mirror of https://gitee.com/maxjhandsome/pig
⬆️ Upgrading dependencies. nacos 2.0.3 closed #I42YD3
This commit is contained in:
lht
parent
cd9df626a1
commit
67ed0368f1
|
|
@ -27,7 +27,7 @@
|
|||
<description>nacos 注册配置中心</description>
|
||||
|
||||
<properties>
|
||||
<nacos.version>2.0.2</nacos.version>
|
||||
<nacos.version>2.0.3</nacos.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
|
|
|||
|
|
@ -16,10 +16,6 @@
|
|||
|
||||
package com.alibaba.nacos.config;
|
||||
|
||||
import java.time.ZoneId;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import com.alibaba.nacos.core.code.ControllerMethodsCache;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
|
||||
|
|
@ -31,6 +27,9 @@ import org.springframework.web.cors.CorsConfiguration;
|
|||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
import org.springframework.web.filter.CorsFilter;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import java.time.ZoneId;
|
||||
|
||||
/**
|
||||
* Console config.
|
||||
*
|
||||
|
|
@ -74,5 +73,4 @@ public class ConsoleConfig {
|
|||
public Jackson2ObjectMapperBuilderCustomizer jacksonObjectMapperCustomization() {
|
||||
return jacksonObjectMapperBuilder -> jacksonObjectMapperBuilder.timeZone(ZoneId.systemDefault().toString());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,10 +51,10 @@ public class HealthController {
|
|||
}
|
||||
|
||||
/**
|
||||
* Whether the Nacos is in broken states or not, and cannot recover except by being
|
||||
* restarted.
|
||||
* @return HTTP code equal to 200 indicates that Nacos is in right states. HTTP code
|
||||
* equal to 500 indicates that Nacos is in broken states.
|
||||
* Whether the Nacos is in broken states or not, and cannot recover except by being restarted.
|
||||
*
|
||||
* @return HTTP code equal to 200 indicates that Nacos is in right states. HTTP code equal to 500 indicates that
|
||||
* Nacos is in broken states.
|
||||
*/
|
||||
@GetMapping("/liveness")
|
||||
public ResponseEntity<String> liveness() {
|
||||
|
|
@ -63,8 +63,9 @@ public class HealthController {
|
|||
|
||||
/**
|
||||
* Ready to receive the request or not.
|
||||
* @return HTTP code equal to 200 indicates that Nacos is ready. HTTP code equal to
|
||||
* 500 indicates that Nacos is not ready.
|
||||
*
|
||||
* @return HTTP code equal to 200 indicates that Nacos is ready. HTTP code equal to 500 indicates that Nacos is not
|
||||
* ready.
|
||||
*/
|
||||
@GetMapping("/readiness")
|
||||
public ResponseEntity<String> readiness(HttpServletRequest request) {
|
||||
|
|
@ -76,8 +77,7 @@ public class HealthController {
|
|||
}
|
||||
|
||||
if (!isConfigReadiness && !isNamingReadiness) {
|
||||
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
|
||||
.body("Config and Naming are not in readiness");
|
||||
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Config and Naming are not in readiness");
|
||||
}
|
||||
|
||||
if (!isConfigReadiness) {
|
||||
|
|
@ -92,8 +92,7 @@ public class HealthController {
|
|||
try {
|
||||
persistService.configInfoCount("");
|
||||
return true;
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
LOGGER.error("Config health check fail.", e);
|
||||
}
|
||||
return false;
|
||||
|
|
@ -103,11 +102,9 @@ public class HealthController {
|
|||
try {
|
||||
apiCommands.metrics(request);
|
||||
return true;
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
LOGGER.error("Naming health check fail.", e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,15 +20,21 @@ import com.alibaba.nacos.auth.annotation.Secured;
|
|||
import com.alibaba.nacos.auth.common.ActionTypes;
|
||||
import com.alibaba.nacos.common.model.RestResult;
|
||||
import com.alibaba.nacos.common.model.RestResultUtils;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.config.server.model.TenantInfo;
|
||||
import com.alibaba.nacos.config.server.service.repository.PersistService;
|
||||
import com.alibaba.nacos.enums.NamespaceTypeEnum;
|
||||
import com.alibaba.nacos.model.Namespace;
|
||||
import com.alibaba.nacos.model.NamespaceAllInfo;
|
||||
import com.alibaba.nacos.security.nacos.NacosAuthConfig;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
|
@ -69,6 +75,7 @@ public class NamespaceController {
|
|||
|
||||
/**
|
||||
* Get namespace list.
|
||||
*
|
||||
* @param request request
|
||||
* @param response response
|
||||
* @return namespace list
|
||||
|
|
@ -77,8 +84,8 @@ public class NamespaceController {
|
|||
public RestResult<List<Namespace>> getNamespaces(HttpServletRequest request, HttpServletResponse response) {
|
||||
// TODO 获取用kp
|
||||
List<TenantInfo> tenantInfos = persistService.findTenantByKp(DEFAULT_KP);
|
||||
Namespace namespace0 = new Namespace("", DEFAULT_NAMESPACE, DEFAULT_QUOTA,
|
||||
persistService.configInfoCount(DEFAULT_TENANT), NamespaceTypeEnum.GLOBAL.getType());
|
||||
Namespace namespace0 = new Namespace("", DEFAULT_NAMESPACE, DEFAULT_QUOTA, persistService.configInfoCount(DEFAULT_TENANT),
|
||||
NamespaceTypeEnum.GLOBAL.getType());
|
||||
List<Namespace> namespaces = new ArrayList<Namespace>();
|
||||
namespaces.add(namespace0);
|
||||
for (TenantInfo tenantInfo : tenantInfos) {
|
||||
|
|
@ -92,6 +99,7 @@ public class NamespaceController {
|
|||
|
||||
/**
|
||||
* get namespace all info by namespace id.
|
||||
*
|
||||
* @param request request
|
||||
* @param response response
|
||||
* @param namespaceId namespaceId
|
||||
|
|
@ -102,20 +110,19 @@ public class NamespaceController {
|
|||
@RequestParam("namespaceId") String namespaceId) {
|
||||
// TODO 获取用kp
|
||||
if (StringUtils.isBlank(namespaceId)) {
|
||||
return new NamespaceAllInfo(namespaceId, DEFAULT_NAMESPACE_SHOW_NAME, DEFAULT_QUOTA,
|
||||
persistService.configInfoCount(DEFAULT_TENANT), NamespaceTypeEnum.GLOBAL.getType(),
|
||||
DEFAULT_NAMESPACE_DESCRIPTION);
|
||||
}
|
||||
else {
|
||||
return new NamespaceAllInfo(namespaceId, DEFAULT_NAMESPACE_SHOW_NAME, DEFAULT_QUOTA, persistService.configInfoCount(DEFAULT_TENANT),
|
||||
NamespaceTypeEnum.GLOBAL.getType(), DEFAULT_NAMESPACE_DESCRIPTION);
|
||||
} else {
|
||||
TenantInfo tenantInfo = persistService.findTenantByKp(DEFAULT_KP, namespaceId);
|
||||
int configCount = persistService.configInfoCount(namespaceId);
|
||||
return new NamespaceAllInfo(namespaceId, tenantInfo.getTenantName(), DEFAULT_QUOTA, configCount,
|
||||
NamespaceTypeEnum.CUSTOM.getType(), tenantInfo.getTenantDesc());
|
||||
return new NamespaceAllInfo(namespaceId, tenantInfo.getTenantName(), DEFAULT_QUOTA, configCount, NamespaceTypeEnum.CUSTOM.getType(),
|
||||
tenantInfo.getTenantDesc());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* create namespace.
|
||||
*
|
||||
* @param request request
|
||||
* @param response response
|
||||
* @param namespaceName namespace Name
|
||||
|
|
@ -130,8 +137,7 @@ public class NamespaceController {
|
|||
// TODO 获取用kp
|
||||
if (StringUtils.isBlank(namespaceId)) {
|
||||
namespaceId = UUID.randomUUID().toString();
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
namespaceId = namespaceId.trim();
|
||||
if (!namespaceIdCheckPattern.matcher(namespaceId).matches()) {
|
||||
return false;
|
||||
|
|
@ -143,13 +149,14 @@ public class NamespaceController {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
persistService.insertTenantInfoAtomic(DEFAULT_KP, namespaceId, namespaceName, namespaceDesc,
|
||||
DEFAULT_CREATE_SOURCE, System.currentTimeMillis());
|
||||
persistService.insertTenantInfoAtomic(DEFAULT_KP, namespaceId, namespaceName, namespaceDesc, DEFAULT_CREATE_SOURCE,
|
||||
System.currentTimeMillis());
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* check namespaceId exist.
|
||||
*
|
||||
* @param namespaceId namespace id
|
||||
* @return true if exist, otherwise false
|
||||
*/
|
||||
|
|
@ -163,6 +170,7 @@ public class NamespaceController {
|
|||
|
||||
/**
|
||||
* edit namespace.
|
||||
*
|
||||
* @param namespace namespace
|
||||
* @param namespaceShowName namespace ShowName
|
||||
* @param namespaceDesc namespace Desc
|
||||
|
|
@ -180,6 +188,7 @@ public class NamespaceController {
|
|||
|
||||
/**
|
||||
* del namespace by id.
|
||||
*
|
||||
* @param request request
|
||||
* @param response response
|
||||
* @param namespaceId namespace Id
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ package com.alibaba.nacos.controller;
|
|||
import com.alibaba.nacos.auth.annotation.Secured;
|
||||
import com.alibaba.nacos.auth.common.ActionTypes;
|
||||
import com.alibaba.nacos.common.model.RestResultUtils;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.security.nacos.NacosAuthConfig;
|
||||
import com.alibaba.nacos.security.nacos.roles.NacosRoleServiceImpl;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
|
|
@ -45,6 +45,7 @@ public class PermissionController {
|
|||
|
||||
/**
|
||||
* Query permissions of a role.
|
||||
*
|
||||
* @param role the role
|
||||
* @param pageNo page index
|
||||
* @param pageSize page size
|
||||
|
|
@ -59,6 +60,7 @@ public class PermissionController {
|
|||
|
||||
/**
|
||||
* Add a permission to a role.
|
||||
*
|
||||
* @param role the role
|
||||
* @param resource the related resource
|
||||
* @param action the related action
|
||||
|
|
@ -73,6 +75,7 @@ public class PermissionController {
|
|||
|
||||
/**
|
||||
* Delete a permission from a role.
|
||||
*
|
||||
* @param role the role
|
||||
* @param resource the related resource
|
||||
* @param action the related action
|
||||
|
|
@ -85,5 +88,4 @@ public class PermissionController {
|
|||
nacosRoleService.deletePermission(role, resource, action);
|
||||
return RestResultUtils.success("delete permission ok!");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ package com.alibaba.nacos.controller;
|
|||
import com.alibaba.nacos.auth.annotation.Secured;
|
||||
import com.alibaba.nacos.auth.common.ActionTypes;
|
||||
import com.alibaba.nacos.common.model.RestResultUtils;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.security.nacos.NacosAuthConfig;
|
||||
import com.alibaba.nacos.security.nacos.roles.NacosRoleServiceImpl;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
|
|
@ -47,6 +47,7 @@ public class RoleController {
|
|||
|
||||
/**
|
||||
* Get roles list.
|
||||
*
|
||||
* @param pageNo number index of page
|
||||
* @param pageSize page size
|
||||
* @param username optional, username of user
|
||||
|
|
@ -61,6 +62,7 @@ public class RoleController {
|
|||
|
||||
/**
|
||||
* Fuzzy matching role name .
|
||||
*
|
||||
* @param role role id
|
||||
* @return role list
|
||||
*/
|
||||
|
|
@ -73,9 +75,8 @@ public class RoleController {
|
|||
/**
|
||||
* Add a role to a user
|
||||
*
|
||||
* <p>
|
||||
* This method is used for 2 functions: 1. create a role and bind it to GLOBAL_ADMIN.
|
||||
* 2. bind a role to an user.
|
||||
* <p>This method is used for 2 functions: 1. create a role and bind it to GLOBAL_ADMIN. 2. bind a role to an user.
|
||||
*
|
||||
* @param role role name
|
||||
* @param username username
|
||||
* @return Code 200 and message 'add role ok!'
|
||||
|
|
@ -89,6 +90,7 @@ public class RoleController {
|
|||
|
||||
/**
|
||||
* Delete a role. If no username is specified, all users under this role are deleted.
|
||||
*
|
||||
* @param role role
|
||||
* @param username username
|
||||
* @return ok if succeed
|
||||
|
|
@ -99,8 +101,7 @@ public class RoleController {
|
|||
@RequestParam(name = "username", defaultValue = StringUtils.EMPTY) String username) {
|
||||
if (StringUtils.isBlank(username)) {
|
||||
roleService.deleteRole(role);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
roleService.deleteRole(role, username);
|
||||
}
|
||||
return RestResultUtils.success("delete role of user " + username + " ok!");
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ public class ServerStateController {
|
|||
|
||||
/**
|
||||
* Get server state of current server.
|
||||
*
|
||||
* @return state json.
|
||||
*/
|
||||
@GetMapping("/state")
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import com.alibaba.nacos.auth.exception.AccessException;
|
|||
import com.alibaba.nacos.common.model.RestResult;
|
||||
import com.alibaba.nacos.common.model.RestResultUtils;
|
||||
import com.alibaba.nacos.common.utils.JacksonUtils;
|
||||
import com.alibaba.nacos.common.utils.Objects;
|
||||
import com.alibaba.nacos.config.server.auth.RoleInfo;
|
||||
import com.alibaba.nacos.config.server.model.User;
|
||||
import com.alibaba.nacos.config.server.utils.RequestUtil;
|
||||
|
|
@ -57,6 +56,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* User related methods entry.
|
||||
|
|
@ -88,6 +88,7 @@ public class UserController {
|
|||
|
||||
/**
|
||||
* Create a new user.
|
||||
*
|
||||
* @param username username
|
||||
* @param password password
|
||||
* @return ok if create succeed
|
||||
|
|
@ -108,6 +109,7 @@ public class UserController {
|
|||
|
||||
/**
|
||||
* Delete an existed user.
|
||||
*
|
||||
* @param username username of user
|
||||
* @return ok if deleted succeed, keep silent if user not exist
|
||||
* @since 1.2.0
|
||||
|
|
@ -129,6 +131,7 @@ public class UserController {
|
|||
|
||||
/**
|
||||
* Update an user.
|
||||
*
|
||||
* @param username username of user
|
||||
* @param newPassword new password of user
|
||||
* @param response http response
|
||||
|
|
@ -175,6 +178,7 @@ public class UserController {
|
|||
|
||||
/**
|
||||
* Get paged users.
|
||||
*
|
||||
* @param pageNo number index of page
|
||||
* @param pageSize size of page
|
||||
* @return A collection of users, empty set if no user is found
|
||||
|
|
@ -189,8 +193,8 @@ public class UserController {
|
|||
/**
|
||||
* Login to Nacos
|
||||
*
|
||||
* <p>
|
||||
* This methods uses username and password to require a new token.
|
||||
* <p>This methods uses username and password to require a new token.
|
||||
*
|
||||
* @param username username of user
|
||||
* @param password password
|
||||
* @param response http response
|
||||
|
|
@ -202,8 +206,8 @@ public class UserController {
|
|||
public Object login(@RequestParam String username, @RequestParam String password, HttpServletResponse response,
|
||||
HttpServletRequest request) throws AccessException {
|
||||
|
||||
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())
|
||||
|| AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType()) || AuthSystemTypes.LDAP
|
||||
.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
NacosUser user = (NacosUser) authManager.login(request);
|
||||
|
||||
response.addHeader(NacosAuthConfig.AUTHORIZATION_HEADER, NacosAuthConfig.TOKEN_PREFIX + user.getToken());
|
||||
|
|
@ -216,14 +220,12 @@ public class UserController {
|
|||
return result;
|
||||
}
|
||||
|
||||
// create Authentication class through username and password, the implement class
|
||||
// is UsernamePasswordAuthenticationToken
|
||||
// create Authentication class through username and password, the implement class is UsernamePasswordAuthenticationToken
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username,
|
||||
password);
|
||||
|
||||
try {
|
||||
// use the method authenticate of AuthenticationManager(default implement is
|
||||
// ProviderManager) to valid Authentication
|
||||
// use the method authenticate of AuthenticationManager(default implement is ProviderManager) to valid Authentication
|
||||
Authentication authentication = authenticationManager.authenticate(authenticationToken);
|
||||
// bind SecurityContext to Authentication
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
|
|
@ -232,18 +234,17 @@ public class UserController {
|
|||
// write Token to Http header
|
||||
response.addHeader(NacosAuthConfig.AUTHORIZATION_HEADER, "Bearer " + token);
|
||||
return RestResultUtils.success("Bearer " + token);
|
||||
}
|
||||
catch (BadCredentialsException authentication) {
|
||||
} catch (BadCredentialsException authentication) {
|
||||
return RestResultUtils.failed(HttpStatus.UNAUTHORIZED.value(), null, "Login failed");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update password.
|
||||
*
|
||||
* @param oldPassword old password
|
||||
* @param newPassword new password
|
||||
* @return Code 200 if update successfully, Code 401 if old password invalid,
|
||||
* otherwise 500
|
||||
* @return Code 200 if update successfully, Code 401 if old password invalid, otherwise 500
|
||||
*/
|
||||
@PutMapping("/password")
|
||||
@Deprecated
|
||||
|
|
@ -261,14 +262,15 @@ public class UserController {
|
|||
return RestResultUtils.success("Update password success");
|
||||
}
|
||||
return RestResultUtils.failed(HttpStatus.UNAUTHORIZED.value(), "Old password is invalid");
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
return RestResultUtils.failed(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Update userpassword failed");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Fuzzy matching username.
|
||||
*
|
||||
* @param username username
|
||||
* @return Matched username
|
||||
*/
|
||||
|
|
@ -277,5 +279,4 @@ public class UserController {
|
|||
public List<String> searchUsersLikeUsername(@RequestParam String username) {
|
||||
return userDetailsService.findUserLikeUsername(username);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@
|
|||
package com.alibaba.nacos.enums;
|
||||
|
||||
/**
|
||||
* the enum of namespace. 0 : Global configuration, 1 : Default private namespace ,2 :
|
||||
* Custom namespace.
|
||||
* the enum of namespace.
|
||||
* 0 : Global configuration, 1 : Default private namespace ,2 : Custom namespace.
|
||||
*
|
||||
* @author chenglu
|
||||
* @date 2021-05-25 17:01
|
||||
|
|
@ -62,5 +62,4 @@ public enum NamespaceTypeEnum {
|
|||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,5 +51,4 @@ public class ConsoleExceptionHandler {
|
|||
LOGGER.error("CONSOLE", e);
|
||||
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ExceptionUtil.getAllExceptionMsg(e));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@
|
|||
package com.alibaba.nacos.filter;
|
||||
|
||||
import com.alibaba.nacos.api.common.Constants;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.security.nacos.JwtTokenManager;
|
||||
import com.alibaba.nacos.security.nacos.NacosAuthConfig;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
|
@ -73,5 +73,4 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
|||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,5 +43,4 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||
LOGGER.error("Responding with unauthorized error. Message:{}, url:{}", e.getMessage(), request.getRequestURI());
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ public class JwtTokenManager {
|
|||
|
||||
/**
|
||||
* Create token.
|
||||
*
|
||||
* @param authentication auth info
|
||||
* @return token
|
||||
*/
|
||||
|
|
@ -57,6 +58,7 @@ public class JwtTokenManager {
|
|||
|
||||
/**
|
||||
* Create token.
|
||||
*
|
||||
* @param userName auth info
|
||||
* @return token
|
||||
*/
|
||||
|
|
@ -74,6 +76,7 @@ public class JwtTokenManager {
|
|||
|
||||
/**
|
||||
* Get auth Info.
|
||||
*
|
||||
* @param token token
|
||||
* @return auth info
|
||||
*/
|
||||
|
|
@ -90,6 +93,7 @@ public class JwtTokenManager {
|
|||
|
||||
/**
|
||||
* validate token.
|
||||
*
|
||||
* @param token token
|
||||
*/
|
||||
public void validateToken(String token) {
|
||||
|
|
|
|||
|
|
@ -89,8 +89,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
|
|||
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
|
||||
if (PasswordEncoderUtil.matches(password, userDetails.getPassword())) {
|
||||
return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
@ -102,8 +101,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
|
|||
UserDetails userDetails;
|
||||
try {
|
||||
userDetails = userDetailsService.loadUserByUsername(LDAP_PREFIX + username);
|
||||
}
|
||||
catch (UsernameNotFoundException exception) {
|
||||
} catch (UsernameNotFoundException exception) {
|
||||
String nacosPassword = PasswordEncoderUtil.encode(DEFAULT_PASSWORD);
|
||||
userDetailsService.createUser(LDAP_PREFIX + username, nacosPassword);
|
||||
User user = new User();
|
||||
|
|
@ -139,15 +137,16 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
|
|||
LdapContext ctx = null;
|
||||
try {
|
||||
ctx = new InitialLdapContext(env, null);
|
||||
}
|
||||
catch (CommunicationException e) {
|
||||
} catch (CommunicationException e) {
|
||||
LOG.error("LDAP Service connect timeout:{}", e.getMessage());
|
||||
throw new RuntimeException("LDAP Service connect timeout");
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (javax.naming.AuthenticationException e) {
|
||||
LOG.error("login error:{}", e.getMessage());
|
||||
throw new RuntimeException("login error!");
|
||||
} catch (Exception e) {
|
||||
LOG.warn("Exception cause by:{}", e.getMessage());
|
||||
return false;
|
||||
}
|
||||
finally {
|
||||
} finally {
|
||||
closeContext(ctx);
|
||||
}
|
||||
return true;
|
||||
|
|
@ -162,11 +161,9 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
|
|||
if (ctx != null) {
|
||||
try {
|
||||
ctx.close();
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
LOG.error("Exception closing context", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ package com.alibaba.nacos.security.nacos;
|
|||
|
||||
import com.alibaba.nacos.auth.common.AuthConfigs;
|
||||
import com.alibaba.nacos.auth.common.AuthSystemTypes;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.filter.JwtAuthenticationTokenFilter;
|
||||
import com.alibaba.nacos.security.nacos.users.NacosUserDetailsServiceImpl;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.core.env.Environment;
|
||||
|
|
@ -90,8 +90,7 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
|
|||
String ignoreUrls = null;
|
||||
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
|
||||
}
|
||||
else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
} else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
|
||||
}
|
||||
if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
|
||||
|
|
@ -108,8 +107,7 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
|
|||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
|
||||
}
|
||||
else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
} else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
|
||||
auth.authenticationProvider(ldapAuthenticationProvider);
|
||||
}
|
||||
}
|
||||
|
|
@ -119,11 +117,11 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
|
|||
|
||||
if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
|
||||
http.csrf().disable().cors()// We don't need CSRF for JWT based authentication
|
||||
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||
.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
|
||||
.antMatchers(LOGIN_ENTRY_POINT).permitAll().and().authorizeRequests()
|
||||
.antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated().and().exceptionHandling()
|
||||
.authenticationEntryPoint(new JwtAuthenticationEntryPoint());
|
||||
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
.and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
|
||||
.antMatchers(LOGIN_ENTRY_POINT).permitAll()
|
||||
.and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated()
|
||||
.and().exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint());
|
||||
// disable cache
|
||||
http.headers().cacheControl();
|
||||
|
||||
|
|
|
|||
|
|
@ -22,13 +22,13 @@ import com.alibaba.nacos.auth.AuthManager;
|
|||
import com.alibaba.nacos.auth.exception.AccessException;
|
||||
import com.alibaba.nacos.auth.model.Permission;
|
||||
import com.alibaba.nacos.auth.model.User;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.config.server.auth.RoleInfo;
|
||||
import com.alibaba.nacos.config.server.utils.RequestUtil;
|
||||
import com.alibaba.nacos.core.utils.Loggers;
|
||||
import com.alibaba.nacos.security.nacos.roles.NacosRoleServiceImpl;
|
||||
import com.alibaba.nacos.security.nacos.users.NacosUser;
|
||||
import io.jsonwebtoken.ExpiredJwtException;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
|
|
@ -74,11 +74,9 @@ public class NacosAuthManager implements AuthManager {
|
|||
|
||||
try {
|
||||
tokenManager.validateToken(token);
|
||||
}
|
||||
catch (ExpiredJwtException e) {
|
||||
} catch (ExpiredJwtException e) {
|
||||
throw new AccessException("token expired!");
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
throw new AccessException("token invalid!");
|
||||
}
|
||||
|
||||
|
|
@ -112,11 +110,9 @@ public class NacosAuthManager implements AuthManager {
|
|||
|
||||
try {
|
||||
tokenManager.validateToken(token);
|
||||
}
|
||||
catch (ExpiredJwtException e) {
|
||||
} catch (ExpiredJwtException e) {
|
||||
throw new AccessException("token expired!");
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
throw new AccessException("token invalid!");
|
||||
}
|
||||
|
||||
|
|
@ -193,19 +189,16 @@ public class NacosAuthManager implements AuthManager {
|
|||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userName,
|
||||
rawPassword);
|
||||
authenticate = authenticationManager.authenticate(authenticationToken);
|
||||
}
|
||||
catch (AuthenticationException e) {
|
||||
} catch (AuthenticationException e) {
|
||||
throw new AccessException("unknown user!");
|
||||
}
|
||||
|
||||
if (null == authenticate || StringUtils.isBlank(authenticate.getName())) {
|
||||
finalName = userName;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
finalName = authenticate.getName();
|
||||
}
|
||||
|
||||
return tokenManager.createToken(finalName);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,16 +18,16 @@ package com.alibaba.nacos.security.nacos.roles;
|
|||
|
||||
import com.alibaba.nacos.auth.common.AuthConfigs;
|
||||
import com.alibaba.nacos.auth.model.Permission;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.config.server.auth.PermissionInfo;
|
||||
import com.alibaba.nacos.config.server.auth.PermissionPersistService;
|
||||
import com.alibaba.nacos.config.server.auth.RoleInfo;
|
||||
import com.alibaba.nacos.config.server.auth.RolePersistService;
|
||||
import com.alibaba.nacos.config.server.model.Page;
|
||||
import com.alibaba.nacos.core.utils.Loggers;
|
||||
import com.alibaba.nacos.security.nacos.NacosAuthConfig;
|
||||
import com.alibaba.nacos.security.nacos.users.NacosUserDetailsServiceImpl;
|
||||
import com.alibaba.nacos.core.utils.Loggers;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.mina.util.ConcurrentHashSet;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.scheduling.annotation.Scheduled;
|
||||
|
|
@ -75,8 +75,8 @@ public class NacosRoleServiceImpl {
|
|||
@Scheduled(initialDelay = 5000, fixedDelay = 15000)
|
||||
private void reload() {
|
||||
try {
|
||||
Page<RoleInfo> roleInfoPage = rolePersistService.getRolesByUserName(StringUtils.EMPTY, DEFAULT_PAGE_NO,
|
||||
Integer.MAX_VALUE);
|
||||
Page<RoleInfo> roleInfoPage = rolePersistService
|
||||
.getRolesByUserName(StringUtils.EMPTY, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
|
||||
if (roleInfoPage == null) {
|
||||
return;
|
||||
}
|
||||
|
|
@ -92,16 +92,15 @@ public class NacosRoleServiceImpl {
|
|||
|
||||
Map<String, List<PermissionInfo>> tmpPermissionInfoMap = new ConcurrentHashMap<>(16);
|
||||
for (String role : tmpRoleSet) {
|
||||
Page<PermissionInfo> permissionInfoPage = permissionPersistService.getPermissions(role, DEFAULT_PAGE_NO,
|
||||
Integer.MAX_VALUE);
|
||||
Page<PermissionInfo> permissionInfoPage = permissionPersistService
|
||||
.getPermissions(role, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
|
||||
tmpPermissionInfoMap.put(role, permissionInfoPage.getPageItems());
|
||||
}
|
||||
|
||||
roleSet = tmpRoleSet;
|
||||
roleInfoMap = tmpRoleInfoMap;
|
||||
permissionInfoMap = tmpPermissionInfoMap;
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
Loggers.AUTH.warn("[LOAD-ROLES] load failed", e);
|
||||
}
|
||||
}
|
||||
|
|
@ -109,9 +108,9 @@ public class NacosRoleServiceImpl {
|
|||
/**
|
||||
* Determine if the user has permission of the resource.
|
||||
*
|
||||
* <p>
|
||||
* Note if the user has many roles, this method returns true if any one role of the
|
||||
* user has the desired permission.
|
||||
* <p>Note if the user has many roles, this method returns true if any one role of the user has the desired
|
||||
* permission.
|
||||
*
|
||||
* @param username user info
|
||||
* @param permission permission to auth
|
||||
* @return true if granted, false otherwise
|
||||
|
|
@ -148,8 +147,8 @@ public class NacosRoleServiceImpl {
|
|||
for (PermissionInfo permissionInfo : permissionInfoList) {
|
||||
String permissionResource = permissionInfo.getResource().replaceAll("\\*", ".*");
|
||||
String permissionAction = permissionInfo.getAction();
|
||||
if (permissionAction.contains(permission.getAction())
|
||||
&& Pattern.matches(permissionResource, permission.getResource())) {
|
||||
if (permissionAction.contains(permission.getAction()) && Pattern
|
||||
.matches(permissionResource, permission.getResource())) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -159,7 +158,7 @@ public class NacosRoleServiceImpl {
|
|||
|
||||
public List<RoleInfo> getRoles(String username) {
|
||||
List<RoleInfo> roleInfoList = roleInfoMap.get(username);
|
||||
if (!authConfigs.isCachingEnabled()) {
|
||||
if (!authConfigs.isCachingEnabled() || roleInfoList == null) {
|
||||
Page<RoleInfo> roleInfoPage = getRolesFromDatabase(username, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
|
||||
if (roleInfoPage != null) {
|
||||
roleInfoList = roleInfoPage.getPageItems();
|
||||
|
|
@ -178,9 +177,8 @@ public class NacosRoleServiceImpl {
|
|||
|
||||
public List<PermissionInfo> getPermissions(String role) {
|
||||
List<PermissionInfo> permissionInfoList = permissionInfoMap.get(role);
|
||||
if (!authConfigs.isCachingEnabled()) {
|
||||
Page<PermissionInfo> permissionInfoPage = getPermissionsFromDatabase(role, DEFAULT_PAGE_NO,
|
||||
Integer.MAX_VALUE);
|
||||
if (!authConfigs.isCachingEnabled() || permissionInfoList == null) {
|
||||
Page<PermissionInfo> permissionInfoPage = getPermissionsFromDatabase(role, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
|
||||
if (permissionInfoPage != null) {
|
||||
permissionInfoList = permissionInfoPage.getPageItems();
|
||||
}
|
||||
|
|
@ -194,6 +192,7 @@ public class NacosRoleServiceImpl {
|
|||
|
||||
/**
|
||||
* Add role.
|
||||
*
|
||||
* @param role role name
|
||||
* @param username user name
|
||||
*/
|
||||
|
|
@ -227,6 +226,7 @@ public class NacosRoleServiceImpl {
|
|||
|
||||
/**
|
||||
* Add permission.
|
||||
*
|
||||
* @param role role name
|
||||
* @param resource resource
|
||||
* @param action action
|
||||
|
|
@ -245,5 +245,4 @@ public class NacosRoleServiceImpl {
|
|||
public List<String> findRolesLikeRoleName(String role) {
|
||||
return rolePersistService.findRolesLikeRoleName(role);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,5 +50,4 @@ public class NacosUser extends User {
|
|||
public String toString() {
|
||||
return "NacosUser{" + "token='" + token + '\'' + ", globalAdmin=" + globalAdmin + '}';
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,5 +71,4 @@ public class NacosUserDetails implements UserDetails {
|
|||
public boolean isEnabled() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ import java.util.Map;
|
|||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* Custem user service.
|
||||
* Custom user service.
|
||||
*
|
||||
* @author wfnuser
|
||||
* @author nkorange
|
||||
|
|
@ -62,8 +62,7 @@ public class NacosUserDetailsServiceImpl implements UserDetailsService {
|
|||
map.put(user.getUsername(), user);
|
||||
}
|
||||
userMap = map;
|
||||
}
|
||||
catch (Exception e) {
|
||||
} catch (Exception e) {
|
||||
Loggers.AUTH.warn("[LOAD-USERS] load failed", e);
|
||||
}
|
||||
}
|
||||
|
|
@ -92,7 +91,7 @@ public class NacosUserDetailsServiceImpl implements UserDetailsService {
|
|||
|
||||
public User getUser(String username) {
|
||||
User user = userMap.get(username);
|
||||
if (!authConfigs.isCachingEnabled()) {
|
||||
if (!authConfigs.isCachingEnabled() || user == null) {
|
||||
user = getUserFromDatabase(username);
|
||||
}
|
||||
return user;
|
||||
|
|
@ -113,5 +112,4 @@ public class NacosUserDetailsServiceImpl implements UserDetailsService {
|
|||
public void deleteUser(String username) {
|
||||
userPersistService.deleteUser(username);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,5 +32,4 @@ public class PasswordEncoderUtil {
|
|||
public static String encode(String raw) {
|
||||
return new BCryptPasswordEncoder().encode(raw);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -172,7 +172,7 @@
|
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/.new-config-form{margin-top:36px}.more-item.hide{display:none}
|
||||
*/.new-config-form{margin-top:36px}
|
||||
|
||||
/*!
|
||||
* Copyright 1999-2018 Alibaba Group Holding Ltd.
|
||||
|
|
@ -220,7 +220,7 @@
|
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/.button-list{text-align:right}.button-list button{margin-left:1em;font-size:14px}.editor-full-screen{width:100%;height:100%;position:fixed;top:0;left:0;z-index:100}.editor-normal{clear:both;height:300px}
|
||||
*/.button-list{text-align:right}.button-list button{margin-left:1em;font-size:14px}.editor-full-screen{width:100%;height:100%;position:fixed;top:0;left:0;z-index:100}.editor-normal{clear:both}.more-item.hide{display:none}
|
||||
|
||||
/*!
|
||||
* Copyright 1999-2018 Alibaba Group Holding Ltd.
|
||||
|
|
@ -236,7 +236,7 @@
|
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/.config-editor{padding:10px}.config-editor .func-title{overflow:hidden;height:50px;width:100%;font-weight:500;margin-bottom:9px;font-size:18px;line-height:36px;color:#73777a}.config-editor .form{display:table}.config-editor .form .next-form-item{display:table-row}.config-editor .form .next-form-item .next-form-item-label{white-space:nowrap;word-break:keep-all}.config-editor .form .next-form-item .next-form-item-control,.config-editor .form .next-form-item .next-select{width:100%}.config-editor .form .next-form-item .next-form-item-control,.config-editor .form .next-form-item .next-form-item-label{display:table-cell}.config-editor .form .next-form-item-control{padding-bottom:12px}.config-editor .form .next-checkbox-label{color:#73777a;font-weight:400}.config-editor .form .next-radio-label{color:#73777a}.config-editor .form .switch{color:#33cde5;cursor:pointer;user-select:none}.config-editor .form .help-label>*{display:inline-block}.config-editor .form .help-label>i{color:#1dc11d;margin:0 .25em}.config-editor .button-list{text-align:right}.config-editor .button-list button{margin-left:1em;font-size:14px}.config-editor .editor-full-screen{width:100%;height:100%;position:fixed;top:0;left:0;z-index:100}.config-editor .editor-normal{clear:both;height:300px}
|
||||
*/.config-editor{padding:10px}.config-editor .func-title{overflow:hidden;height:50px;width:100%;font-weight:500;margin-bottom:9px;font-size:18px;line-height:36px;color:#73777a}.config-editor .form{display:table}.config-editor .form .next-form-item{display:table-row}.config-editor .form .next-form-item .next-form-item-label{white-space:nowrap;word-break:keep-all}.config-editor .form .next-form-item .next-form-item-control,.config-editor .form .next-form-item .next-select{width:100%}.config-editor .form .next-form-item .next-form-item-control,.config-editor .form .next-form-item .next-form-item-label{display:table-cell}.config-editor .form .next-form-item-control{padding-bottom:12px}.config-editor .form .next-checkbox-label{color:#73777a;font-weight:400}.config-editor .form .next-radio-label{color:#73777a}.config-editor .form .switch{color:#33cde5;cursor:pointer;user-select:none}.config-editor .form .help-label>*{display:inline-block}.config-editor .form .help-label>i{color:#1dc11d;margin:0 .25em}.config-editor .button-list{text-align:right}.config-editor .button-list button{margin-left:1em;font-size:14px}.config-editor .editor-full-screen{width:100%;height:100%;position:fixed;top:0;left:0;z-index:100}.config-editor .editor-normal{clear:both}
|
||||
|
||||
/*!
|
||||
* Copyright 1999-2018 Alibaba Group Holding Ltd.
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue