This is an automated email from the ASF dual-hosted git repository.
Yilialinn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 488cdef9f docs(multi-auth): re-port with Admin API, ADC, and Ingress
Controller tabs (#13238)
488cdef9f is described below
commit 488cdef9f23ce2c960553bc725b5647c28fb15e8
Author: Yilia Lin <[email protected]>
AuthorDate: Mon Apr 20 14:11:55 2026 +0800
docs(multi-auth): re-port with Admin API, ADC, and Ingress Controller tabs
(#13238)
---
docs/en/latest/plugins/multi-auth.md | 402 +++++++++++++++++++++++++++-------
docs/zh/latest/plugins/multi-auth.md | 405 +++++++++++++++++++++++++++--------
2 files changed, 644 insertions(+), 163 deletions(-)
diff --git a/docs/en/latest/plugins/multi-auth.md
b/docs/en/latest/plugins/multi-auth.md
index 824259fc8..a5bdf7633 100644
--- a/docs/en/latest/plugins/multi-auth.md
+++ b/docs/en/latest/plugins/multi-auth.md
@@ -6,7 +6,7 @@ keywords:
- Plugin
- Multi Auth
- multi-auth
-description: This document contains information about the Apache APISIX
multi-auth Plugin.
+description: The multi-auth plugin enables consumers using diverse
authentication methods to share the same route or service, streamlining API
lifecycle management.
---
<!--
@@ -28,27 +28,27 @@ description: This document contains information about the
Apache APISIX multi-au
#
-->
-## Description
-
-The `multi-auth` Plugin is used to add multiple authentication methods to a
Route or a Service. It supports plugins of type 'auth'. You can combine
different authentication methods using `multi-auth` plugin.
+<head>
+ <link rel="canonical" href="https://docs.api7.ai/hub/multi-auth"; />
+</head>
-This plugin provides a flexible authentication mechanism by iterating through
the list of authentication plugins specified in the `auth_plugins` attribute.
It allows multiple consumers to share the same route while using different
authentication methods. For example, one consumer can authenticate using basic
authentication, while another consumer can authenticate using JWT.
-
-## Attributes
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
-For Route:
+## Description
-| Name | Type | Required | Default | Description
|
-|--------------|-------|----------|---------|-----------------------------------------------------------------------|
-| auth_plugins | array | True | - | Add supporting auth plugins
configuration. expects at least 2 plugins |
+The `multi-auth` Plugin allows Consumers using different authentication
methods to share the same Route or Service. It supports the configuration of
multiple authentication Plugins, so that a request would be allowed through if
it authenticates successfully against any configured authentication method.
-## Enable Plugin
+## Attributes
-To enable the Plugin, you have to create two or more Consumer objects with
different authentication configurations:
+| Name | Type | Required | Default | Valid values | Description |
+|------|------|----------|---------|--------------|-------------|
+| auth_plugins | array | True | | | An array of at least two authentication
Plugins. |
-First create a Consumer using basic authentication:
+## Examples
:::note
+
You can fetch the `admin_key` from `config.yaml` and save to an environment
variable with the following command:
```bash
@@ -57,108 +57,354 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key'
conf/config.yaml | sed 's/"/
:::
+### Allow Different Authentications on the Same Route
+
+The following example demonstrates how to have one Consumer using basic
authentication, while another Consumer using key authentication, both sharing
the same Route.
+
+<Tabs
+groupId="api"
+defaultValue="admin-api"
+values={[
+{label: 'Admin API', value: 'admin-api'},
+{label: 'ADC', value: 'adc'},
+{label: 'Ingress Controller', value: 'aic'}
+]}>
+
+<TabItem value="admin-api">
+
+Create two Consumers:
+
+```shell
+curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "username":"consumer1"
+ }'
+```
+
```shell
-curl http://127.0.0.1:9180/apisix/admin/consumers -H "X-API-KEY: $admin_key"
-X PUT -d '
-{
- "username": "foo1",
+curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "username":"consumer2"
+ }'
+```
+
+Configure basic authentication Credential for `consumer1`:
+
+```shell
+curl "http://127.0.0.1:9180/apisix/admin/consumers/consumer1/credentials"; -X
PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "cred-jane-key-auth",
"plugins": {
- "basic-auth": {
- "username": "foo1",
- "password": "bar1"
- }
+ "basic-auth": {
+ "username":"consumer1",
+ "password":"consumer1_pwd"
+ }
}
-}'
+ }'
```
-Then create a Consumer using key authentication:
+Configure key authentication Credential for `consumer2`:
```shell
-curl http://127.0.0.1:9180/apisix/admin/consumers -H "X-API-KEY: $admin_key"
-X PUT -d '
-{
- "username": "foo2",
+curl "http://127.0.0.1:9180/apisix/admin/consumers/consumer2/credentials"; -X
PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "cred-jane-key-auth",
"plugins": {
- "key-auth": {
- "key": "auth-one"
- }
+ "key-auth": {
+ "key":"consumer2_pwd"
+ }
}
-}'
+ }'
```
-Once you have created Consumer objects, you can then configure a Route or a
Service to authenticate requests:
+Create a Route with `multi-auth` and configure the two authentication Plugins
that Consumers use:
```shell
-curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X
PUT -d '
-{
- "methods": ["GET"],
- "uri": "/hello",
+curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "multi-auth-route",
+ "uri": "/anything",
"plugins": {
- "multi-auth":{
- "auth_plugins":[
- {
- "basic-auth":{ }
- },
- {
- "key-auth":{
- "query":"apikey",
- "hide_credentials":true,
- "header":"apikey"
- }
+ "multi-auth":{
+ "auth_plugins":[
+ {
+ "basic-auth":{}
+ },
+ {
+ "key-auth":{
+ "hide_credentials":true,
+ "header":"apikey",
+ "query":"apikey"
}
- ]
+ }
+ ]
}
},
"upstream": {
- "type": "roundrobin",
- "nodes": {
- "127.0.0.1:1980": 1
- }
+ "type": "roundrobin",
+ "nodes": {
+ "httpbin.org": 1
+ }
}
-}'
+ }'
```
-## Example usage
+</TabItem>
-After you have configured the Plugin as mentioned above, you can make a
request to the Route as shown below:
+<TabItem value="adc">
-Send a request with `basic-auth` credentials:
+Create two Consumers with their respective Credentials and a Route with
`multi-auth`:
+
+```yaml title="adc.yaml"
+consumers:
+ - username: consumer1
+ credentials:
+ - name: cred-consumer1-basic-auth
+ type: basic-auth
+ config:
+ username: consumer1
+ password: consumer1_pwd
+ - username: consumer2
+ credentials:
+ - name: cred-consumer2-key-auth
+ type: key-auth
+ config:
+ key: consumer2_pwd
+services:
+ - name: multi-auth-service
+ routes:
+ - name: multi-auth-route
+ uris:
+ - /anything
+ plugins:
+ multi-auth:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
+ upstream:
+ type: roundrobin
+ nodes:
+ - host: httpbin.org
+ port: 80
+ weight: 1
+```
+
+Synchronize the configuration to the gateway:
```shell
-curl -i -ufoo1:bar1 http://127.0.0.1:9080/hello
+adc sync -f adc.yaml
```
-Send a request with `key-auth` credentials:
+</TabItem>
+
+<TabItem value="aic">
+
+<Tabs
+groupId="k8s-api"
+defaultValue="gateway-api"
+values={[
+{label: 'Gateway API', value: 'gateway-api'},
+{label: 'APISIX Ingress Controller', value: 'apisix-ingress-controller'}
+]}>
+
+<TabItem value="gateway-api">
+
+```yaml title="multi-auth-ic.yaml"
+apiVersion: apisix.apache.org/v1alpha1
+kind: Consumer
+metadata:
+ namespace: aic
+ name: consumer1
+spec:
+ gatewayRef:
+ name: apisix
+ credentials:
+ - type: basic-auth
+ name: cred-consumer1-basic-auth
+ config:
+ username: consumer1
+ password: consumer1_pwd
+---
+apiVersion: apisix.apache.org/v1alpha1
+kind: Consumer
+metadata:
+ namespace: aic
+ name: consumer2
+spec:
+ gatewayRef:
+ name: apisix
+ credentials:
+ - type: key-auth
+ name: cred-consumer2-key-auth
+ config:
+ key: consumer2_pwd
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: aic
+ name: httpbin-external-domain
+spec:
+ type: ExternalName
+ externalName: httpbin.org
+---
+apiVersion: apisix.apache.org/v1alpha1
+kind: PluginConfig
+metadata:
+ namespace: aic
+ name: multi-auth-plugin-config
+spec:
+ plugins:
+ - name: multi-auth
+ config:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ namespace: aic
+ name: multi-auth-route
+spec:
+ parentRefs:
+ - name: apisix
+ rules:
+ - matches:
+ - path:
+ type: Exact
+ value: /anything
+ filters:
+ - type: ExtensionRef
+ extensionRef:
+ group: apisix.apache.org
+ kind: PluginConfig
+ name: multi-auth-plugin-config
+ backendRefs:
+ - name: httpbin-external-domain
+ port: 80
+```
+
+Apply the configuration to your cluster:
```shell
-curl http://127.0.0.1:9080/hello -H 'apikey: auth-one' -i
+kubectl apply -f multi-auth-ic.yaml
+```
+
+</TabItem>
+
+<TabItem value="apisix-ingress-controller">
+
+```yaml title="multi-auth-ic.yaml"
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+ namespace: aic
+ name: consumer1
+spec:
+ ingressClassName: apisix
+ authParameter:
+ basicAuth:
+ value:
+ username: consumer1
+ password: consumer1_pwd
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+ namespace: aic
+ name: consumer2
+spec:
+ ingressClassName: apisix
+ authParameter:
+ keyAuth:
+ value:
+ key: consumer2_pwd
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixUpstream
+metadata:
+ namespace: aic
+ name: httpbin-external-domain
+spec:
+ ingressClassName: apisix
+ externalNodes:
+ - type: Domain
+ name: httpbin.org
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixRoute
+metadata:
+ namespace: aic
+ name: multi-auth-route
+spec:
+ ingressClassName: apisix
+ http:
+ - name: multi-auth-route
+ match:
+ paths:
+ - /anything
+ upstreams:
+ - name: httpbin-external-domain
+ plugins:
+ - name: multi-auth
+ enable: true
+ config:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
```
+Apply the configuration to your cluster:
+
+```shell
+kubectl apply -f multi-auth-ic.yaml
```
-HTTP/1.1 200 OK
-...
-hello, world
+
+</TabItem>
+
+</Tabs>
+
+</TabItem>
+
+</Tabs>
+
+Send a request to the Route with `consumer1` basic authentication credentials:
+
+```shell
+curl -i "http://127.0.0.1:9080/anything"; -u consumer1:consumer1_pwd
```
-If the request is not authorized, an `401 Unauthorized` error will be thrown:
+You should receive an `HTTP/1.1 200 OK` response.
+
+Send another request to the Route with `consumer2` key authentication
Credential:
-```json
-{"message":"Authorization Failed"}
+```shell
+curl -i "http://127.0.0.1:9080/anything"; -H 'apikey: consumer2_pwd'
```
-## Delete Plugin
+You should again receive an `HTTP/1.1 200 OK` response.
-To remove the `multi-auth` Plugin, you can delete the corresponding JSON
configuration from the Plugin configuration. APISIX will automatically reload
and you do not have to restart for this to take effect.
+Send a request to the Route without any Credential:
```shell
-curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X
PUT -d '
-{
- "methods": ["GET"],
- "uri": "/hello",
- "plugins": {},
- "upstream": {
- "type": "roundrobin",
- "nodes": {
- "127.0.0.1:1980": 1
- }
- }
-}'
+curl -i "http://127.0.0.1:9080/anything";
```
+
+You should receive an `HTTP/1.1 401 Unauthorized` response.
+
+This shows that Consumers using different authentication methods are able to
authenticate and access the resource behind the same Route.
diff --git a/docs/zh/latest/plugins/multi-auth.md
b/docs/zh/latest/plugins/multi-auth.md
index 16ac84e0b..9b4dbc556 100644
--- a/docs/zh/latest/plugins/multi-auth.md
+++ b/docs/zh/latest/plugins/multi-auth.md
@@ -6,7 +6,7 @@ keywords:
- Plugin
- Multi Auth
- multi-auth
-description: 本文档包含有关 Apache APISIX multi-auth 插件的信息。
+description: multi-auth 插件支持使用不同认证方式的消费者共享同一路由或服务,简化 API 生命周期管理。
---
<!--
@@ -28,29 +28,28 @@ description: 本文档包含有关 Apache APISIX multi-auth 插件的信息。
#
-->
-## 描述
-
-插件 `multi-auth` 用于向 `Route` 或者 `Service` 中,添加多种身份验证方式。它支持 `auth` 类型的插件。您可以使用
`multi-auth` 插件,来组合不同的身份认证方式。
+<head>
+ <link rel="canonical" href="https://docs.api7.ai/hub/multi-auth"; />
+</head>
-插件通过迭代 `auth_plugins` 属性指定的插件列表,提供了灵活的身份认证机制。它允许多个 `Consumer`
在使用不同身份验证方式时共享相同的 `Route` ,同时。例如:一个 Consumer 使用 basic 认证,而另一个消费者使用 JWT 认证。
-
-## 属性
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
-For Route:
+## 描述
-| 名称 | 类型 | 必选项 | 默认值 | 描述 |
-|--------------|-------|------|-----|-------------------------|
-| auth_plugins | array | True | - | 添加需要支持的认证插件。至少需要 2 个插件。 |
+`multi-auth` 插件允许使用不同认证方式的消费者共享同一路由或服务。它支持配置多个认证插件,只要请求通过其中任意一种认证方式即可放行。
-## 启用插件
+## 属性
-要启用插件,您必须创建两个或多个具有不同身份验证插件配置的 Consumer:
+| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
+|------|------|--------|--------|--------|------|
+| auth_plugins | array | 是 | | | 至少包含两个认证插件的数组。 |
-首先创建一个 Consumer 使用 basic-auth 插件:
+## 使用示例
:::note
-您可以这样从 `config.yaml` 中获取 `admin_key` 并存入环境变量:
+你可以这样从 `config.yaml` 中获取 `admin_key` 并存入环境变量:
```bash
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed
's/"//g')
@@ -58,118 +57,354 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key'
conf/config.yaml | sed 's/"/
:::
-:::note
+### 在同一路由上允许不同的认证方式
-您可以这样从 `config.yaml` 中获取 `admin_key` 并存入环境变量:
+以下示例演示如何让一个消费者使用 basic 认证,另一个消费者使用 key 认证,两者共享同一路由。
-```bash
-admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed
's/"//g')
+<Tabs
+groupId="api"
+defaultValue="admin-api"
+values={[
+{label: 'Admin API', value: 'admin-api'},
+{label: 'ADC', value: 'adc'},
+{label: 'Ingress Controller', value: 'aic'}
+]}>
+
+<TabItem value="admin-api">
+
+创建两个 Consumer:
+
+```shell
+curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "username":"consumer1"
+ }'
```
-:::
+```shell
+curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "username":"consumer2"
+ }'
+```
+
+为 `consumer1` 配置 basic 认证凭证:
```shell
-curl http://127.0.0.1:9180/apisix/admin/consumers -H "X-API-KEY: $admin_key"
-X PUT -d '
-{
- "username": "foo1",
+curl "http://127.0.0.1:9180/apisix/admin/consumers/consumer1/credentials"; -X
PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "cred-jane-key-auth",
"plugins": {
- "basic-auth": {
- "username": "foo1",
- "password": "bar1"
- }
+ "basic-auth": {
+ "username":"consumer1",
+ "password":"consumer1_pwd"
+ }
}
-}'
+ }'
```
-然后再创建一个 Consumer 使用 key-auth 插件:
+为 `consumer2` 配置 key 认证凭证:
```shell
-curl http://127.0.0.1:9180/apisix/admin/consumers -H "X-API-KEY: $admin_key"
-X PUT -d '
-{
- "username": "foo2",
+curl "http://127.0.0.1:9180/apisix/admin/consumers/consumer2/credentials"; -X
PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "cred-jane-key-auth",
"plugins": {
- "key-auth": {
- "key": "auth-one"
- }
+ "key-auth": {
+ "key":"consumer2_pwd"
+ }
}
-}'
+ }'
```
-创建 Consumer 之后,您可以配置一个路由或服务来验证请求:
+创建一个带有 `multi-auth` 的路由,并配置消费者使用的两个认证插件:
```shell
-curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X
PUT -d '
-{
- "methods": ["GET"],
- "uri": "/hello",
+curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \
+ -H "X-API-KEY: ${admin_key}" \
+ -d '{
+ "id": "multi-auth-route",
+ "uri": "/anything",
"plugins": {
- "multi-auth":{
- "auth_plugins":[
- {
- "basic-auth":{ }
- },
- {
- "key-auth":{
- "query":"apikey",
- "hide_credentials":true,
- "header":"apikey"
- }
+ "multi-auth":{
+ "auth_plugins":[
+ {
+ "basic-auth":{}
+ },
+ {
+ "key-auth":{
+ "hide_credentials":true,
+ "header":"apikey",
+ "query":"apikey"
}
- ]
+ }
+ ]
}
},
"upstream": {
- "type": "roundrobin",
- "nodes": {
- "127.0.0.1:1980": 1
- }
+ "type": "roundrobin",
+ "nodes": {
+ "httpbin.org": 1
+ }
}
-}'
+ }'
```
-## 使用示例
-
-如上所述配置插件后,您可以向对应的 API 发起一个请求,如下所示:
+</TabItem>
+
+<TabItem value="adc">
+
+创建两个带有各自凭证的消费者以及一个带有 `multi-auth` 的路由:
+
+```yaml title="adc.yaml"
+consumers:
+ - username: consumer1
+ credentials:
+ - name: cred-consumer1-basic-auth
+ type: basic-auth
+ config:
+ username: consumer1
+ password: consumer1_pwd
+ - username: consumer2
+ credentials:
+ - name: cred-consumer2-key-auth
+ type: key-auth
+ config:
+ key: consumer2_pwd
+services:
+ - name: multi-auth-service
+ routes:
+ - name: multi-auth-route
+ uris:
+ - /anything
+ plugins:
+ multi-auth:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
+ upstream:
+ type: roundrobin
+ nodes:
+ - host: httpbin.org
+ port: 80
+ weight: 1
+```
-请求开启 basic-auth 插件的 API
+将配置同步到网关:
```shell
-curl -i -ufoo1:bar1 http://127.0.0.1:9080/hello
+adc sync -f adc.yaml
+```
+
+</TabItem>
+
+<TabItem value="aic">
+
+<Tabs
+groupId="k8s-api"
+defaultValue="gateway-api"
+values={[
+{label: 'Gateway API', value: 'gateway-api'},
+{label: 'APISIX Ingress Controller', value: 'apisix-ingress-controller'}
+]}>
+
+<TabItem value="gateway-api">
+
+```yaml title="multi-auth-ic.yaml"
+apiVersion: apisix.apache.org/v1alpha1
+kind: Consumer
+metadata:
+ namespace: aic
+ name: consumer1
+spec:
+ gatewayRef:
+ name: apisix
+ credentials:
+ - type: basic-auth
+ name: cred-consumer1-basic-auth
+ config:
+ username: consumer1
+ password: consumer1_pwd
+---
+apiVersion: apisix.apache.org/v1alpha1
+kind: Consumer
+metadata:
+ namespace: aic
+ name: consumer2
+spec:
+ gatewayRef:
+ name: apisix
+ credentials:
+ - type: key-auth
+ name: cred-consumer2-key-auth
+ config:
+ key: consumer2_pwd
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: aic
+ name: httpbin-external-domain
+spec:
+ type: ExternalName
+ externalName: httpbin.org
+---
+apiVersion: apisix.apache.org/v1alpha1
+kind: PluginConfig
+metadata:
+ namespace: aic
+ name: multi-auth-plugin-config
+spec:
+ plugins:
+ - name: multi-auth
+ config:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ namespace: aic
+ name: multi-auth-route
+spec:
+ parentRefs:
+ - name: apisix
+ rules:
+ - matches:
+ - path:
+ type: Exact
+ value: /anything
+ filters:
+ - type: ExtensionRef
+ extensionRef:
+ group: apisix.apache.org
+ kind: PluginConfig
+ name: multi-auth-plugin-config
+ backendRefs:
+ - name: httpbin-external-domain
+ port: 80
```
-请求开启 key-auth 插件的 API
+将配置应用到集群:
```shell
-curl http://127.0.0.1:9080/hello -H 'apikey: auth-one' -i
+kubectl apply -f multi-auth-ic.yaml
```
+</TabItem>
+
+<TabItem value="apisix-ingress-controller">
+
+```yaml title="multi-auth-ic.yaml"
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+ namespace: aic
+ name: consumer1
+spec:
+ ingressClassName: apisix
+ authParameter:
+ basicAuth:
+ value:
+ username: consumer1
+ password: consumer1_pwd
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+ namespace: aic
+ name: consumer2
+spec:
+ ingressClassName: apisix
+ authParameter:
+ keyAuth:
+ value:
+ key: consumer2_pwd
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixUpstream
+metadata:
+ namespace: aic
+ name: httpbin-external-domain
+spec:
+ ingressClassName: apisix
+ externalNodes:
+ - type: Domain
+ name: httpbin.org
+---
+apiVersion: apisix.apache.org/v2
+kind: ApisixRoute
+metadata:
+ namespace: aic
+ name: multi-auth-route
+spec:
+ ingressClassName: apisix
+ http:
+ - name: multi-auth-route
+ match:
+ paths:
+ - /anything
+ upstreams:
+ - name: httpbin-external-domain
+ plugins:
+ - name: multi-auth
+ enable: true
+ config:
+ auth_plugins:
+ - basic-auth: {}
+ - key-auth:
+ hide_credentials: true
+ header: apikey
+ query: apikey
```
-HTTP/1.1 200 OK
-...
-hello, world
+
+将配置应用到集群:
+
+```shell
+kubectl apply -f multi-auth-ic.yaml
```
-如果请求未授权,将会返回 `401 Unauthorized` 错误:
+</TabItem>
+
+</Tabs>
+
+</TabItem>
-```json
-{"message":"Authorization Failed"}
+</Tabs>
+
+向路由发送带有 `consumer1` basic 认证凭据的请求:
+
+```shell
+curl -i "http://127.0.0.1:9080/anything"; -u consumer1:consumer1_pwd
```
-## 删除插件
+你应该收到 `HTTP/1.1 200 OK` 响应。
-要删除 `multi-auth` 插件,您可以从插件配置中删除插件对应的 JSON 配置,APISIX 会自动加载,您不需要重新启动即可生效。
+向路由发送带有 `consumer2` key 认证凭证的请求:
```shell
-curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X
PUT -d '
-{
- "methods": ["GET"],
- "uri": "/hello",
- "plugins": {},
- "upstream": {
- "type": "roundrobin",
- "nodes": {
- "127.0.0.1:1980": 1
- }
- }
-}'
+curl -i "http://127.0.0.1:9080/anything"; -H 'apikey: consumer2_pwd'
+```
+
+你同样应该收到 `HTTP/1.1 200 OK` 响应。
+
+向路由发送不带任何凭证的请求:
+
+```shell
+curl -i "http://127.0.0.1:9080/anything";
```
+
+你应该收到 `HTTP/1.1 401 Unauthorized` 响应。
+
+以上验证了使用不同认证方式的消费者能够通过认证并访问同一路由后端的资源。
