了解和使用keystone(五)获取token
2016-09-10 21:55
274 查看
获取token
创建一个json文件,作为HTTP消息的内容$ cat token-request.json { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain":{ "name":"demo-domain" }, "name": "userA2", "password": "123456" } } }, "scope": { "project": { "domain":{ "name":"demo-domain" }, "name": "project-A" } } } }
向keystone请求token。-si是返回消息头。token信息位于消息头的X-Subject-Token字段
curl -si -d @token-request.json -H "Content-type: application/json" http://localhost:35357/v3/auth/tokens HTTP/1.1 201 Created X-Subject-Token: ea480e2f70414176b43480cfa6b22a2b Vary: X-Auth-Token X-Distribution: Ubuntu Content-Type: application/json Content-Length: 557 X-Openstack-Request-Id: req-63f66227-1232-429a-8c80-b644050887be Date: Mon, 05 Sep 2016 09:44:11 GMT {"token": {"methods": ["password"], "roles": [{"id": "6abf3532fce440148a7f29abc7685142", "name": "demo-role"}], "expires_at": "2016-09-05T10:44:11.422204Z", "project": {"domain": {"id": "32b54ffdebe84eba9cd10a8dbe647b70", "name": "demo-domain"}, "id": "b65e9985801f4481bce7ba885b68cac3", "name": "project-A"}, "catalog": [], "user": {"domain": {"id": "32b54ffdebe84eba9cd10a8dbe647b70", "name": "demo-domain"}, "id": "459c2cc894844396bec6c16fbc28da87", "name": "userA2"}, "audit_ids": ["0mgrffReTNWGCNz2WflPSQ"], "issued_at": "2016-09-05T09:44:11.422251Z"}}
从上面可以看到,token=ea480e2f70414176b43480cfa6b22a2b,我们将其获取,并存放在USER_TOKEN的环境变量中。也可以直接用以下面的方式。
$ export USER_TOKEN=`curl -si -d @token-request.json -H "Content-type: application/json" http://localhost:35357/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'` $ echo $USER_TOKEN 2d2f89d63a024f45bd95e8d98ec4ae44 (每次获取会修改token的)
利用token查看用户信息
如果权限出现问题,请修改/etc/keystone/policy.json,确保owner获取相关权限。"identity:get_user": "rule:admin_or_owner"$ curl -H "X-Auth-Token:$USER_TOKEN" -H "Content-type: application/json" http://localhost:35357/v3/users/459c2cc894844396bec6c16fbc28da87 | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 290 100 290 0 0 2329 0 --:--:-- --:--:-- --:--:-- 2357 { "user": { "domain_id": "32b54ffdebe84eba9cd10a8dbe647b70", "email": "test@hello.com", "enabled": true, "id": "459c2cc894844396bec6c16fbc28da87", "links": { "self": "http://localhost:35357/v3/users/459c2cc894844396bec6c16fbc28da87" }, "name": "userA2", "param1": "value1", "param2": "value2" } }
利用token查看project信息
$ curl -H "X-Auth-Token:$USER_TOKEN" -H "Content-type: application/json" http://localhost:35357/v3/projects/b65e9985801f4481bce7ba885b68cac3 | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 389 100 389 0 0 4467 0 --:--:-- --:--:-- --:--:-- 4523 { "project": { "description": "Project A", "domain_id": "32b54ffdebe84eba9cd10a8dbe647b70", "enabled": true, "id": "b65e9985801f4481bce7ba885b68cac3", "is_domain": false, "links": { "self": "http://localhost:35357/v3/projects/b65e9985801f4481bce7ba885b68cac3" }, "name": "project-A", "parent_id": "32b54ffdebe84eba9cd10a8dbe647b70", "project_A_param1": "value1", "project_A_param2": "value2" } }
其他模块验证该token是否正确
场景:模块A是keystone的一个user,模块B为keystone提供摸个功能(service)。模块A向模块B发送一个Restful的消息,将携带token信息,模块B向keystone验证这个token是否正确。用户发出请求时,在消息头中携带token,其他模块收到消息后,向keystone发起验证请求。通过则返回信息,不通过则返回4xx错误。
$ curl -H "X-Auth-Token:$USER_TOKEN" -H "X-Subject-Token:$USER_TOKEN" -H "Content-type: application/json" http://localhost:35357/v3/auth/tokens | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 557 100 557 0 0 3839 0 --:--:-- --:--:-- --:--:-- 3841 { "token": { "audit_ids": [ "Bi9Z3vCmSLCJ6EXYh-qEbA" ], "catalog": [], "expires_at": "2016-09-05T10:44:51.187971Z", "issued_at": "2016-09-05T09:44:51.188016Z", "methods": [ "password" ], "project": { "domain": { "id": "32b54ffdebe84eba9cd10a8dbe647b70", "name": "demo-domain" }, "id": "b65e9985801f4481bce7ba885b68cac3", "name": "project-A" }, "roles": [ { "id": "6abf3532fce440148a7f29abc7685142", "name": "demo-role" } ], "user": { "domain": { "id": "32b54ffdebe84eba9cd10a8dbe647b70", "name": "demo-domain" }, "id": "459c2cc894844396bec6c16fbc28da87", "name": "userA2" } } }
相关文章推荐
- 如何使用python3调用openstack keystone identity REST api接口获取X-AUTH-TOKEN
- (六)、获取Keystone token的三种方式
- 使用AFNetWorking 实现以Basic Authentication方式获取access-token
- 微信开发使用access_token 获取微信的ip地址
- keystone获取token代码分析
- 使用ajax跨域请求时,后台无法获取到token
- 【QQ登录】使用Implicit_Grant方式获取Access_Token
- 使用HttpClient 访问Spring OAuth 2.0接口 获取token
- jmeter用正则表达式获取token并使用
- 通过实例了解如何使用js获取下拉列表框内的值
- 微信公共平台接入之:网页授权(微信授权,微信access_token获取,获取微信用户信息),微信开发者工具使用,微信公众平台测试号申请接入
- 获取Keystone token的三种方式
- 了解和使用keystone(一)keystone的基本认知
- webapi集成owin使用Oauth认证时能获取accee_token仍无法登录的解决办法
- php获取微信公众帐号access_token存储并长期使用
- 了解和使用keystone(六)创建service和endpoint
- Use a SAML Token to Obtain a vCloud Suite Session ID ----使用SAML 令牌 获取VCloud 会话ID
- 关于微信第三方授权登陆 使用code获取token时返回40029
- 了解和使用keystone(三)创建admin用户
- laravel的csrf token 的了解及使用