柔性微服务安全访问控制框架

微服务架构实现了应用服务的业务解耦和技术栈分离，但更多的微服务也增加了进程间无状态服务调用频度，如何在保证服务性能的同时确保无状态服务之间的安全访问控制是微服务安全架构面临的关键问题.本文设计了一种柔性微服务安全访问控制框架，结合微服务API网关、轻量级微服务访问令牌构建方法以及柔性适配的微服务安全控制策略等特征，提高了微服务的柔性安全控制能力，经试验分析，代价更小，并在实际项目中验证了框架及方法的有效性.

Flexible Microservice Security Access Control Framework

The microservice architecture facilitates the service decoupling of application services and the separation of the technology stack. However, more microservices also increase the frequency of stateless service invocation across processes. How to ensure secure service access control between stateless services while ensuring service performance is a key issue for the microservices security architecture. In this study, we design a flexible microservice security access control framework. Combining the features of microservice API gateway, the lightweight microservice token construction mechanism and the flexible adaptation of microservices security control strategy, we improve the flexible security control ability of microservice. After the experimental analysis, the cost is smaller, and the validity of the framework and the method is verified in the actual project.