服务端 authentication拦截,主要基于 拦截器!
客户端的拦截,主要基于grpc对 authentication的封装,WithPerRPCCredentials()
实现方式:
func main() {flag.Parse()fmt.Printf("server starting on port %d...\n", *port)cert, err := tls.LoadX509KeyPair(testdata.Path("server1.pem"), testdata.Path("server1.key"))if err != nil {log.Fatalf("failed to load key pair: %s", err)}opts := []grpc.ServerOption{// The following grpc.ServerOption adds an interceptor for all unary// RPCs. To configure an interceptor for streaming RPCs, see:// https://godoc.org/google.golang.org/grpc#StreamInterceptorgrpc.UnaryInterceptor(ensureValidToken),// Enable TLS for all incoming connections.grpc.Creds(credentials.NewServerTLSFromCert(&cert)),}s := grpc.NewServer(opts...)pb.RegisterEchoServer(s, &ecServer{})lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *port))if err != nil {log.Fatalf("failed to listen: %v", err)}if err := s.Serve(lis); err != nil {log.Fatalf("failed to serve: %v", err)}}
func main() {
flag.Parse()
// Set up the credentials for the connection.
perRPC := oauth.NewOauthAccess(fetchToken())
creds, err := credentials.NewClientTLSFromFile(testdata.Path("ca.pem"), "x.test.youtube.com")
if err != nil {
log.Fatalf("failed to load credentials: %v", err)
}
opts := []grpc.DialOption{
// In addition to the following grpc.DialOption, callers may also use
// the grpc.CallOption grpc.PerRPCCredentials with the RPC invocation
// itself.
// See: https://godoc.org/google.golang.org/grpc#PerRPCCredentials
grpc.WithPerRPCCredentials(perRPC),
// oauth.NewOauthAccess requires the configuration of transport
// credentials.
grpc.WithTransportCredentials(creds),
}
opts = append(opts, grpc.WithBlock())
conn, err := grpc.Dial(*addr, opts...)
if err != nil {
log.Fatalf("did not connect: %v", err)
}
defer conn.Close()
rgc := ecpb.NewEchoClient(conn)
callUnaryEcho(rgc, "hello world")
}
若有收获,就点个赞吧
0 人点赞
