用于Web服务的代理安全服务,在请求中需要Uname/Password [英] Proxy Security Service for Web Service requiring Uname/Password in the Request
问题描述
我们有一个供应商提供的解决方案,该解决方案需要用户名和密码来利用作为Web服务公开的API.它们将包含在调用的实际xml中.我们显然不喜欢那样.
We have a vendor supplied solution that requires a username and password to utilize their APIs exposed as a web service. They are to be included in the actual xml of the call. We obviously don't like that.
任何人都不知道我们可以使用基于令牌的安全性对呼叫系统进行身份验证的任何产品,系统或其他任何东西,然后该系统将注入用户名密码并在产品可访问的安全区域(而不是外部区域)中转发请求来电者.当然,还可以返回响应.
Does anyone know of any product, system, whatever, that we can have calling systems authenticate to with token based security, which would then inject the username password and forward the request in a secure zone accessible by the product but not the outside callers. And of course return the response through.
例如:
推荐答案
我会参加@identigral STS提案.如@identigral所述,建议使用诸如 Keycloak 之类的身份管理(IdM)来提供OAuth 2.0令牌并在不久的将来说服您的供应商使用某些IdM.要查看有关如何生成Keycloak令牌的示例,请检查此存储库以及此Stackoverflow问题.对于您的用例,我看到了三种可能的解决方案:
I would go for the @identigral STS proposal. As @identigral mentioned, the recommendation is to use some Identity Management (IdM) such as Keycloak to provide the OAuth 2.0 tokens and in the near future convince your vendor to use some IdM. To see an example on how to generate Keycloak tokens check this repo and also this Stackoverflow question. For your use case I see three possible solutions:
-
如果您使用Java开发东西,我会选择API网关,例如 Netflix Zuul . Spring框架支持Zuul 并应用 Cloud Config 来存储组件及其组件的全局配置可以轻松地与Zuul联系起来.
If you are developing things with Java I would go for an API Gateway such as Netflix Zuul. Spring framework supports Zuul and apply OAuth 2.0 tokens to Zuul is a very good option. For the config part again Spring provides Cloud Config to store global configuration for your component and it can be easily connected with Zuul.
使用一些商业工具,例如 Google Apigee .来看一下,第1点中描述的所有内容都可以使用Apigee在涵盖多种编程语言的API级别进行配置.
Use some commercial tool such as Google Apigee. Take a look at it, everything described in point 1.) can be configured using Apigee at an API level covering multiple programming languages.
您还可以将反向代理用作具有安全性的代理API网关,例如 Traefik .
You can also use a reverse proxy as Proxy API Gateway with Security such as Nginx or Traefik.
任何解决方案都对您有益,这取决于您的特定用例.
Any solution can be good for you, it depends on your specific use case.
这篇关于用于Web服务的代理安全服务,在请求中需要Uname/Password的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
