Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
guillheu commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-3509007736 Hi. I actually have a use case for this. I have an authentication server which by design will be rather slow, and I cannot expect the clients to respect response headers like `Set-Cookie`. The gateway would be hammered with requests from the same clients repeatedly and would have to query the auth server for each request. A simple fix on my end would be to have some caching on the auth server itself, but that would still be ever so slightly less efficient (on paper anyways) than having the auth response cached directly at the gateway. I also successfully achieved that level of auth response caching with nginx, but moved to apisix for other features. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
Baoyuantop closed issue #10805: Hope "forward auth" can set cache time,and, Options requests can be approved URL: https://github.com/apache/apisix/issues/10805 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
Baoyuantop commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-2893341027 If there is still a problem, please open it again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
Baoyuantop commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-2893340571 I don't think this is suitable for implementation in a gateway auth plugin. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
sultra commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-2415733659 我觉得缓存机制应该自己auth服务实现 + 首先auth服务本身有业务逻辑耦合度,比如用哪种认证机制,这是不是还要考虑绑定其他插件,比如jwt-auth?如果不是JWT,那插件如何判断缓存的合法性? + 其次缓存信息一致性问题,比如当某用户权限配置修改后,缓存是要主动清理掉便于下次请求能正确处理新权限逻辑,这种情况你自己的auth服务可以做到,而我认为插件根本做不到! + 如果只是简单的缓存合法的token,理论上每次请求时,做验证的数学运算根本用不了太多资源吧?网络IO压力可以用负载均衡来解决 + 随着业务发展会有更多其他问题出现,不能靠插件来解决!插件核心作用是提供一个处理逻辑链,一个桥梁作用,做太多复杂功能会影响核心apisix风险! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
smileby commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1958485394 > @smileby Thank you, good New Year. I have several services, and except for logging in, I have used 'forward auth' with a token to verify the auth service. It passes normal access and does not pass directly through 403, which means that all interfaces need to access the auth service before reaching the business layer. I am a bit worried about the pressure on the auth service, so I am considering adding a cache in this layer that can directly solve the problem > > I don't know if my usage is incorrect? I don't think it's universal, maybe there's something wrong with my understanding, let's see what other people think -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
jiangxiulong commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1953481512 @smileby Thank you, good New Year. I have several services, and except for logging in, I have used 'forward auth' with a token to verify the auth service. It passes normal access and does not pass directly through 403, which means that all interfaces need to access the auth service before reaching the business layer. I am a bit worried about the pressure on the auth service, so I am considering adding a cache in this layer that can directly solve the problem I don't know if my usage is incorrect? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
smileby commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1931631602 @jiangxiulong Hi, Please provide your usage scenario. I think that for the authentication system, the probability of repeated authentication requests from the same user is very small. For requests from a large number of users, I think caching at the gateway layer has no practical significance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
jiangxiulong commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1893231354 @shreemaan-abhishek Sorry, I think my current abilities are not enough -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
shreemaan-abhishek commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1892477250 @sheharyaar no not you, I was asking @jiangxiulong. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
sheharyaar commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1890977968 I am working on other issues right now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
shreemaan-abhishek commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1890958974 would you like to contribute this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Hope "forward auth" can set cache time,and, Options requests can be approved [apisix]
sheharyaar commented on issue #10805: URL: https://github.com/apache/apisix/issues/10805#issuecomment-1887341285 @Sn0rt @shreemaan-abhishek -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
