Every request proxied by Kong must be associated with a Consumer.
You’ll now create a Consumer named anonymous_users
启用认证插件后,如果不配置匿名用户,那么如果客户 端不传递凭据,那么就不会通过
每个请求必须要和一个消费者关联,匿名消费者的配置,需要如下:
$ curl -i -X PATCH
--url http://localhost:8001/plugins/<your-plugin-id>
--data "config.anonymous=<your-consumer-id>"当客户端不设置apikey的时候,kongm默认取配置的匿名用户转发到后端
我们可以针对匿名用户配置限流策略
PermalinkAnonymous Access
Kong has the ability to configure a given Service to allow both authenticated and anonymous access.
You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access to authenticated users with a higher rate limit.
To configure a Service like this, you first apply your selected authentication plugin, then create a new consumer to represent anonymous users, then configure your authentication plugin to allow anonymous access. Here is an example, which assumes you have already configured a Service named example-service and the corresponding route:
-
PermalinkCreate an example Service and a Route
Issue the following cURL request to create
example-servicepointing to mockbin.org, which will echo the request:$ curl -i -X POST --url http://localhost:8001/services/ --data 'name=example-service' --data 'url=http://mockbin.org/request'Add a route to the Service:
$ curl -i -X POST --url http://localhost:8001/services/example-service/routes --data 'paths[]=/auth-sample'The url
http://localhost:8000/auth-samplewill now echo whatever is being requested. -
PermalinkConfigure the key-auth Plugin for your Service
Issue the following cURL request to add a plugin to a Service:
$ curl -i -X POST --url http://localhost:8001/services/example-service/plugins/ --data 'name=key-auth'Be sure to note the created Plugin
id- you’ll need it in step 5. -
PermalinkVerify that the key-auth plugin is properly configured
Issue the following cURL request to verify that the key-auth plugin was properly configured on the Service:
$ curl -i -X GET --url http://localhost:8000/auth-sampleSince you did not specify the required
apikeyheader or parameter, and you have not yet enabled anonymous access, the response should be403 Forbidden:HTTP/1.1 403 Forbidden ... { "message": "No API key found in headers or querystring" } -
PermalinkCreate an anonymous Consumer
Every request proxied by Kong must be associated with a Consumer. You’ll now create a Consumer named
anonymous_users(that Kong will utilize when proxying anonymous access) by issuing the following request:$ curl -i -X POST --url http://localhost:8001/consumers/ --data "username=anonymous_users"You should see a response similar to the one below:
HTTP/1.1 201 Created Content-Type: application/json Connection: keep-alive { "username": "anonymous_users", "created_at": 1428555626000, "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9" }Be sure to note the Consumer
id- you’ll need it in the next step. -
PermalinkEnable anonymous access
You’ll now re-configure the key-auth plugin to permit anonymous access by issuing the following request (replace the sample uuids below by the
idvalues from step 2 and 4):$ curl -i -X PATCH --url http://localhost:8001/plugins/<your-plugin-id> --data "config.anonymous=<your-consumer-id>"The
config.anonymous=<your-consumer-id>parameter instructs the key-auth plugin on this Service to permit anonymous access, and to associate such access with the Consumeridwe received in the previous step. It is required that you provide a valid and pre-existing Consumeridin this step - validity of the Consumeridis not currently checked when configuring anonymous access, and provisioning of a Consumeridthat doesn’t already exist will result in an incorrect configuration. -
PermalinkCheck anonymous access
Confirm that your Service now permits anonymous access by issuing the following request:
$ curl -i -X GET --url http://localhost:8000/auth-sampleThis is the same request you made in step #3, however this time the request should succeed, because you enabled anonymous access in step #5.
The response (which is the request as Mockbin received it) should have these elements:
{ ... "headers": { ... "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494", "x-consumer-username": "anonymous_users", "x-anonymous-consumer": "true", ... }, ... }It shows the request was successful, but anonymous.