By creating access control rules, an RPC service provider can add or limit the access permissions of specific callers. In this way, the RPC service provider can adjust the permission assigned to subscribers to call the RPC service.
- The SOFABoot version is 3.1.1 or later.
- The dependency of DRM has been added to the
pom.xmlfile of the project.
- The following configuration has been added to the
application.propertiesfile of the PRC server and client.
sofa-configuration-sdkhas been added to the
pom.xmlfile that introduces the RPC JAR package.
You can configure a whitelist or blacklist to implement access control. The whitelist and blacklist are mutually exclusive and cannot be enabled simultaneously. You can enable either whitelist or blacklist for each service.
- Whitelist mode: Only service callers that meet whitelist rules have the access permissions. Requests from other service calls are rejected.
- Blacklist mode: Access requests from service callers that meet blacklist rules are rejected. Requests from other service calls are accepted.
Both the whitelist and the blacklist consist of one or more rules. Multiple rules are in an OR relationship. After a list is enabled, if an access request meets any one of the enabled rules, the access request meets the filter conditions.
- Rule name: It can contain Chinese characters, letters, digits, and underscores (_).
- Status: The status is enabled or disabled.
- Match condition: A rule consists of one or more match conditions.Multiple match conditions are in an AND relationship.
- Action: You can edit or delete rules.
System fields or custom fields can be used as match conditions.
- System fields:
- App name of the caller
- IP address of the service caller
- App name of the service provider
- Service name of the service provider
- Method name of the service provider
- Custom fields: You can customize fields based on your needs.
- Logical relationship (operator):
- Does Not Equal
- Is Part Of
- Is Not Part Of
- Regular expression: You can configure a regular expression to match requests.
- Field value