Managing Security Authentication for a ServiceComb Engine
A ServiceComb engine may be used by multiple users. Different users must have different ServiceComb engine access and operation permissions based on their responsibilities and permissions. If security authentication is enabled for an exclusive ServiceComb engine, grant different access and operation permissions to users based on the roles associated with the accounts used by the users to access the ServiceComb engine.
For details about security authentication, see System Management.
Currently, Java chassis and Spring Cloud support security authentication for microservices. The Java chassis version must be 2.3.5 or later, and Spring Cloud must integrate Spring Cloud Huawei 1.6.1 or later.
You can enable or disable security authentication for the exclusive ServiceComb engine based on service requirements.
- Enabling Security Authentication
If a ServiceComb engine is available with security authentication disabled, you can enable security authentication based on service requirements.
After security authentication is enabled and programming interface authentication is also enabled, if security authentication parameters are not configured for the microservice components connected to the engine, or the security authentication account and password configured for the microservice components are incorrect, the heartbeat of the microservice components fails and the service is forced to go offline. Perform the following steps:
- Spring Cloud: For details, see Connecting Spring Cloud Applications to ServiceComb Engines.
- Java Chassis: For details, see Connecting Java Chassis Applications to ServiceComb Engines.
- Disabling Security Authentication
If a ServiceComb engine is available with security authentication enabled, you can disable security authentication based on service requirements.
After security authentication is disabled for a microservice component, service functions of the microservice component are not affected no matter whether security authentication parameters are configured for the microservice component.
Enabling Security Authentication
- Log in to CSE.
- Choose Exclusive ServiceComb Engines.
- Click the target engine.
- In the Network Configuration and Security area, click Enable security authentication.
- Upgrade the engine to 1.2.0 or later.
- Click Upgrade.
- Select Target Version and view the version description. Determine whether to upgrade the software to this version. Then, click OK.
- Select the upgraded ServiceComb engine. In the Network Configuration and Security area, click Enable security authentication.
- On the System Management page, enable security authentication.
- To enable security authentication for the first time, click Enable security authentication.
You need to create user root first. Enter and confirm the password of user root. Then, click Create Now.
- Enable security authentication again and enter the name and password of the account associated with the admin role in the engine.
- To enable security authentication for the first time, click Enable security authentication.
- (Optional) Create a role based on service requirements. For details, see Roles.
- (Optional) Create an account based on service requirements. For details, see Accounts.
- On the System Management page, click Enable security authentication and configure the security settings.
- If you enable Authenticate Console, go to 11.
After Authenticate Console is enabled, you need to use an account and password to log in to the CSE console. The login user can only view and configure services on which the user has permission.
- If you enable Authenticate Programming Interface, go to 10.
After Authenticate Programming Interface is enabled, Authenticate Console is automatically enabled.
After it is enabled, you need to add the corresponding account and password to the microservice configuration file. Otherwise, the service cannot be registered with the engine.
After it is disabled, you can register the service with the engine without configuring the account and password in the microservice configuration file, which improves the efficiency. You are advised to disable this function when accessing the service in a VPC.
- If you enable Authenticate Console, go to 11.
- Configure the SDK. For microservice components that have been deployed but not configured with security authentication parameters, configure the account name and password for security authentication and then upgrade the component. For details, see Configuring the Security Authentication Account and Password for a Microservice.
- Click OK.
After the ServiceComb engine is updated and the engine status changes from Configuring to Available, security authentication is enabled successfully.
Disabling Security Authentication
- Log in to CSE.
- Choose Exclusive ServiceComb Engines.
- Click the target engine.
- In the Network Configuration and Security area, click Disable security authentication.
- Click OK. After the ServiceComb engine is updated and the engine status changes from Configuring to Available, security authentication is disabled successfully.
After security authentication is disabled, accounts created on the engine will not be deleted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot