JWT authentication is a popular authentication method for HTTP service and client, App Mesh implemented a JWT Server with RBAC (role based access control) and this service can be used to build a JWT server for other systems. detail design refer to JWT Design
- Users
- Roles
- Groups
- Permissions
Index | Method | URI | Body/Headers | Desc |
---|---|---|---|---|
1 | POST | /appmesh/login | Authorization=Basic base64(NAME:PASSWD) Optional: Expire-Seconds=600 |
JWT authenticate login |
2 | POST | /appmesh/auth | curl -X POST -k -H "Authorization:Bearer <JWT_TOKEN>" https://127.0.0.1:6060/appmesh/auth Optional: Auth-Permission=permission_id |
JWT token and permission authenticate |
3 | POST | /appmesh/user/admin/passwd | New-Password=base64(passwd) | Change user password |
4 | POST | /appmesh/user/usera/lock | admin user to lock usera | |
5 | POST | /appmesh/user/usera/unlock | admin user to unlock usera | |
6 | PUT | /appmesh/user/usera | Add usera to Users | |
7 | DEL | /appmesh/user/usera | Delete usera | |
8 | GET | /appmesh/users | Get user list | |
9 | GET | /appmesh/roles | Get role list | |
10 | POST | /appmesh/role/roleA | Update roleA with defined permissions | |
11 | DELETE | /appmesh/role/roleA | Delete roleA | |
12 | GET | /appmesh/user/permissions | Get user self permissions, user token is required in header | |
13 | GET | /appmesh/permissions | Get all permissions | |
14 | GET | /appmesh/user/groups | Get all user groups |
Other system can call the 10th API to define Roles
and Permissions
, and call 6th API to define user with corresponding role.
System login and permission can all forward to App Mesh 1st and 2nd API to do the authentication.
All those managements API can be operated by UI
compose.yml
version: "3"
services:
jwt_appmesh:
image: laoshanxi/appmesh:latest
hostname: www.appmesh.com
restart: always
volumes:
- /etc/ssl/ca-bundle.pem:/opt/appmesh/ssl/ca.pem
- ./server.pem:/opt/appmesh/ssl/server.pem
- ./server-key.pem:/opt/appmesh/ssl/server-key.pem
- ./security.yaml:/opt/appmesh/security.yaml:rw
ports:
- "6060:6060"
environment:
- APPMESH_REST_RestListenAddress=www.appmesh.com
jwt_appmesh_ui:
image: laoshanxi/appmesh-ui:latest
restart: always
volumes:
- ./server.pem:/etc/nginx/conf.d/server.crt
- ./server-key.pem:/etc/nginx/conf.d/server.key
ports:
- "8443:443"
environment:
- APP_MESH_SERVER_HOST=www.appmesh.com
links:
- jwt_appmesh
depends_on:
- jwt_appmesh