Help Center/ ServiceStage/ Best Practices/ Enabling Security Authentication for an Exclusive Microservice Engine

Updated on 2023-07-14 GMT+08:00

View PDF

Enabling Security Authentication for an Exclusive Microservice Engine

Overview

The exclusive microservice engine supports security authentication based on the Role-Based Access Control (RBAC) policy and allows you to enable or disable security authentication.

After security authentication is enabled for an engine, the security authentication account and password must be configured for all microservices connected to the engine. Otherwise, the microservice fails to be registered, causing service loss.

Application Scenarios

This section describes how to enable security authentication for an exclusive microservice engine and ensure that services of microservice components connected to the engine are not affected.

Procedure

Upgrade the SDK used by microservice components.
To enable the security authentication function, SDK must support the security authentication function. If the SDK version used by the current microservice components is earlier than the required version (Spring Cloud Huawei requires 1.6.1 or later, and Java chassis requires 2.3.5 or later), you need to upgrade SDK.

Configure security authentication parameters for microservice components.

Before enabling security authentication for a microservice engine, configure security authentication parameters for the microservice components that have been connected to the engine. To configure security authentication parameters, you need to configure the security authentication account and password:

Configuring the security authentication account and password for a Spring Cloud microservice component

**Table 1** Configuring the security authentication account and password for a Spring Cloud microservice component
Configuration File Configuration	Environmental Variables Injection
Add the following configurations to the bootstrap.yml file of the microservice. If they are configured, skip this step. spring: cloud: servicecomb: credentials: account: name: test #Security authentication account. Set this parameter based on the site requirements. password: mima #Password of the security authentication account. Set this parameter based on the site requirements. cipher: default	Add the following environment variables. For details, see Managing Application Environment Variables. spring_cloud_servicecomb_credentials_account_name: security authentication account. Set this parameter based on the site requirements. spring_cloud_servicecomb_credentials_account_password: password of the security authentication account. Set this parameter based on the site requirements.

By default, the user password is stored in plaintext, which cannot ensure security. You are advised to encrypt the password for storage. For details, see Custom Encryption Algorithms for Storage.
If security authentication is not enabled for the microservice engine and security authentication parameters are configured for the microservice components connected to the microservice engine, the normal service functions of the microservice components are not affected.

Configuring the security authentication account and password for a Java Chassis microservice component

**Table 2** Configuring the security authentication account and password for a Java Chassis microservice component
Configuration File Configuration	Environmental Variables Injection
Add the following configurations to the microservice.yml file of the microservice. If they are configured, skip this step. servicecomb: credentials: rbac.enabled: true #Whether to enable security authentication. Set this parameter based on the site requirements. cipher: default account: name: test #Security authentication account. Set this parameter based on the site requirements. password: mima #Password of the security authentication account. Set this parameter based on the site requirements. cipher: default	Add the following environment variables. For details, see Managing Application Environment Variables. servicecomb_credentials_rbac_enabled: whether to enable security authentication. Set this parameter based on the site requirements. true: security authentication is enabled; false: security authentication is disabled. servicecomb_credentials_account_name: security authentication account. Set this parameter based on the site requirements. servicecomb_credentials_account_password: password of the security authentication account. Set this parameter based on the site requirements.

Enable security authentication for an exclusive microservice engine. For details, see Enabling Security Authentication.

After security authentication is enabled, if security authentication parameters are not configured for the microservice components connected to the engine, or the security authentication account and password configured for the microservice components are incorrect, the heartbeat of the microservice components fails and the service is forced to go offline.