All Products
Search
Document Center

Service Authentication

Last Updated: Aug 17, 2020

By creating access control rules, an RPC service provider can add or limit the access permissions of specific callers. In this way, the RPC service provider can adjust the permission assigned to subscribers to call the RPC service.

Prerequisites

  1. The SOFABoot version is 3.1.1 or later.
  2. The dependency of DRM has been added to the pom.xml file of the project.
  1. <dependency>
  2. <groupId>com.alipay.sofa</groupId>
  3. <artifactId>ddcs-enterprise-sofa-boot-starter</artifactId>
  4. </dependency>
  1. The following configuration has been added to the application.properties file of the PRC server and client.
  1. com.alipay.sofa.rpc.dynamic-config=drm
  1. sofa-configuration-sdk has been added to the pom.xml file that introduces the RPC JAR package.
  1. <dependency>
  2. <groupId>com.alipay.sofa</groupId>
  3. <artifactId>sofa-configuration-sdk</artifactId>
  4. <version>0.1.1</version>
  5. </dependency>

Service Control

Whitelist and blacklist

You can configure a whitelist or blacklist to implement access control. The whitelist and blacklist are mutually exclusive and cannot be enabled simultaneously. You can enable either whitelist or blacklist for each service.

  • Whitelist mode: Only service callers that meet whitelist rules have the access permissions. Requests from other service calls are rejected.
  • Blacklist mode: Access requests from service callers that meet blacklist rules are rejected. Requests from other service calls are accepted.

Rule description

Both the whitelist and the blacklist consist of one or more rules. Multiple rules are in an OR relationship. After a list is enabled, if an access request meets any one of the enabled rules, the access request meets the filter conditions.

Note: Only enabled rules are used to filter access requests.

Rule composition

  • Rule name: It can contain Chinese characters, letters, digits, and underscores (_).
  • Status: The status is enabled or disabled.
  • Match condition: A rule consists of one or more match conditions.Multiple match conditions are in an AND relationship.
  • Action: You can edit or delete rules.

Match condition

System fields or custom fields can be used as match conditions.

  • System fields:
    • App name of the caller
    • IP address of the service caller
    • App name of the service provider
    • Service name of the service provider
    • Method name of the service provider
  • Custom fields: You can customize fields based on your needs.
  • Logical relationship (operator):
    • Equals
    • Does Not Equal
    • Is Part Of
    • Is Not Part Of
    • Regular expression: You can configure a regular expression to match requests.
  • Field value