问题描述
我在KONG上阅读了本教程 https://getkong.org/plugins/jwt/
I went through this tutorial on KONGhttps://getkong.org/plugins/jwt/
我对JWT和授权概念有所了解.我已经用Spring Boot原型化了JWT,可以在其中放置自己的键值,例如{{authorizations:"role_admin,role_user"}.
I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}.
在Spring Boot中很容易做到这一点,但是我找不到有关如何使用KONG进行此操作的信息.有人有任何信息吗?
It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it?
推荐答案
Kong社区版只能处理身份验证过程((允许或拒绝与客户联系).
Kong community edition can handle only the authentication process, (give or deny access to a customer).
授权过程(给定客户可以在您的应用程序中执行的操作)由您的应用程序或 https://getkong.org/plugins/ee-oauth2-introspection/仅限企业版的oauth2自省插件
Authorization process (what a given customer can do in your application) is handled by your application or by https://getkong.org/plugins/ee-oauth2-introspection/ oauth2 introspection plugin which is enterprise edition only
如果用户通过身份验证或由kong代理的原始令牌头,则可以基于X-Consumer-Username
请求头编写自己的授权服务器
you can write your own authorization server based on X-Consumer-Username
request header if user passed authentication or original token header proxied by kong
希望有帮助
这篇关于JWT和KONG具有自定义身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!