JWT 验证(受众限制):apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication metadata: name: api-jwt namespace: default spec: selector: matchLabels: app: api jwtRules: - issuer: https://issuer.example.com/ audiences: - my-audience jwksUri: https://issuer.example.com/.well-known/jwks.json 路径授权(仅允许携带合法 JWT 的访问):apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: api-allow-jwt namespace: default spec: selector: matchLabels: app: api rules: - from: - source: requestPrincipals: ["*"] to: - operation: paths: ["/api/secure/*"] when: - key: request.auth.claims[aud] values: ["my-audience"]
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复