A method and system for unified authority control of microservices based on user attributes

Abstract

The present invention provides a method and system for unified authority control of microservices based on user attributes. The method includes: storing user attribute information through authority control microservices; selecting objects and policy requirements that require authorization, and creating access control through authority control microservices strategy to realize the dynamic configuration of permissions; when the gateway receives the identity authentication request sent by the client, it forwards it to the permission control microservice, and generates an authentication authentication token after verification and returns it to the client; when the client requests to use any resource of the business microservice, The gateway receives resource request information and authentication tokens, and forwards them to the authority control microservice, completes resource authentication by parsing the authentication parameters, releases the resource request to the business microservice after success, executes the corresponding operation, and returns the result. The present invention completes unified authority control of business microservices through authority control microservices, refines the granularity of authority access control, improves dynamics, and thereby improves the security of authority management.

Description

Technical field [0001] The invention relates to the field of microservices and authority control, in particular to a unified authority control method and system for microservices based on user attributes. technical background [0002] Micro-service technology architecture is a new type of software architecture. Under micro-service architecture, an application will be split into several or even hundreds of micro-services, and each micro-service needs to authenticate access and resources. If authentication and authentication logic are carried out for each business microservice system, it will not only fail to guarantee the unity of authentication and authentication, but also bring great burden to the maintenance and expansion of the system. [0003] With the emergence of various authentication scenarios such as web, mobile and open platforms, the traditional authentication and authentication logic under the single application architecture can't guarantee the reasonable applicabilit...

AI Technical Summary

Problems solved by technology

[0005] 1. By following the mature monolithic application service architecture authentication scheme, it is possible to implement authentication and authentication logic for each business microservice system. However, this approach cannot guarantee the unity of authentication and authentication among various microservices and will bring great difficulties to the maintenance and expansion of the system

[0006] 2. It is also aimed at the authentication and authentication of microservices. With the development of multiple terminals such as web terminals, mobile terminals, and open platforms, there have been multiple connections between external application access, between users and services, and between services. authentication scenarios, the existing authentication methods cannot be applied to a variety of authentication scenarios

However, for many special customization needs, the entire community has not yet formed a general production-level out-of-the-box product

Specifically, the microservice authentication implemented through the integration of Spring Cloud Zuul and Oauth2 will lead to a large project size and not flexible enough; using the distributed Session solution will bring serious load problems or network overhead

[0008] 4. More and more enterprises and institutions choose to store, deliver and expand data by building cloud storage platforms or big data platforms, which brings some data security issues, such as illegal user intrusion, etc.

Images