21 UAA.md

UAA (User Authentication and Authorize)

介绍

架构图

Access Control

• User access is configured using “roles” and RBAC
• Machines access is configured using “scopes” and RBAC
• Complex access configuration is expressed using ABAC, using boolean expressions over both “roles” and “scopes”
  • example: hasRole(“ADMIN”) and hasScope(“shop-manager.read”, “shop-manager.write”)

流程图

内部微服务

• secure inter-service-communication using feign clients
• @AuthorizedFeignClients

微服务分组

• 基于scope完成

@Override
    public void configure(HttpSecurity http) throws Exception {
        ......
            .anyRequest().access("#oauth2.hasScope('read')")
    }