorDate: Wed Aug 17 01:21:56 2022 +0800
[type:refactor] refactor sign doc (#709)
* [type:refactor] refactor sign doc
* [type:refactor] refactor sign doc
* [type:refactor] refactor sign doc
* [type:refactor] refactor sign doc
---
docs/plugin-center/security/sign-plugin.md | 220 +++++++++++++++++---
.../current/plugin-center/security/sign-plugin.md | 218 ++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 219 +++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 230 ++++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 218 ++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 218 ++++++++++++++++---
static/img/shenyu/plugin/sign/example-rule-en.png | Bin 0 -> 109670 bytes
static/img/shenyu/plugin/sign/example-rule-zh.png | Bin 0 -> 102337 bytes
.../img/shenyu/plugin/sign/example-selector-en.png | Bin 0 -> 85573 bytes
.../img/shenyu/plugin/sign/example-selector-zh.png | Bin 0 -> 57843 bytes
.../shenyu/plugin/sign/example-sign-auth-en.png | Bin 0 -> 128360 bytes
.../shenyu/plugin/sign/example-sign-auth-zh.png | Bin 0 -> 110637 bytes
static/img/shenyu/plugin/sign/result-with-body.png | Bin 0 -> 68960 bytes
static/img/shenyu/plugin/sign/result.png | Bin 0 -> 72806 bytes
static/img/shenyu/plugin/sign/rule-en.png | Bin 0 -> 107690 bytes
static/img/shenyu/plugin/sign/rule-zh.png | Bin 0 -> 100675 bytes
static/img/shenyu/plugin/sign/selector-en.png | Bin 0 -> 102557 bytes
static/img/shenyu/plugin/sign/selector-zh.png | Bin 0 -> 95820 bytes
.../authority-and-certification/sign-plugin.md | 220 +++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 220 +++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 220 +++++++++++++++++---
.../authority-and-certification/sign-plugin.md | 220 +++++++++++++++++---
22 files changed, 1933 insertions(+), 270 deletions(-)
diff --git a/docs/plugin-center/security/sign-plugin.md
b/docs/plugin-center/security/sign-plugin.md
index 17b9bfc7af..ae9f3c49e7 100644
--- a/docs/plugin-center/security/sign-plugin.md
+++ b/docs/plugin-center/security/sign-plugin.md
@@ -4,44 +4,66 @@ keywords: ["sign"]
description: sign plugin
---
-## Description
-* `Sign` is a native plugin of `Apache ShenYu` Gateway and is used to process
signature authentication of requests.
+# 1. Overview
-## Plugin Setting
+## 1.1 Plugin Name
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, through [Local
Deployment](../../deployment/deployment-local) to start the `Apache ShenYu`
management system.
+* Sign Plugin
-* In `shenyu-admin` BasicConfig --> plugin -> `sign` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
+## 1.2 Appropriate Scenario
- <img src="/img/shenyu/plugin/sign/sign_open_en.jpg" width="80%" height="80%"
/>
+* Support http header to authorize
+* Support http header and request body to authorize
-* ## Plugin Usage
+## 1.3 Plugin functionality
+
+* Process signature authentication of requests.
+
+## 1.4 Plugin code
+
+* Core Module: `shenyu-plugin-sign`
+
+* Core Class: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 Added Since Which shenyu version
+
+* Since ShenYu 2.4.0
+
+# 2. How to use plugin
+
+## 2.1 Plugin-use procedure chart
+
+
+
+## 2.2 Import pom
* Introducing `sign` dependency in the `pom.xml` file of the gateway
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule).
-* Only those matched requests can be authenticated by signature.
+## 2.3 Enable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to enable.
+## 2.4 Config Plugin With Authorize
-## Add AK/SK
+### 2.4.1 AK/SK Config
-#### Explanation
+#### 2.4.1.1 Explanation
- Manage and control the permissions of requests passing through the Apache
ShenYu gateway.
- Generate `AK/SK` and use it with the `Sign` plugin to achieve precise
authority control based on URI level.
-#### Tutorial
+#### 2.4.1.2 Tutorial
First, we can add a piece of authentication information in `BasicConfig` -
`Authentication`
@@ -63,7 +85,7 @@ After submit, a piece of authentication information is
generated, which contains
Please refer to the detailed instructions of the `Sign` plugin: [Sign
Plugin](../../plugin-center/authority-and-certification/sign-plugin).
-#### PathOperation
+#### 2.4.1.3 PathOperation
For the created authentication information, you can click `PathOperation` at
the end of a piece of authentication information.
@@ -73,15 +95,13 @@ For the created authentication information, you can click
`PathOperation` at the
- Check the resource path, click the `>` or `<` in the middle to move the
checked data to the corresponding list.
- In the list of configurable paths on the left, click "Editor" at the end of
the account information line, and add them in the "Resource Path" in the pop-up
box.
-
-## Implementation of Gateway Technology
+### 2.4.2 Implementation of Gateway Technology
* Adopt `AK/SK` authentication technical scheme.
* Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
* Take effect when the authentication plugin is enabled and all interfaces are
configured for authentication.
-
-## Authentication Guide
+### 2.4.3 Authentication Guide
* Step 1: `AK/SK` is assigned by the gateway. For example, the `AK` assigned
to you is: `1TEST123456781` SK is: ` 506eeb535cf740d7a755cb49f4a1536'
@@ -97,6 +117,7 @@ For the created authentication information, you can click
`PathOperation` at the
Sort the above three field natually according to the key, then splice fields
and fields, finally splice SK. The following is a code example.
+#### 2.4.3.1 Generate sign with request header
Step 1: First, construct a Map.
@@ -132,7 +153,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* The final returned value is: `A021BF82BE342668B78CD9ADE593D683`.
-## Request GateWay
+#### 2.4.3.2 Generate sign with request header and request body
+
+Step 1: First, construct a Map, and the map must save every request body
parameters
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+Step 2: Sort the `Keys` naturally, then splice the key and values, and finally
splice the `SK` assigned to you.
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* The returned sign value should
be:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+Step 3: Md5 encryption and then capitalization.
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* The final returned value is: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+### 2.4.4 Request GateWay
* If your visited path is:`/api/service/abc`.
@@ -159,6 +219,114 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## Extension
+### 2.4.5 Plugin Config
+
+
+
+### 2.4.6 Selector Config
+
+
+
+* Only those matched requests can be authenticated by signature.
+
+* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule)
+
+### 2.4.7 Rule Config
+
+
+
+* close(signRequestBody): generate signature with request header.
+* open(signRequestBody): generate signature with request header and request
body.
+
+## 2.5 Examples
+
+### 2.5.1 Verify api with sign plugin
+
+#### 2.5.1.1 Plugin Config
+
+
+
+#### 2.5.1.2 Selector Config
+
+
+
+#### 2.5.1.3 Rule Config
+
+
+
+#### 2.5.1.5 Add AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* build request params with `Authentication Guide`,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+ // map.put("body", "{\"id\":123,\"name\":\"order\"}");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* signature without body:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* sign without body result is: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*signature with
body:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+*sign with body result is:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. How to disable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to disabled.
+
+# 4. Extension
* Please refer to: [dev-sign](../../developer/custom-sign-algorithm).
diff --git
a/i18n/zh/docusaurus-plugin-content-docs/current/plugin-center/security/sign-plugin.md
b/i18n/zh/docusaurus-plugin-content-docs/current/plugin-center/security/sign-plugin.md
index 00a36a52a2..058c011bc3 100644
---
a/i18n/zh/docusaurus-plugin-content-docs/current/plugin-center/security/sign-plugin.md
+++
b/i18n/zh/docusaurus-plugin-content-docs/current/plugin-center/security/sign-plugin.md
@@ -4,46 +4,66 @@ keywords: ["sign"]
description: sign插件
---
-## 说明
-* `Sign`插件是`Apache ShenYu`网关自带的,用来对请求进行签名认证的插件。
+# 1. 概述
+## 1.1 插件名称
-## 插件设置
+* Sign插件
-请参考运维部署的内容,选择一种方式启动`shenyu-admin`。比如,通过
[本地部署](../../deployment/deployment-local) 启动`Apache ShenYu`后台管理系统。
+## 1.2 适用场景
-* 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。如果用户不想使用此功能,请在 `admin`
后台停用此插件。
+* 支持请求头进行鉴权
+* 支持请求体进行鉴权
- <img src="/img/shenyu/plugin/sign/sign_open_zh.jpg" width="80%" height="80%"
/>
+## 1.3 插件功能
-## 插件使用
+* 用来对请求进行签名认证
+
+## 1.4 插件代码
+
+* 核心模块: `shenyu-plugin-sign`
+
+* 核心类: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 添加自哪个shenyu版本
+
+* ShenYu 2.4.0
+
+# 2. 如何使用插件
+
+## 2.1 插件使用流程图
+
+
+
+## 2.2 导入pom
* 在网关的 `pom.xml` 文件中添加 `sign` 的支持。
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* 选择器和规则,请详细看:[选择器和规则管理](../../user-guide/admin-usage/selector-and-rule) 。
+## 2.3 启用插件
- * 只有匹配的请求,才会进行签名认证。
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。
-## 新增 AK/SK
+## 2.4 插件的鉴权配置
+### 2.4.1 AK/SK配置
-#### 说明
+#### 2.4.1.1 说明
- 管理和控制经过 `Apache ShenYu` 网关的请求的权限。
- 生成的 `AK/SK` ,配合 `sign` 插件使用,实现基于`URI`级别的精准权限管控。
-#### 使用教程
+#### 2.4.1.2 使用教程
第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
@@ -63,7 +83,7 @@ description: sign插件
点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
-#### 路径操作
+#### 2.4.1.3 路径操作
对已创建的认证信息,可以在认证信息列表的末尾进行 `路径操作` 。
@@ -73,16 +93,13 @@ description: sign插件
- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
-
-
-## 网关技术实现
+### 2.4.2 网关技术实现
* 采用 `AK/SK` 鉴权技术方案。
* 采用鉴权插件,责任链的模式来完成。
* 当鉴权插件开启,并配置所有接口鉴权时候生效。
-
-## 鉴权使用指南
+## 2.4.3 鉴权使用指南
* 第一步:AK/SK由网关来进行分配,比如分配给你的AK为: `1TEST123456781`
SK为:`506EEB535CF740D7A755CB4B9F4A1536`
@@ -98,6 +115,7 @@ description: sign插件
对上述3个字段进行 `key` 的自然排序,然后进行字段与字段值拼接最后再拼接上 `SK` ,代码示例。
+#### 2.4.3.1 无请求体的签名参数验证
第一步:首先构造一个 `Map` 。
@@ -132,7 +150,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* 最后得到的值为:`A021BF82BE342668B78CD9ADE593D683`
-## 请求网关
+#### 2.4.3.2 有请求体,请求头的签名参数验证
+
+第一步: 首先构造一个 `Map` 。并且该`map`必须存储请求体的每个节点信息
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+第二步:进行 `Key` 的自然排序,然后 `Key`,`Value`值拼接最后再拼接分配给你的 `SK`。
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* 你得到的 `sign`
值应该为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+第三步:进行 `MD5` 加密后转成大写。
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* 最后得到的值为: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+## 2.4.4 请求网关
* 假如你访问的路径为:`/api/service/abc`。
@@ -159,6 +216,113 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## 签名认证算法扩展
+### 2.4.5 插件配置
+
+
+
+### 2.4.6 选择器配置
+
+
+
+* 只有匹配的请求,才会进行签名认证。
+
+* 插件选择器和规则的配置请查看: [插件和规则配置](../../user-guide/admin-usage/selector-and-rule.md).
+
+### 2.4.7 规则配置
+
+
+
+* close(signRequestBody): 仅使用请求头生成签名
+* open(signRequestBody): 使用请求头、请求体共同生成签名
+
+## 2.5 示例
+
+### 2.5.1 使用sign插件进行签名验证
+
+#### 2.5.1.1 插件配置
+
+
+
+#### 2.5.1.2 选择器配置
+
+
+
+#### 2.5.1.3 规则配置
+
+
+
+#### 2.5.1.5 添加AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* 构造请求参数,请查看`Authentication Guide`目录,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* 无请求体签名:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 无请求体签名结果: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*
有请求体签名为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 附带请求体签名结果:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. 如何禁用插件
+
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为关闭。
+
+# 4. 签名认证算法扩展
* 请参考开发者文档中的 [扩展签名算法](../../developer/custom-sign-algorithm)。
diff --git
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
index 8583f7ecca..058c011bc3 100644
---
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
+++
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,46 +4,66 @@ keywords: ["sign"]
description: sign插件
---
-## 说明
-* `Sign`插件是`Apache ShenYu`网关自带的,用来对请求进行签名认证的插件。
+# 1. 概述
+## 1.1 插件名称
-## 插件设置
+* Sign插件
-请参考运维部署的内容,选择一种方式启动`shenyu-admin`。比如,通过
[本地部署](../../deployment/deployment-local) 启动`Apache ShenYu`后台管理系统。
+## 1.2 适用场景
-* 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。如果用户不想使用此功能,请在 `admin`
后台停用此插件。
+* 支持请求头进行鉴权
+* 支持请求体进行鉴权
- <img src="/img/shenyu/plugin/sign/sign_open_zh.jpg" width="80%" height="80%"
/>
+## 1.3 插件功能
-## 插件使用
+* 用来对请求进行签名认证
+
+## 1.4 插件代码
+
+* 核心模块: `shenyu-plugin-sign`
+
+* 核心类: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 添加自哪个shenyu版本
+
+* ShenYu 2.4.0
+
+# 2. 如何使用插件
+
+## 2.1 插件使用流程图
+
+
+
+## 2.2 导入pom
* 在网关的 `pom.xml` 文件中添加 `sign` 的支持。
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* 选择器和规则,请详细看:[选择器和规则管理](../../user-guide/admin-usage/selector-and-rule) 。
+## 2.3 启用插件
- * 只有匹配的请求,才会进行签名认证。
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。
-## 新增 AK/SK
+## 2.4 插件的鉴权配置
+### 2.4.1 AK/SK配置
-#### 说明
+#### 2.4.1.1 说明
- 管理和控制经过 `Apache ShenYu` 网关的请求的权限。
- 生成的 `AK/SK` ,配合 `sign` 插件使用,实现基于`URI`级别的精准权限管控。
-#### 使用教程
+#### 2.4.1.2 使用教程
第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
@@ -63,7 +83,7 @@ description: sign插件
点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
-#### 路径操作
+#### 2.4.1.3 路径操作
对已创建的认证信息,可以在认证信息列表的末尾进行 `路径操作` 。
@@ -73,15 +93,13 @@ description: sign插件
- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
-
-## 网关技术实现
+### 2.4.2 网关技术实现
* 采用 `AK/SK` 鉴权技术方案。
* 采用鉴权插件,责任链的模式来完成。
* 当鉴权插件开启,并配置所有接口鉴权时候生效。
-
-## 鉴权使用指南
+## 2.4.3 鉴权使用指南
* 第一步:AK/SK由网关来进行分配,比如分配给你的AK为: `1TEST123456781`
SK为:`506EEB535CF740D7A755CB4B9F4A1536`
@@ -97,6 +115,7 @@ description: sign插件
对上述3个字段进行 `key` 的自然排序,然后进行字段与字段值拼接最后再拼接上 `SK` ,代码示例。
+#### 2.4.3.1 无请求体的签名参数验证
第一步:首先构造一个 `Map` 。
@@ -131,7 +150,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* 最后得到的值为:`A021BF82BE342668B78CD9ADE593D683`
-## 请求网关
+#### 2.4.3.2 有请求体,请求头的签名参数验证
+
+第一步: 首先构造一个 `Map` 。并且该`map`必须存储请求体的每个节点信息
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+第二步:进行 `Key` 的自然排序,然后 `Key`,`Value`值拼接最后再拼接分配给你的 `SK`。
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* 你得到的 `sign`
值应该为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+第三步:进行 `MD5` 加密后转成大写。
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* 最后得到的值为: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+## 2.4.4 请求网关
* 假如你访问的路径为:`/api/service/abc`。
@@ -143,7 +201,7 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
| -------- | -----: | :----: |
| timestamp | `1571711067186` | 上述你进行签名的时候使用的时间值 |
| appKey | `1TEST123456781` | 分配给你的AK值 |
-| sign | `A021BF82BE342668B78CD9ADE593D683` | 上述得到的签名值 |
+| sign | `A90E66763793BDBC817CF3B52AAAC041` | 上述得到的签名值 |
| version | `1.0.0` | 写死,就为这个值 |
* 签名插件会默认过滤 `5` 分钟之前的请求
@@ -158,6 +216,113 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## 签名认证算法扩展
+### 2.4.5 插件配置
+
+
+
+### 2.4.6 选择器配置
+
+
+
+* 只有匹配的请求,才会进行签名认证。
+
+* 插件选择器和规则的配置请查看: [插件和规则配置](../../user-guide/admin-usage/selector-and-rule.md).
+
+### 2.4.7 规则配置
+
+
+
+* close(signRequestBody): 仅使用请求头生成签名
+* open(signRequestBody): 使用请求头、请求体共同生成签名
+
+## 2.5 示例
+
+### 2.5.1 使用sign插件进行签名验证
+
+#### 2.5.1.1 插件配置
+
+
+
+#### 2.5.1.2 选择器配置
+
+
+
+#### 2.5.1.3 规则配置
+
+
+
+#### 2.5.1.5 添加AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* 构造请求参数,请查看`Authentication Guide`目录,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* 无请求体签名:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 无请求体签名结果: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*
有请求体签名为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 附带请求体签名结果:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. 如何禁用插件
+
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为关闭。
+
+# 4. 签名认证算法扩展
* 请参考开发者文档中的 [扩展签名算法](../../developer/custom-sign-algorithm)。
diff --git
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
index cdf5bfe123..058c011bc3 100644
---
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
+++
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,51 +4,72 @@ keywords: ["sign"]
description: sign插件
---
-## 说明
-* `Sign`插件是`Apache ShenYu`网关自带的,用来对请求进行签名认证的插件。
+# 1. 概述
+## 1.1 插件名称
-## 插件设置
+* Sign插件
-请参考运维部署的内容,选择一种方式启动`shenyu-admin`。比如,通过
[本地部署](../../deployment/deployment-local) 启动`Apache ShenYu`后台管理系统。
+## 1.2 适用场景
-* 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。如果用户不想使用此功能,请在 `admin`
后台停用此插件。
+* 支持请求头进行鉴权
+* 支持请求体进行鉴权
- <img src="/img/shenyu/plugin/sign/sign_open_zh.jpg" width="80%" height="80%"
/>
+## 1.3 插件功能
-## 插件使用
+* 用来对请求进行签名认证
+
+## 1.4 插件代码
+
+* 核心模块: `shenyu-plugin-sign`
+
+* 核心类: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 添加自哪个shenyu版本
+
+* ShenYu 2.4.0
+
+# 2. 如何使用插件
+
+## 2.1 插件使用流程图
+
+
+
+## 2.2 导入pom
* 在网关的 `pom.xml` 文件中添加 `sign` 的支持。
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* 选择器和规则,请详细看:[选择器和规则管理](../../user-guide/admin-usage/selector-and-rule) 。
+## 2.3 启用插件
- * 只有匹配的请求,才会进行签名认证。
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。
-## 新增 AK/SK
+## 2.4 插件的鉴权配置
-#### 说明
+### 2.4.1 AK/SK配置
+
+#### 2.4.1.1 说明
- 管理和控制经过 `Apache ShenYu` 网关的请求的权限。
- 生成的 `AK/SK` ,配合 `sign` 插件使用,实现基于`URI`级别的精准权限管控。
-#### 使用教程
+#### 2.4.1.2 使用教程
-第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
+第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
<img src="/img/shenyu/basicConfig/authorityManagement/auth_manages_add_zh.jpg"
width="100%" height="70%" />
-第二步,配置这条认证信息 。
+第二步,配置这条认证信息 。
<img src="/img/shenyu/basicConfig/authorityManagement/auth_param_zh.jpg"
width="50%" height="40%"/>
@@ -60,27 +81,25 @@ description: sign插件
- 路径认证:开启后,该账号仅允许访问以下配置的资源路径。
- 资源路径:允许访问的资源路径,支持路径匹配,如 `/order/**` 。
-点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
+点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
-#### 路径操作
+#### 2.4.1.3 路径操作
对已创建的认证信息,可以在认证信息列表的末尾进行 `路径操作` 。
<img
src="/img/shenyu/basicConfig/authorityManagement/auth_manage_modifyPath_zh.jpg"
width="90%" height="80%"/>
-- 左侧为可配置的路径列表,右侧为允许该账号访问的路径列表 。
-- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
-- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
+- 左侧为可配置的路径列表,右侧为允许该账号访问的路径列表 。
+- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
+- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
-
-## 网关技术实现
+### 2.4.2 网关技术实现
* 采用 `AK/SK` 鉴权技术方案。
* 采用鉴权插件,责任链的模式来完成。
* 当鉴权插件开启,并配置所有接口鉴权时候生效。
-
-## 鉴权使用指南
+## 2.4.3 鉴权使用指南
* 第一步:AK/SK由网关来进行分配,比如分配给你的AK为: `1TEST123456781`
SK为:`506EEB535CF740D7A755CB4B9F4A1536`
@@ -96,6 +115,7 @@ description: sign插件
对上述3个字段进行 `key` 的自然排序,然后进行字段与字段值拼接最后再拼接上 `SK` ,代码示例。
+#### 2.4.3.1 无请求体的签名参数验证
第一步:首先构造一个 `Map` 。
@@ -130,7 +150,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* 最后得到的值为:`A021BF82BE342668B78CD9ADE593D683`
-## 请求网关
+#### 2.4.3.2 有请求体,请求头的签名参数验证
+
+第一步: 首先构造一个 `Map` 。并且该`map`必须存储请求体的每个节点信息
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+第二步:进行 `Key` 的自然排序,然后 `Key`,`Value`值拼接最后再拼接分配给你的 `SK`。
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* 你得到的 `sign`
值应该为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+第三步:进行 `MD5` 加密后转成大写。
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* 最后得到的值为: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+## 2.4.4 请求网关
* 假如你访问的路径为:`/api/service/abc`。
@@ -157,6 +216,113 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## 签名认证算法扩展
+### 2.4.5 插件配置
+
+
+
+### 2.4.6 选择器配置
+
+
+
+* 只有匹配的请求,才会进行签名认证。
+
+* 插件选择器和规则的配置请查看: [插件和规则配置](../../user-guide/admin-usage/selector-and-rule.md).
+
+### 2.4.7 规则配置
+
+
+
+* close(signRequestBody): 仅使用请求头生成签名
+* open(signRequestBody): 使用请求头、请求体共同生成签名
+
+## 2.5 示例
+
+### 2.5.1 使用sign插件进行签名验证
+
+#### 2.5.1.1 插件配置
+
+
+
+#### 2.5.1.2 选择器配置
+
+
+
+#### 2.5.1.3 规则配置
+
+
+
+#### 2.5.1.5 添加AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* 构造请求参数,请查看`Authentication Guide`目录,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* 无请求体签名:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 无请求体签名结果: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*
有请求体签名为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 附带请求体签名结果:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. 如何禁用插件
+
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为关闭。
+
+# 4. 签名认证算法扩展
* 请参考开发者文档中的 [扩展签名算法](../../developer/custom-sign-algorithm)。
diff --git
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
index 00a36a52a2..058c011bc3 100644
---
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
+++
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,46 +4,66 @@ keywords: ["sign"]
description: sign插件
---
-## 说明
-* `Sign`插件是`Apache ShenYu`网关自带的,用来对请求进行签名认证的插件。
+# 1. 概述
+## 1.1 插件名称
-## 插件设置
+* Sign插件
-请参考运维部署的内容,选择一种方式启动`shenyu-admin`。比如,通过
[本地部署](../../deployment/deployment-local) 启动`Apache ShenYu`后台管理系统。
+## 1.2 适用场景
-* 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。如果用户不想使用此功能,请在 `admin`
后台停用此插件。
+* 支持请求头进行鉴权
+* 支持请求体进行鉴权
- <img src="/img/shenyu/plugin/sign/sign_open_zh.jpg" width="80%" height="80%"
/>
+## 1.3 插件功能
-## 插件使用
+* 用来对请求进行签名认证
+
+## 1.4 插件代码
+
+* 核心模块: `shenyu-plugin-sign`
+
+* 核心类: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 添加自哪个shenyu版本
+
+* ShenYu 2.4.0
+
+# 2. 如何使用插件
+
+## 2.1 插件使用流程图
+
+
+
+## 2.2 导入pom
* 在网关的 `pom.xml` 文件中添加 `sign` 的支持。
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* 选择器和规则,请详细看:[选择器和规则管理](../../user-guide/admin-usage/selector-and-rule) 。
+## 2.3 启用插件
- * 只有匹配的请求,才会进行签名认证。
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。
-## 新增 AK/SK
+## 2.4 插件的鉴权配置
+### 2.4.1 AK/SK配置
-#### 说明
+#### 2.4.1.1 说明
- 管理和控制经过 `Apache ShenYu` 网关的请求的权限。
- 生成的 `AK/SK` ,配合 `sign` 插件使用,实现基于`URI`级别的精准权限管控。
-#### 使用教程
+#### 2.4.1.2 使用教程
第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
@@ -63,7 +83,7 @@ description: sign插件
点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
-#### 路径操作
+#### 2.4.1.3 路径操作
对已创建的认证信息,可以在认证信息列表的末尾进行 `路径操作` 。
@@ -73,16 +93,13 @@ description: sign插件
- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
-
-
-## 网关技术实现
+### 2.4.2 网关技术实现
* 采用 `AK/SK` 鉴权技术方案。
* 采用鉴权插件,责任链的模式来完成。
* 当鉴权插件开启,并配置所有接口鉴权时候生效。
-
-## 鉴权使用指南
+## 2.4.3 鉴权使用指南
* 第一步:AK/SK由网关来进行分配,比如分配给你的AK为: `1TEST123456781`
SK为:`506EEB535CF740D7A755CB4B9F4A1536`
@@ -98,6 +115,7 @@ description: sign插件
对上述3个字段进行 `key` 的自然排序,然后进行字段与字段值拼接最后再拼接上 `SK` ,代码示例。
+#### 2.4.3.1 无请求体的签名参数验证
第一步:首先构造一个 `Map` 。
@@ -132,7 +150,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* 最后得到的值为:`A021BF82BE342668B78CD9ADE593D683`
-## 请求网关
+#### 2.4.3.2 有请求体,请求头的签名参数验证
+
+第一步: 首先构造一个 `Map` 。并且该`map`必须存储请求体的每个节点信息
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+第二步:进行 `Key` 的自然排序,然后 `Key`,`Value`值拼接最后再拼接分配给你的 `SK`。
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* 你得到的 `sign`
值应该为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+第三步:进行 `MD5` 加密后转成大写。
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* 最后得到的值为: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+## 2.4.4 请求网关
* 假如你访问的路径为:`/api/service/abc`。
@@ -159,6 +216,113 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## 签名认证算法扩展
+### 2.4.5 插件配置
+
+
+
+### 2.4.6 选择器配置
+
+
+
+* 只有匹配的请求,才会进行签名认证。
+
+* 插件选择器和规则的配置请查看: [插件和规则配置](../../user-guide/admin-usage/selector-and-rule.md).
+
+### 2.4.7 规则配置
+
+
+
+* close(signRequestBody): 仅使用请求头生成签名
+* open(signRequestBody): 使用请求头、请求体共同生成签名
+
+## 2.5 示例
+
+### 2.5.1 使用sign插件进行签名验证
+
+#### 2.5.1.1 插件配置
+
+
+
+#### 2.5.1.2 选择器配置
+
+
+
+#### 2.5.1.3 规则配置
+
+
+
+#### 2.5.1.5 添加AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* 构造请求参数,请查看`Authentication Guide`目录,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* 无请求体签名:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 无请求体签名结果: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*
有请求体签名为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 附带请求体签名结果:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. 如何禁用插件
+
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为关闭。
+
+# 4. 签名认证算法扩展
* 请参考开发者文档中的 [扩展签名算法](../../developer/custom-sign-algorithm)。
diff --git
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
index 00a36a52a2..058c011bc3 100644
---
a/i18n/zh/docusaurus-plugin-content-docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
+++
b/i18n/zh/docusaurus-plugin-content-docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,46 +4,66 @@ keywords: ["sign"]
description: sign插件
---
-## 说明
-* `Sign`插件是`Apache ShenYu`网关自带的,用来对请求进行签名认证的插件。
+# 1. 概述
+## 1.1 插件名称
-## 插件设置
+* Sign插件
-请参考运维部署的内容,选择一种方式启动`shenyu-admin`。比如,通过
[本地部署](../../deployment/deployment-local) 启动`Apache ShenYu`后台管理系统。
+## 1.2 适用场景
-* 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。如果用户不想使用此功能,请在 `admin`
后台停用此插件。
+* 支持请求头进行鉴权
+* 支持请求体进行鉴权
- <img src="/img/shenyu/plugin/sign/sign_open_zh.jpg" width="80%" height="80%"
/>
+## 1.3 插件功能
-## 插件使用
+* 用来对请求进行签名认证
+
+## 1.4 插件代码
+
+* 核心模块: `shenyu-plugin-sign`
+
+* 核心类: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 添加自哪个shenyu版本
+
+* ShenYu 2.4.0
+
+# 2. 如何使用插件
+
+## 2.1 插件使用流程图
+
+
+
+## 2.2 导入pom
* 在网关的 `pom.xml` 文件中添加 `sign` 的支持。
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* 选择器和规则,请详细看:[选择器和规则管理](../../user-guide/admin-usage/selector-and-rule) 。
+## 2.3 启用插件
- * 只有匹配的请求,才会进行签名认证。
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为开启。
-## 新增 AK/SK
+## 2.4 插件的鉴权配置
+### 2.4.1 AK/SK配置
-#### 说明
+#### 2.4.1.1 说明
- 管理和控制经过 `Apache ShenYu` 网关的请求的权限。
- 生成的 `AK/SK` ,配合 `sign` 插件使用,实现基于`URI`级别的精准权限管控。
-#### 使用教程
+#### 2.4.1.2 使用教程
第一步,我们可以直接在 `基础配置` --> `认证管理` 新增一条认证信息 。
@@ -63,7 +83,7 @@ description: sign插件
点击确认后,生成一条认证信息,该信息包含 `AppKey` 和 `加密秘钥` ,即 `Sign` 插件中的 `AK/SK` 。
-#### 路径操作
+#### 2.4.1.3 路径操作
对已创建的认证信息,可以在认证信息列表的末尾进行 `路径操作` 。
@@ -73,16 +93,13 @@ description: sign插件
- 勾选资源路径,点击中间的 `>` 或 `<` 将勾选的数据移动到对应列表中 。
- 左侧可配置路径列表可在账号信息行末尾点击 `编辑`,在弹框中的 `资源路径` 中进行添加 。
-
-
-## 网关技术实现
+### 2.4.2 网关技术实现
* 采用 `AK/SK` 鉴权技术方案。
* 采用鉴权插件,责任链的模式来完成。
* 当鉴权插件开启,并配置所有接口鉴权时候生效。
-
-## 鉴权使用指南
+## 2.4.3 鉴权使用指南
* 第一步:AK/SK由网关来进行分配,比如分配给你的AK为: `1TEST123456781`
SK为:`506EEB535CF740D7A755CB4B9F4A1536`
@@ -98,6 +115,7 @@ description: sign插件
对上述3个字段进行 `key` 的自然排序,然后进行字段与字段值拼接最后再拼接上 `SK` ,代码示例。
+#### 2.4.3.1 无请求体的签名参数验证
第一步:首先构造一个 `Map` 。
@@ -132,7 +150,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* 最后得到的值为:`A021BF82BE342668B78CD9ADE593D683`
-## 请求网关
+#### 2.4.3.2 有请求体,请求头的签名参数验证
+
+第一步: 首先构造一个 `Map` 。并且该`map`必须存储请求体的每个节点信息
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+第二步:进行 `Key` 的自然排序,然后 `Key`,`Value`值拼接最后再拼接分配给你的 `SK`。
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* 你得到的 `sign`
值应该为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+第三步:进行 `MD5` 加密后转成大写。
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* 最后得到的值为: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+## 2.4.4 请求网关
* 假如你访问的路径为:`/api/service/abc`。
@@ -159,6 +216,113 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## 签名认证算法扩展
+### 2.4.5 插件配置
+
+
+
+### 2.4.6 选择器配置
+
+
+
+* 只有匹配的请求,才会进行签名认证。
+
+* 插件选择器和规则的配置请查看: [插件和规则配置](../../user-guide/admin-usage/selector-and-rule.md).
+
+### 2.4.7 规则配置
+
+
+
+* close(signRequestBody): 仅使用请求头生成签名
+* open(signRequestBody): 使用请求头、请求体共同生成签名
+
+## 2.5 示例
+
+### 2.5.1 使用sign插件进行签名验证
+
+#### 2.5.1.1 插件配置
+
+
+
+#### 2.5.1.2 选择器配置
+
+
+
+#### 2.5.1.3 规则配置
+
+
+
+#### 2.5.1.5 添加AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* 构造请求参数,请查看`Authentication Guide`目录,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* 无请求体签名:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 无请求体签名结果: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*
有请求体签名为:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* 附带请求体签名结果:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. 如何禁用插件
+
+- 在 `shenyu-admin` 基础配置 --> 插件管理 --> `sign` ,设置为关闭。
+
+# 4. 签名认证算法扩展
* 请参考开发者文档中的 [扩展签名算法](../../developer/custom-sign-algorithm)。
diff --git a/static/img/shenyu/plugin/sign/example-rule-en.png
b/static/img/shenyu/plugin/sign/example-rule-en.png
new file mode 100644
index 0000000000..d03193964c
Binary files /dev/null and b/static/img/shenyu/plugin/sign/example-rule-en.png
differ
diff --git a/static/img/shenyu/plugin/sign/example-rule-zh.png
b/static/img/shenyu/plugin/sign/example-rule-zh.png
new file mode 100644
index 0000000000..8e8880872a
Binary files /dev/null and b/static/img/shenyu/plugin/sign/example-rule-zh.png
differ
diff --git a/static/img/shenyu/plugin/sign/example-selector-en.png
b/static/img/shenyu/plugin/sign/example-selector-en.png
new file mode 100644
index 0000000000..7d1b20273b
Binary files /dev/null and
b/static/img/shenyu/plugin/sign/example-selector-en.png differ
diff --git a/static/img/shenyu/plugin/sign/example-selector-zh.png
b/static/img/shenyu/plugin/sign/example-selector-zh.png
new file mode 100644
index 0000000000..114cec75d8
Binary files /dev/null and
b/static/img/shenyu/plugin/sign/example-selector-zh.png differ
diff --git a/static/img/shenyu/plugin/sign/example-sign-auth-en.png
b/static/img/shenyu/plugin/sign/example-sign-auth-en.png
new file mode 100644
index 0000000000..33d61cefb8
Binary files /dev/null and
b/static/img/shenyu/plugin/sign/example-sign-auth-en.png differ
diff --git a/static/img/shenyu/plugin/sign/example-sign-auth-zh.png
b/static/img/shenyu/plugin/sign/example-sign-auth-zh.png
new file mode 100644
index 0000000000..c50edc614e
Binary files /dev/null and
b/static/img/shenyu/plugin/sign/example-sign-auth-zh.png differ
diff --git a/static/img/shenyu/plugin/sign/result-with-body.png
b/static/img/shenyu/plugin/sign/result-with-body.png
new file mode 100644
index 0000000000..11cea22334
Binary files /dev/null and b/static/img/shenyu/plugin/sign/result-with-body.png
differ
diff --git a/static/img/shenyu/plugin/sign/result.png
b/static/img/shenyu/plugin/sign/result.png
new file mode 100644
index 0000000000..e710f3bf1f
Binary files /dev/null and b/static/img/shenyu/plugin/sign/result.png differ
diff --git a/static/img/shenyu/plugin/sign/rule-en.png
b/static/img/shenyu/plugin/sign/rule-en.png
new file mode 100644
index 0000000000..cd9b123673
Binary files /dev/null and b/static/img/shenyu/plugin/sign/rule-en.png differ
diff --git a/static/img/shenyu/plugin/sign/rule-zh.png
b/static/img/shenyu/plugin/sign/rule-zh.png
new file mode 100644
index 0000000000..fb7c284a4c
Binary files /dev/null and b/static/img/shenyu/plugin/sign/rule-zh.png differ
diff --git a/static/img/shenyu/plugin/sign/selector-en.png
b/static/img/shenyu/plugin/sign/selector-en.png
new file mode 100644
index 0000000000..4255c316e0
Binary files /dev/null and b/static/img/shenyu/plugin/sign/selector-en.png
differ
diff --git a/static/img/shenyu/plugin/sign/selector-zh.png
b/static/img/shenyu/plugin/sign/selector-zh.png
new file mode 100644
index 0000000000..d4e91308d9
Binary files /dev/null and b/static/img/shenyu/plugin/sign/selector-zh.png
differ
diff --git
a/versioned_docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
b/versioned_docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
index 17b9bfc7af..ae9f3c49e7 100644
---
a/versioned_docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
+++
b/versioned_docs/version-2.4.0/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,44 +4,66 @@ keywords: ["sign"]
description: sign plugin
---
-## Description
-* `Sign` is a native plugin of `Apache ShenYu` Gateway and is used to process
signature authentication of requests.
+# 1. Overview
-## Plugin Setting
+## 1.1 Plugin Name
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, through [Local
Deployment](../../deployment/deployment-local) to start the `Apache ShenYu`
management system.
+* Sign Plugin
-* In `shenyu-admin` BasicConfig --> plugin -> `sign` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
+## 1.2 Appropriate Scenario
- <img src="/img/shenyu/plugin/sign/sign_open_en.jpg" width="80%" height="80%"
/>
+* Support http header to authorize
+* Support http header and request body to authorize
-* ## Plugin Usage
+## 1.3 Plugin functionality
+
+* Process signature authentication of requests.
+
+## 1.4 Plugin code
+
+* Core Module: `shenyu-plugin-sign`
+
+* Core Class: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 Added Since Which shenyu version
+
+* Since ShenYu 2.4.0
+
+# 2. How to use plugin
+
+## 2.1 Plugin-use procedure chart
+
+
+
+## 2.2 Import pom
* Introducing `sign` dependency in the `pom.xml` file of the gateway
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule).
-* Only those matched requests can be authenticated by signature.
+## 2.3 Enable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to enable.
+## 2.4 Config Plugin With Authorize
-## Add AK/SK
+### 2.4.1 AK/SK Config
-#### Explanation
+#### 2.4.1.1 Explanation
- Manage and control the permissions of requests passing through the Apache
ShenYu gateway.
- Generate `AK/SK` and use it with the `Sign` plugin to achieve precise
authority control based on URI level.
-#### Tutorial
+#### 2.4.1.2 Tutorial
First, we can add a piece of authentication information in `BasicConfig` -
`Authentication`
@@ -63,7 +85,7 @@ After submit, a piece of authentication information is
generated, which contains
Please refer to the detailed instructions of the `Sign` plugin: [Sign
Plugin](../../plugin-center/authority-and-certification/sign-plugin).
-#### PathOperation
+#### 2.4.1.3 PathOperation
For the created authentication information, you can click `PathOperation` at
the end of a piece of authentication information.
@@ -73,15 +95,13 @@ For the created authentication information, you can click
`PathOperation` at the
- Check the resource path, click the `>` or `<` in the middle to move the
checked data to the corresponding list.
- In the list of configurable paths on the left, click "Editor" at the end of
the account information line, and add them in the "Resource Path" in the pop-up
box.
-
-## Implementation of Gateway Technology
+### 2.4.2 Implementation of Gateway Technology
* Adopt `AK/SK` authentication technical scheme.
* Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
* Take effect when the authentication plugin is enabled and all interfaces are
configured for authentication.
-
-## Authentication Guide
+### 2.4.3 Authentication Guide
* Step 1: `AK/SK` is assigned by the gateway. For example, the `AK` assigned
to you is: `1TEST123456781` SK is: ` 506eeb535cf740d7a755cb49f4a1536'
@@ -97,6 +117,7 @@ For the created authentication information, you can click
`PathOperation` at the
Sort the above three field natually according to the key, then splice fields
and fields, finally splice SK. The following is a code example.
+#### 2.4.3.1 Generate sign with request header
Step 1: First, construct a Map.
@@ -132,7 +153,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* The final returned value is: `A021BF82BE342668B78CD9ADE593D683`.
-## Request GateWay
+#### 2.4.3.2 Generate sign with request header and request body
+
+Step 1: First, construct a Map, and the map must save every request body
parameters
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+Step 2: Sort the `Keys` naturally, then splice the key and values, and finally
splice the `SK` assigned to you.
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* The returned sign value should
be:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+Step 3: Md5 encryption and then capitalization.
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* The final returned value is: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+### 2.4.4 Request GateWay
* If your visited path is:`/api/service/abc`.
@@ -159,6 +219,114 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## Extension
+### 2.4.5 Plugin Config
+
+
+
+### 2.4.6 Selector Config
+
+
+
+* Only those matched requests can be authenticated by signature.
+
+* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule)
+
+### 2.4.7 Rule Config
+
+
+
+* close(signRequestBody): generate signature with request header.
+* open(signRequestBody): generate signature with request header and request
body.
+
+## 2.5 Examples
+
+### 2.5.1 Verify api with sign plugin
+
+#### 2.5.1.1 Plugin Config
+
+
+
+#### 2.5.1.2 Selector Config
+
+
+
+#### 2.5.1.3 Rule Config
+
+
+
+#### 2.5.1.5 Add AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* build request params with `Authentication Guide`,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+ // map.put("body", "{\"id\":123,\"name\":\"order\"}");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* signature without body:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* sign without body result is: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*signature with
body:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+*sign with body result is:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. How to disable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to disabled.
+
+# 4. Extension
* Please refer to: [dev-sign](../../developer/custom-sign-algorithm).
diff --git
a/versioned_docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
b/versioned_docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
index 17b9bfc7af..ae9f3c49e7 100644
---
a/versioned_docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
+++
b/versioned_docs/version-2.4.1/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,44 +4,66 @@ keywords: ["sign"]
description: sign plugin
---
-## Description
-* `Sign` is a native plugin of `Apache ShenYu` Gateway and is used to process
signature authentication of requests.
+# 1. Overview
-## Plugin Setting
+## 1.1 Plugin Name
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, through [Local
Deployment](../../deployment/deployment-local) to start the `Apache ShenYu`
management system.
+* Sign Plugin
-* In `shenyu-admin` BasicConfig --> plugin -> `sign` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
+## 1.2 Appropriate Scenario
- <img src="/img/shenyu/plugin/sign/sign_open_en.jpg" width="80%" height="80%"
/>
+* Support http header to authorize
+* Support http header and request body to authorize
-* ## Plugin Usage
+## 1.3 Plugin functionality
+
+* Process signature authentication of requests.
+
+## 1.4 Plugin code
+
+* Core Module: `shenyu-plugin-sign`
+
+* Core Class: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 Added Since Which shenyu version
+
+* Since ShenYu 2.4.0
+
+# 2. How to use plugin
+
+## 2.1 Plugin-use procedure chart
+
+
+
+## 2.2 Import pom
* Introducing `sign` dependency in the `pom.xml` file of the gateway
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule).
-* Only those matched requests can be authenticated by signature.
+## 2.3 Enable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to enable.
+## 2.4 Config Plugin With Authorize
-## Add AK/SK
+### 2.4.1 AK/SK Config
-#### Explanation
+#### 2.4.1.1 Explanation
- Manage and control the permissions of requests passing through the Apache
ShenYu gateway.
- Generate `AK/SK` and use it with the `Sign` plugin to achieve precise
authority control based on URI level.
-#### Tutorial
+#### 2.4.1.2 Tutorial
First, we can add a piece of authentication information in `BasicConfig` -
`Authentication`
@@ -63,7 +85,7 @@ After submit, a piece of authentication information is
generated, which contains
Please refer to the detailed instructions of the `Sign` plugin: [Sign
Plugin](../../plugin-center/authority-and-certification/sign-plugin).
-#### PathOperation
+#### 2.4.1.3 PathOperation
For the created authentication information, you can click `PathOperation` at
the end of a piece of authentication information.
@@ -73,15 +95,13 @@ For the created authentication information, you can click
`PathOperation` at the
- Check the resource path, click the `>` or `<` in the middle to move the
checked data to the corresponding list.
- In the list of configurable paths on the left, click "Editor" at the end of
the account information line, and add them in the "Resource Path" in the pop-up
box.
-
-## Implementation of Gateway Technology
+### 2.4.2 Implementation of Gateway Technology
* Adopt `AK/SK` authentication technical scheme.
* Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
* Take effect when the authentication plugin is enabled and all interfaces are
configured for authentication.
-
-## Authentication Guide
+### 2.4.3 Authentication Guide
* Step 1: `AK/SK` is assigned by the gateway. For example, the `AK` assigned
to you is: `1TEST123456781` SK is: ` 506eeb535cf740d7a755cb49f4a1536'
@@ -97,6 +117,7 @@ For the created authentication information, you can click
`PathOperation` at the
Sort the above three field natually according to the key, then splice fields
and fields, finally splice SK. The following is a code example.
+#### 2.4.3.1 Generate sign with request header
Step 1: First, construct a Map.
@@ -132,7 +153,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* The final returned value is: `A021BF82BE342668B78CD9ADE593D683`.
-## Request GateWay
+#### 2.4.3.2 Generate sign with request header and request body
+
+Step 1: First, construct a Map, and the map must save every request body
parameters
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+Step 2: Sort the `Keys` naturally, then splice the key and values, and finally
splice the `SK` assigned to you.
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* The returned sign value should
be:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+Step 3: Md5 encryption and then capitalization.
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* The final returned value is: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+### 2.4.4 Request GateWay
* If your visited path is:`/api/service/abc`.
@@ -159,6 +219,114 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## Extension
+### 2.4.5 Plugin Config
+
+
+
+### 2.4.6 Selector Config
+
+
+
+* Only those matched requests can be authenticated by signature.
+
+* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule)
+
+### 2.4.7 Rule Config
+
+
+
+* close(signRequestBody): generate signature with request header.
+* open(signRequestBody): generate signature with request header and request
body.
+
+## 2.5 Examples
+
+### 2.5.1 Verify api with sign plugin
+
+#### 2.5.1.1 Plugin Config
+
+
+
+#### 2.5.1.2 Selector Config
+
+
+
+#### 2.5.1.3 Rule Config
+
+
+
+#### 2.5.1.5 Add AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* build request params with `Authentication Guide`,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+ // map.put("body", "{\"id\":123,\"name\":\"order\"}");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* signature without body:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* sign without body result is: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*signature with
body:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+*sign with body result is:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. How to disable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to disabled.
+
+# 4. Extension
* Please refer to: [dev-sign](../../developer/custom-sign-algorithm).
diff --git
a/versioned_docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
b/versioned_docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
index 17b9bfc7af..ae9f3c49e7 100644
---
a/versioned_docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
+++
b/versioned_docs/version-2.4.2/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,44 +4,66 @@ keywords: ["sign"]
description: sign plugin
---
-## Description
-* `Sign` is a native plugin of `Apache ShenYu` Gateway and is used to process
signature authentication of requests.
+# 1. Overview
-## Plugin Setting
+## 1.1 Plugin Name
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, through [Local
Deployment](../../deployment/deployment-local) to start the `Apache ShenYu`
management system.
+* Sign Plugin
-* In `shenyu-admin` BasicConfig --> plugin -> `sign` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
+## 1.2 Appropriate Scenario
- <img src="/img/shenyu/plugin/sign/sign_open_en.jpg" width="80%" height="80%"
/>
+* Support http header to authorize
+* Support http header and request body to authorize
-* ## Plugin Usage
+## 1.3 Plugin functionality
+
+* Process signature authentication of requests.
+
+## 1.4 Plugin code
+
+* Core Module: `shenyu-plugin-sign`
+
+* Core Class: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 Added Since Which shenyu version
+
+* Since ShenYu 2.4.0
+
+# 2. How to use plugin
+
+## 2.1 Plugin-use procedure chart
+
+
+
+## 2.2 Import pom
* Introducing `sign` dependency in the `pom.xml` file of the gateway
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule).
-* Only those matched requests can be authenticated by signature.
+## 2.3 Enable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to enable.
+## 2.4 Config Plugin With Authorize
-## Add AK/SK
+### 2.4.1 AK/SK Config
-#### Explanation
+#### 2.4.1.1 Explanation
- Manage and control the permissions of requests passing through the Apache
ShenYu gateway.
- Generate `AK/SK` and use it with the `Sign` plugin to achieve precise
authority control based on URI level.
-#### Tutorial
+#### 2.4.1.2 Tutorial
First, we can add a piece of authentication information in `BasicConfig` -
`Authentication`
@@ -63,7 +85,7 @@ After submit, a piece of authentication information is
generated, which contains
Please refer to the detailed instructions of the `Sign` plugin: [Sign
Plugin](../../plugin-center/authority-and-certification/sign-plugin).
-#### PathOperation
+#### 2.4.1.3 PathOperation
For the created authentication information, you can click `PathOperation` at
the end of a piece of authentication information.
@@ -73,15 +95,13 @@ For the created authentication information, you can click
`PathOperation` at the
- Check the resource path, click the `>` or `<` in the middle to move the
checked data to the corresponding list.
- In the list of configurable paths on the left, click "Editor" at the end of
the account information line, and add them in the "Resource Path" in the pop-up
box.
-
-## Implementation of Gateway Technology
+### 2.4.2 Implementation of Gateway Technology
* Adopt `AK/SK` authentication technical scheme.
* Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
* Take effect when the authentication plugin is enabled and all interfaces are
configured for authentication.
-
-## Authentication Guide
+### 2.4.3 Authentication Guide
* Step 1: `AK/SK` is assigned by the gateway. For example, the `AK` assigned
to you is: `1TEST123456781` SK is: ` 506eeb535cf740d7a755cb49f4a1536'
@@ -97,6 +117,7 @@ For the created authentication information, you can click
`PathOperation` at the
Sort the above three field natually according to the key, then splice fields
and fields, finally splice SK. The following is a code example.
+#### 2.4.3.1 Generate sign with request header
Step 1: First, construct a Map.
@@ -132,7 +153,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* The final returned value is: `A021BF82BE342668B78CD9ADE593D683`.
-## Request GateWay
+#### 2.4.3.2 Generate sign with request header and request body
+
+Step 1: First, construct a Map, and the map must save every request body
parameters
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+Step 2: Sort the `Keys` naturally, then splice the key and values, and finally
splice the `SK` assigned to you.
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* The returned sign value should
be:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+Step 3: Md5 encryption and then capitalization.
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* The final returned value is: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+### 2.4.4 Request GateWay
* If your visited path is:`/api/service/abc`.
@@ -159,6 +219,114 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## Extension
+### 2.4.5 Plugin Config
+
+
+
+### 2.4.6 Selector Config
+
+
+
+* Only those matched requests can be authenticated by signature.
+
+* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule)
+
+### 2.4.7 Rule Config
+
+
+
+* close(signRequestBody): generate signature with request header.
+* open(signRequestBody): generate signature with request header and request
body.
+
+## 2.5 Examples
+
+### 2.5.1 Verify api with sign plugin
+
+#### 2.5.1.1 Plugin Config
+
+
+
+#### 2.5.1.2 Selector Config
+
+
+
+#### 2.5.1.3 Rule Config
+
+
+
+#### 2.5.1.5 Add AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* build request params with `Authentication Guide`,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+ // map.put("body", "{\"id\":123,\"name\":\"order\"}");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* signature without body:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* sign without body result is: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*signature with
body:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+*sign with body result is:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. How to disable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to disabled.
+
+# 4. Extension
* Please refer to: [dev-sign](../../developer/custom-sign-algorithm).
diff --git
a/versioned_docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
b/versioned_docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
index 17b9bfc7af..ae9f3c49e7 100644
---
a/versioned_docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
+++
b/versioned_docs/version-2.4.3/plugin-center/authority-and-certification/sign-plugin.md
@@ -4,44 +4,66 @@ keywords: ["sign"]
description: sign plugin
---
-## Description
-* `Sign` is a native plugin of `Apache ShenYu` Gateway and is used to process
signature authentication of requests.
+# 1. Overview
-## Plugin Setting
+## 1.1 Plugin Name
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, through [Local
Deployment](../../deployment/deployment-local) to start the `Apache ShenYu`
management system.
+* Sign Plugin
-* In `shenyu-admin` BasicConfig --> plugin -> `sign` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
+## 1.2 Appropriate Scenario
- <img src="/img/shenyu/plugin/sign/sign_open_en.jpg" width="80%" height="80%"
/>
+* Support http header to authorize
+* Support http header and request body to authorize
-* ## Plugin Usage
+## 1.3 Plugin functionality
+
+* Process signature authentication of requests.
+
+## 1.4 Plugin code
+
+* Core Module: `shenyu-plugin-sign`
+
+* Core Class: `org.apache.shenyu.plugin.sign.SignPlugin`
+
+## 1.5 Added Since Which shenyu version
+
+* Since ShenYu 2.4.0
+
+# 2. How to use plugin
+
+## 2.1 Plugin-use procedure chart
+
+
+
+## 2.2 Import pom
* Introducing `sign` dependency in the `pom.xml` file of the gateway
```xml
- <!-- apache shenyu sign plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu sign plugin end-->
+<!-- apache shenyu sign plugin start-->
+<dependency>
+ <groupId>org.apache.shenyu</groupId>
+ <artifactId>shenyu-spring-boot-starter-plugin-sign</artifactId>
+ <version>${project.version}</version>
+</dependency>
+<!-- apache shenyu sign plugin end-->
```
-* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule).
-* Only those matched requests can be authenticated by signature.
+## 2.3 Enable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to enable.
+## 2.4 Config Plugin With Authorize
-## Add AK/SK
+### 2.4.1 AK/SK Config
-#### Explanation
+#### 2.4.1.1 Explanation
- Manage and control the permissions of requests passing through the Apache
ShenYu gateway.
- Generate `AK/SK` and use it with the `Sign` plugin to achieve precise
authority control based on URI level.
-#### Tutorial
+#### 2.4.1.2 Tutorial
First, we can add a piece of authentication information in `BasicConfig` -
`Authentication`
@@ -63,7 +85,7 @@ After submit, a piece of authentication information is
generated, which contains
Please refer to the detailed instructions of the `Sign` plugin: [Sign
Plugin](../../plugin-center/authority-and-certification/sign-plugin).
-#### PathOperation
+#### 2.4.1.3 PathOperation
For the created authentication information, you can click `PathOperation` at
the end of a piece of authentication information.
@@ -73,15 +95,13 @@ For the created authentication information, you can click
`PathOperation` at the
- Check the resource path, click the `>` or `<` in the middle to move the
checked data to the corresponding list.
- In the list of configurable paths on the left, click "Editor" at the end of
the account information line, and add them in the "Resource Path" in the pop-up
box.
-
-## Implementation of Gateway Technology
+### 2.4.2 Implementation of Gateway Technology
* Adopt `AK/SK` authentication technical scheme.
* Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
* Take effect when the authentication plugin is enabled and all interfaces are
configured for authentication.
-
-## Authentication Guide
+### 2.4.3 Authentication Guide
* Step 1: `AK/SK` is assigned by the gateway. For example, the `AK` assigned
to you is: `1TEST123456781` SK is: ` 506eeb535cf740d7a755cb49f4a1536'
@@ -97,6 +117,7 @@ For the created authentication information, you can click
`PathOperation` at the
Sort the above three field natually according to the key, then splice fields
and fields, finally splice SK. The following is a code example.
+#### 2.4.3.1 Generate sign with request header
Step 1: First, construct a Map.
@@ -132,7 +153,46 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
* The final returned value is: `A021BF82BE342668B78CD9ADE593D683`.
-## Request GateWay
+#### 2.4.3.2 Generate sign with request header and request body
+
+Step 1: First, construct a Map, and the map must save every request body
parameters
+
+```java
+
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp is string format of millisecond.
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); // Value should be string format of
milliseconds
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ // if your request body is:{"id":123,"name":"order"}
+ map.put("id", "1");
+ map.put("name", "order")
+```
+
+Step 2: Sort the `Keys` naturally, then splice the key and values, and finally
splice the `SK` assigned to you.
+
+```java
+List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, params.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+```
+
+* The returned sign value should
be:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+
+Step 3: Md5 encryption and then capitalization.
+
+```java
+DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
+```
+
+* The final returned value is: `35FE61C21F73E9AAFC46954C14F299D7`.
+
+### 2.4.4 Request GateWay
* If your visited path is:`/api/service/abc`.
@@ -159,6 +219,114 @@ DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
}
```
-## Extension
+### 2.4.5 Plugin Config
+
+
+
+### 2.4.6 Selector Config
+
+
+
+* Only those matched requests can be authenticated by signature.
+
+* Selectors and rules, please refer to: [Selector And Rule
Config](../../user-guide/admin-usage/selector-and-rule)
+
+### 2.4.7 Rule Config
+
+
+
+* close(signRequestBody): generate signature with request header.
+* open(signRequestBody): generate signature with request header and request
body.
+
+## 2.5 Examples
+
+### 2.5.1 Verify api with sign plugin
+
+#### 2.5.1.1 Plugin Config
+
+
+
+#### 2.5.1.2 Selector Config
+
+
+
+#### 2.5.1.3 Rule Config
+
+
+
+#### 2.5.1.5 Add AppKey/SecretKey
+
+
+
+#### 2.5.1.6 Request Service and check result
+
+* build request params with `Authentication Guide`,
+
+```java
+public class Test1 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660658725000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+ map.put("id", "123");
+ map.put("name", "order");
+ // map.put("body", "{\"id\":123,\"name\":\"order\"}");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+* signature without body:
`path/http/order/savetimestamp1571711067186version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+* sign without body result is: `9696D3E549A6AEBE763CCC2C7952DDC1`
+
+
+
+```java
+public class Test2 {
+ public static void main(String[] args) {
+ Map<String, String> map = Maps.newHashMapWithExpectedSize(3);
+ //timestamp为毫秒数的字符串形式
String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())
+ map.put("timestamp","1660659201000"); //值应该为毫秒数的字符串形式
+ map.put("path", "/http/order/save");
+ map.put("version", "1.0.0");
+
+ List<String> storedKeys = Arrays.stream(map.keySet()
+ .toArray(new String[]{}))
+ .sorted(Comparator.naturalOrder())
+ .collect(Collectors.toList());
+ final String sign = storedKeys.stream()
+ .map(key -> String.join("", key, map.get(key)))
+ .collect(Collectors.joining()).trim()
+ .concat("2D47C325AE5B4A4C926C23FD4395C719");
+ System.out.println(sign);
+
+
System.out.println(DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase());
+ }
+}
+```
+
+*signature with
body:`id123nameorderpath/http/order/savetimestamp1660659201000version1.0.02D47C325AE5B4A4C926C23FD4395C719`
+*sign with body result is:`35FE61C21F73E9AAFC46954C14F299D7`
+
+
+
+# 3. How to disable plugin
+
+* In `shenyu-admin`--> BasicConfig --> Plugin --> `sign` set to disabled.
+
+# 4. Extension
* Please refer to: [dev-sign](../../developer/custom-sign-algorithm).
