Enabling Security Authentication for an Exclusive ServiceComb Engine
Overview
The exclusive ServiceComb engine supports security authentication based on the Role-Based Access Control (RBAC) policy and allows you to enable or disable security authentication.
After security authentication is enabled for an engine, the security authentication account and password must be configured for all microservices connected to the engine. Otherwise, the microservice fails to be registered, causing service loss.
Application Scenarios
This section describes how to enable security authentication for an exclusive ServiceComb engine and ensure that services of microservice components connected to the engine are not affected.
Procedure
- Upgrade SDK used by microservice components.
To enable the security authentication function, SDK must support the security authentication function. If the SDK version used by the current microservice components is earlier than the required version (Spring Cloud Huawei requires 1.6.1 or later, and Java chassis requires 2.3.5 or later), you need to upgrade SDK.
- Configure security authentication parameters for microservice components.
Before enabling security authentication for a ServiceComb engine, configure security authentication parameters for the microservice components that have been connected to the engine. To configure security authentication parameters, you need to configure the security authentication account and password:
- Configuring the security authentication account and password for a Spring Cloud microservice component
Table 1 Configuring the security authentication account and password for a Spring Cloud microservice component Configuration File Configuration
Environmental Variables Injection
Add the following configurations to the bootstrap.yml file of the microservice. If they are configured, skip this step.
spring: cloud: servicecomb: credentials: account: name: test #Security authentication account. Set this parameter based on the site requirements. password: mima #Password of the security authentication account. Set this parameter based on the site requirements. cipher: default
Add the following environment variables. For details, see Manually Adding an Application Environment Variable.
- spring_cloud_servicecomb_credentials_account_name: security authentication account. Set this parameter based on the site requirements.
- spring_cloud_servicecomb_credentials_account_password: password of the security authentication account. Set this parameter based on the site requirements.
- By default, the user password is stored in plaintext, which cannot ensure security. You are advised to encrypt the password for storage. For details, see Custom Encryption Algorithms for Storage.
- If security authentication is not enabled for the ServiceComb engine and security authentication parameters are configured for the microservice components connected to the ServiceComb engine, the normal service functions of the microservice components are not affected.
- Configuring the security authentication account and password for a Java chassis microservice component
Table 2 Configuring the security authentication account and password for a Java chassis microservice component Configuration File Configuration
Environmental Variables Injection
Add the following configurations to the microservice.yml file of the microservice. If they are configured, skip this step.
servicecomb: credentials: rbac.enabled: true #Whether to enable security authentication. Set this parameter based on the site requirements. cipher: default account: name: test #Security authentication account. Set this parameter based on the site requirements. password: mima #Password of the security authentication account. Set this parameter based on the site requirements. cipher: default
Add the following environment variables. For details, see Manually Adding an Application Environment Variable.
- servicecomb_credentials_rbac_enabled: whether to enable security authentication. Set this parameter based on the site requirements. true: security authentication is enabled; false: security authentication is disabled.
- servicecomb_credentials_account_name: security authentication account. Set this parameter based on the site requirements.
- servicecomb_credentials_account_password: password of the security authentication account. Set this parameter based on the site requirements.
- Enable security authentication for an exclusive ServiceComb engine. For details, see Enabling Security Authentication.
After security authentication is enabled, if security authentication parameters are not configured for the microservice components connected to the engine, or the security authentication account and password configured for the microservice components are incorrect, the heartbeat of the microservice components fails and the service is forced to go offline.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot