Skip to main content
Version: 2.3.0-Legacy

Sign Plugin

Explanation#

  • Sign is a native plugin of soul Gateway and is used to process signature authentication of requests.

Plugin Setting#

  • In soul-admin -> plugin management --> sign set to enable.

Plugin Usage#

  • Introducing sign dependency in the pom.xml file of the gateway
  <!-- soul sign plugin start-->  <dependency>      <groupId>org.dromara</groupId>      <artifactId>soul-spring-boot-starter-plugin-sign</artifactId>     <version>${last.version}</version>  </dependency>  <!-- soul sign plugin end-->
  • Selectors and rules, please refer to: selector.
  • Only those matched requests can be authenticated by signature.

Add AK/SK#

  • In soul-admin --> In authentication management, click Add to add a new AK/SK。

Implementation of Gateway Technology#

  • Adopt Ak/SK authentication technical scheme.
  • Adopt authentication plug-in and Chain of Responsibility Pattern to realize.
  • Take effect when the authentication plugin is enabled and all interfaces are configured for authentication.

Authentication Guide#

  • Step 1: AK/SK is assigned by the gateway. For example, the AK assigned to you is: 1test123456781 SK is: ` 506eeb535cf740d7a755cb49f4a1536'
  • Step 2: Decide the gateway path you want to access, such as ` /api/service/abc'
  • Step 3: Construct parameters (the following are general parameters)
FieldValueDescription
timestampcurrent timestamp(String)The number of milliseconds of the current time(gateway will filter requests the before 5 minutes)
path/api/service/abcThe path that you want to request(Modify by yourself according to your configuration of gateway)
version1.0.01.0.0 is a fixed string value

Sort the above two field natually according to the key, then splice fields and fields, finally splice SK. The following is a code example.

Step 1: First, construct a Map.


   Map<String, String> map = Maps.newHashMapWithExpectedSize(2);   //timestamp is string format of millisecond. String.valueOf(LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli())    map.put("timestamp","1571711067186");  // Value should be string format of milliseconds   map.put("path", "/api/service/abc");   map.put("version", "1.0.0");

Step 2: Sort the Keys naturally, then splice the key and values, and finally splice the SK assigned to you.

List<String> storedKeys = Arrays.stream(map.keySet()                .toArray(new String[]{}))                .sorted(Comparator.naturalOrder())                .collect(Collectors.toList());final String sign = storedKeys.stream()                .map(key -> String.join("", key, params.get(key)))                .collect(Collectors.joining()).trim()                .concat("506EEB535CF740D7A755CB4B9F4A1536");
  • The returned sign value should be:path/api/service/abctimestamp1571711067186version1.0.0506EEB535CF740D7A755CB4B9F4A1536

Step 3: Md5 encryption and then capitalization.

DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase()
  • The final returned value is:A021BF82BE342668B78CD9ADE593D683

Request GateWay#

  • If your visited path is:/api/service/abc。

  • Address: http: domain name of gateway /api/service/abc.

  • Set headerheader Parameter:

FieldValueDescription
timestamp1571711067186Timestamp when signing
appKey1TEST123456781The AK value assigned to you
signA90E66763793BDBC817CF3B52AAAC041The signature obtained above
version1.0.01.0.0 is a fixed value.

  • The signature plugin will filter requests after 5 minutes by default

  • If the authentication fails, will return code 401, message may change.

"code":401,"message":"sign is not pass,Please check you sign algorithm!","data":null}

Extension#