from flask import Flask, redirect, request, jsonify, make_response
import requests
app = Flask(__name__)
@app.route('/login', methods=['POST'])
def login():
# 로그인 로직 수행 (예: 사용자 인증)
user = request.form['username']
password = request.form['password']
# 사용자 인증이 성공하면 JWT 토큰 발급
jwt_token = create_jwt_token(user) # JWT 발급 함수 (구현 필요)
# www.service.com으로 리디렉션하면서 JWT 토큰을 Authorization 헤더에 포함
headers = {
'Authorization': f'Bearer {jwt_token}'
}
# requests를 사용하여 www.service.com에 요청 전송
response = requests.get('https://www.service.com/service', headers=headers)
# 응답 처리 (예: 쿠키 설정 등)
if response.status_code == 200:
return jsonify(response.json()), 200
else:
return jsonify({'error': 'Unauthorized'}), 401
def create_jwt_token(user):
# JWT 토큰 생성 로직 (구현 필요)
return "your.jwt.token"
if __name__ == '__main__':
app.run(debug=True)apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: service-gateway
namespace: your-namespace
spec:
selector:
istio: ingressgateway # 사용할 게이트웨이 선택
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "www.service.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: service-virtualservice
namespace: your-namespace
spec:
hosts:
- "www.service.com"
gateways:
- service-gateway
http:
- match:
- uri:
exact: /service
route:
- destination:
host: service-app # 실제 서비스로 라우팅
port:
number: 80
---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: jwt-request-auth
namespace: your-namespace
spec:
selector:
matchLabels:
app: service-app # 실제 서비스의 레이블에 맞춰 설정
jwtRules:
- issuer: "https://your-keycloak-domain/auth/realms/your-realm" # Keycloak의 발급자 URL
jwksUri: "https://your-keycloak-domain/auth/realms/your-realm/protocol/openid-connect/certs" # JWKS URI
audiences:
- "your-audience" # JWT의 audience 값
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: jwt-authz-policy
namespace: your-namespace
spec:
selector:
matchLabels:
app: service-app # 실제 서비스의 레이블에 맞춰 설정
rules:
- from:
- source:
requestPrincipals: ["*"] # JWT로 인증된 모든 사용자 허용
to:
- operation:
paths: ["/service"] # /service 경로에 대한 요청만 허용
https://github.com/min731