From d54070a5af3dd5e0dadd9cabd50bee060419dd62 Mon Sep 17 00:00:00 2001 From: lizhuodong <2205553696@qq.com> Date: Wed, 3 Jul 2024 16:23:55 +0800 Subject: [PATCH 1/4] fix console ui accessToken in url --- .../auth/AbstractProtocolAuthService.java | 4 ++-- .../nacos/auth/ProtocolAuthService.java | 3 ++- .../auth/GrpcProtocolAuthServiceTest.java | 4 ++-- .../auth/HttpProtocolAuthServiceTest.java | 4 ++-- .../nacos/auth/mock/MockAuthPluginService.java | 7 ++++++- console-ui/src/globalLib.js | 6 ++++-- .../alibaba/nacos/core/auth/AuthFilter.java | 5 ++++- .../core/auth/RemoteRequestAuthFilter.java | 5 ++++- .../plugin/auth/impl/NacosAuthManager.java | 4 ++++ .../auth/impl/NacosAuthPluginService.java | 18 +++++++++++++----- .../AbstractAuthenticationManager.java | 4 +++- .../filter/JwtAuthenticationTokenFilter.java | 3 +++ .../auth/spi/server/AuthPluginService.java | 11 +++++++++++ .../auth/spi/mock/MockAuthPluginService.java | 7 ++++++- .../mock/MockEmptyNameAuthPluginService.java | 7 ++++++- 15 files changed, 72 insertions(+), 20 deletions(-) diff --git a/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java b/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java index 27f472dc7df..73166ed0d58 100644 --- a/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java @@ -58,11 +58,11 @@ public boolean enableAuth(Secured secured) { } @Override - public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { + public boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException { Optional authPluginService = AuthPluginManager.getInstance() .findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType()); if (authPluginService.isPresent()) { - return authPluginService.get().validateIdentity(identityContext, resource); + return authPluginService.get().validateIdentityInHeader(identityContext, resource,token); } return true; } diff --git a/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java b/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java index 0815db4d224..f1ef24a7801 100644 --- a/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java @@ -71,10 +71,11 @@ public interface ProtocolAuthService { * * @param identityContext identity context * @param resource resource + * @param token token in header * @return {@code true} if legal, otherwise {@code false} * @throws AccessException exception during validating */ - boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException; + boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException; /** * Validate identity whether had permission for the resource and action. diff --git a/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java index 490fb6132c7..05f9de4bd73 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java @@ -129,14 +129,14 @@ void testParseIdentity() { @Test void testValidateIdentityWithoutPlugin() throws AccessException { IdentityContext identityContext = new IdentityContext(); - assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); + assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); } @Test void testValidateIdentityWithPlugin() throws AccessException { Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN); IdentityContext identityContext = new IdentityContext(); - assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); + assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); } @Test diff --git a/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java index a07048e5dc8..0aaa777c6b8 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java @@ -123,14 +123,14 @@ void testParseIdentity() { @Test void testValidateIdentityWithoutPlugin() throws AccessException { IdentityContext identityContext = new IdentityContext(); - assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); + assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); } @Test void testValidateIdentityWithPlugin() throws AccessException { Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN); IdentityContext identityContext = new IdentityContext(); - assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); + assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); } @Test diff --git a/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java b/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java index 73f74631e8b..ce6eadd6a12 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java @@ -46,7 +46,12 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - + + @Override + public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { + return false; + } + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) { return false; diff --git a/console-ui/src/globalLib.js b/console-ui/src/globalLib.js index c2542702ddf..77e9525e6f2 100644 --- a/console-ui/src/globalLib.js +++ b/console-ui/src/globalLib.js @@ -525,8 +525,9 @@ const request = (function(_global) { console.log('Token Error', localStorage.token, e); goLogin(); } - const { accessToken = '' } = token; - params.push(`accessToken=${accessToken}`); + // fix accessToken in url + //const { accessToken = '' } = token; + //params.push(`accessToken=${accessToken}`); } return $.ajax( @@ -540,6 +541,7 @@ const request = (function(_global) { }, headers: { Authorization: localStorage.getItem('token'), + accessToken: accessToken, }, }) ).then( diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java index 55c00f9852e..216647739ea 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java @@ -40,6 +40,8 @@ import java.io.IOException; import java.lang.reflect.Method; +import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN; + /** * Unified filter to handle authentication and authorization. * @@ -117,9 +119,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha chain.doFilter(request, response); return; } + String token = req.getHeader(ACCESS_TOKEN); Resource resource = protocolAuthService.parseResource(req, secured); IdentityContext identityContext = protocolAuthService.parseIdentity(req); - boolean result = protocolAuthService.validateIdentity(identityContext, resource); + boolean result = protocolAuthService.validateIdentity(identityContext, resource,token); if (!result) { // TODO Get reason of failure throw new AccessException("Validate Identity failed."); diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java index ad9a250b01c..4d3a6116a83 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java @@ -35,6 +35,8 @@ import java.lang.reflect.Method; +import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN; + /** * request auth filter for remote. * @@ -72,9 +74,10 @@ public Response filter(Request request, RequestMeta meta, Class handlerClazz) th } String clientIp = meta.getClientIp(); request.putHeader(Constants.Identity.X_REAL_IP, clientIp); + String token = request.getHeader(ACCESS_TOKEN); Resource resource = protocolAuthService.parseResource(request, secured); IdentityContext identityContext = protocolAuthService.parseIdentity(request); - boolean result = protocolAuthService.validateIdentity(identityContext, resource); + boolean result = protocolAuthService.validateIdentity(identityContext, resource,token); if (!result) { // TODO Get reason of failure throw new AccessException("Validate Identity failed."); diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java index 8ecc5411464..66aab7f4892 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java @@ -103,6 +103,9 @@ private String resolveToken(HttpServletRequest request) throws AccessException { return bearerToken.substring(7); } bearerToken = request.getParameter(Constants.ACCESS_TOKEN); + if(StringUtils.isBlank(bearerToken)){ + bearerToken = request.getHeader(Constants.ACCESS_TOKEN); + } if (StringUtils.isBlank(bearerToken)) { String userName = request.getParameter(AuthConstants.PARAM_USERNAME); String password = request.getParameter(AuthConstants.PARAM_PASSWORD); @@ -118,6 +121,7 @@ private String resolveToken(IdentityContext identityContext) throws AccessExcept return bearerToken.substring(7); } bearerToken = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); + if (StringUtils.isBlank(bearerToken)) { String userName = (String) identityContext.getParameter(AuthConstants.PARAM_USERNAME); String password = (String) identityContext.getParameter(AuthConstants.PARAM_PASSWORD); diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java index 0332ba729b0..c7b120af3fa 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java @@ -67,11 +67,16 @@ public boolean enableAuth(ActionTypes action, String type) { // enable all of action and type return true; } - + @Override public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { + return false; + } + + @Override + public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInhead) throws AccessException { checkNacosAuthManager(); - String token = resolveToken(identityContext); + String token = resolveToken(identityContext,tokenInhead); NacosUser nacosUser; if (StringUtils.isNotBlank(token)) { nacosUser = authenticationManager.authenticate(token); @@ -86,13 +91,16 @@ public boolean validateIdentity(IdentityContext identityContext, Resource resour return true; } - private String resolveToken(IdentityContext identityContext) { + private String resolveToken(IdentityContext identityContext,String token) { String bearerToken = identityContext.getParameter(AuthConstants.AUTHORIZATION_HEADER, StringUtils.EMPTY); if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(AuthConstants.TOKEN_PREFIX)) { return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length()); } - - return identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); + String result = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); + if(result.equals(StringUtils.EMPTY)){ + return token; + } + return result; } @Override diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java index beeb183de65..5eae341def7 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java @@ -111,7 +111,9 @@ private String resolveToken(HttpServletRequest request) { return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length()); } bearerToken = request.getParameter(Constants.ACCESS_TOKEN); - + if(StringUtils.isBlank(bearerToken)){ + bearerToken = request.getHeader(Constants.ACCESS_TOKEN); + } return bearerToken; } diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java index 8ec6b16efa0..66f9e5ae6a2 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java @@ -72,6 +72,9 @@ private String resolveToken(HttpServletRequest request) { return bearerToken.substring(TOKEN_PREFIX.length()); } String jwt = request.getParameter(Constants.ACCESS_TOKEN); + if(StringUtils.isBlank(jwt)){ + jwt = request.getHeader(Constants.ACCESS_TOKEN); + } if (StringUtils.isNotBlank(jwt)) { return jwt; } diff --git a/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java index 93b4ef24cd3..868e4670ebe 100644 --- a/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java @@ -57,6 +57,17 @@ public interface AuthPluginService { * @throws AccessException if authentication is failed */ boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException; + + /** + * To validate whether the identity context from request is legal or illegal. + * + * @param identityContext where we can find the user information + * @param resource resource about this user information + * @param tokenInHeader token in header + * @return {@code true} if legal, otherwise {@code false} + * @throws AccessException if authentication is failed + */ + boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInHeader) throws AccessException; /** * Validate the identity whether has the resource authority. diff --git a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java index 6d3300acc18..8ad50a1a37c 100644 --- a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java +++ b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java @@ -47,7 +47,12 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - + + @Override + public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { + return false; + } + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException { return false; diff --git a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java index 40864e53af4..2adb04a7195 100644 --- a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java +++ b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java @@ -46,7 +46,12 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - + + @Override + public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { + return false; + } + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException { return false; From fb02489a45707be44f24a8995e3718068a64f97b Mon Sep 17 00:00:00 2001 From: lizhuodong <2205553696@qq.com> Date: Mon, 8 Jul 2024 17:42:15 +0800 Subject: [PATCH 2/4] Revert "fix console ui accessToken in url" This reverts commit d54070a5af3dd5e0dadd9cabd50bee060419dd62. --- .../auth/AbstractProtocolAuthService.java | 4 ++-- .../nacos/auth/ProtocolAuthService.java | 3 +-- .../auth/GrpcProtocolAuthServiceTest.java | 4 ++-- .../auth/HttpProtocolAuthServiceTest.java | 4 ++-- .../nacos/auth/mock/MockAuthPluginService.java | 7 +------ console-ui/src/globalLib.js | 6 ++---- .../alibaba/nacos/core/auth/AuthFilter.java | 5 +---- .../core/auth/RemoteRequestAuthFilter.java | 5 +---- .../plugin/auth/impl/NacosAuthManager.java | 4 ---- .../auth/impl/NacosAuthPluginService.java | 18 +++++------------- .../AbstractAuthenticationManager.java | 4 +--- .../filter/JwtAuthenticationTokenFilter.java | 3 --- .../auth/spi/server/AuthPluginService.java | 11 ----------- .../auth/spi/mock/MockAuthPluginService.java | 7 +------ .../mock/MockEmptyNameAuthPluginService.java | 7 +------ 15 files changed, 20 insertions(+), 72 deletions(-) diff --git a/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java b/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java index 73166ed0d58..27f472dc7df 100644 --- a/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java @@ -58,11 +58,11 @@ public boolean enableAuth(Secured secured) { } @Override - public boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException { + public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { Optional authPluginService = AuthPluginManager.getInstance() .findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType()); if (authPluginService.isPresent()) { - return authPluginService.get().validateIdentityInHeader(identityContext, resource,token); + return authPluginService.get().validateIdentity(identityContext, resource); } return true; } diff --git a/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java b/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java index f1ef24a7801..0815db4d224 100644 --- a/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java @@ -71,11 +71,10 @@ public interface ProtocolAuthService { * * @param identityContext identity context * @param resource resource - * @param token token in header * @return {@code true} if legal, otherwise {@code false} * @throws AccessException exception during validating */ - boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException; + boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException; /** * Validate identity whether had permission for the resource and action. diff --git a/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java index 05f9de4bd73..490fb6132c7 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java @@ -129,14 +129,14 @@ void testParseIdentity() { @Test void testValidateIdentityWithoutPlugin() throws AccessException { IdentityContext identityContext = new IdentityContext(); - assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); + assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); } @Test void testValidateIdentityWithPlugin() throws AccessException { Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN); IdentityContext identityContext = new IdentityContext(); - assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); + assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); } @Test diff --git a/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java index 0aaa777c6b8..a07048e5dc8 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java @@ -123,14 +123,14 @@ void testParseIdentity() { @Test void testValidateIdentityWithoutPlugin() throws AccessException { IdentityContext identityContext = new IdentityContext(); - assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); + assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); } @Test void testValidateIdentityWithPlugin() throws AccessException { Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN); IdentityContext identityContext = new IdentityContext(); - assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,"")); + assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE)); } @Test diff --git a/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java b/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java index ce6eadd6a12..73f74631e8b 100644 --- a/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java +++ b/auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java @@ -46,12 +46,7 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - - @Override - public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { - return false; - } - + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) { return false; diff --git a/console-ui/src/globalLib.js b/console-ui/src/globalLib.js index 77e9525e6f2..c2542702ddf 100644 --- a/console-ui/src/globalLib.js +++ b/console-ui/src/globalLib.js @@ -525,9 +525,8 @@ const request = (function(_global) { console.log('Token Error', localStorage.token, e); goLogin(); } - // fix accessToken in url - //const { accessToken = '' } = token; - //params.push(`accessToken=${accessToken}`); + const { accessToken = '' } = token; + params.push(`accessToken=${accessToken}`); } return $.ajax( @@ -541,7 +540,6 @@ const request = (function(_global) { }, headers: { Authorization: localStorage.getItem('token'), - accessToken: accessToken, }, }) ).then( diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java index 216647739ea..55c00f9852e 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java @@ -40,8 +40,6 @@ import java.io.IOException; import java.lang.reflect.Method; -import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN; - /** * Unified filter to handle authentication and authorization. * @@ -119,10 +117,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha chain.doFilter(request, response); return; } - String token = req.getHeader(ACCESS_TOKEN); Resource resource = protocolAuthService.parseResource(req, secured); IdentityContext identityContext = protocolAuthService.parseIdentity(req); - boolean result = protocolAuthService.validateIdentity(identityContext, resource,token); + boolean result = protocolAuthService.validateIdentity(identityContext, resource); if (!result) { // TODO Get reason of failure throw new AccessException("Validate Identity failed."); diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java index 4d3a6116a83..ad9a250b01c 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java @@ -35,8 +35,6 @@ import java.lang.reflect.Method; -import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN; - /** * request auth filter for remote. * @@ -74,10 +72,9 @@ public Response filter(Request request, RequestMeta meta, Class handlerClazz) th } String clientIp = meta.getClientIp(); request.putHeader(Constants.Identity.X_REAL_IP, clientIp); - String token = request.getHeader(ACCESS_TOKEN); Resource resource = protocolAuthService.parseResource(request, secured); IdentityContext identityContext = protocolAuthService.parseIdentity(request); - boolean result = protocolAuthService.validateIdentity(identityContext, resource,token); + boolean result = protocolAuthService.validateIdentity(identityContext, resource); if (!result) { // TODO Get reason of failure throw new AccessException("Validate Identity failed."); diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java index 66aab7f4892..8ecc5411464 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java @@ -103,9 +103,6 @@ private String resolveToken(HttpServletRequest request) throws AccessException { return bearerToken.substring(7); } bearerToken = request.getParameter(Constants.ACCESS_TOKEN); - if(StringUtils.isBlank(bearerToken)){ - bearerToken = request.getHeader(Constants.ACCESS_TOKEN); - } if (StringUtils.isBlank(bearerToken)) { String userName = request.getParameter(AuthConstants.PARAM_USERNAME); String password = request.getParameter(AuthConstants.PARAM_PASSWORD); @@ -121,7 +118,6 @@ private String resolveToken(IdentityContext identityContext) throws AccessExcept return bearerToken.substring(7); } bearerToken = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); - if (StringUtils.isBlank(bearerToken)) { String userName = (String) identityContext.getParameter(AuthConstants.PARAM_USERNAME); String password = (String) identityContext.getParameter(AuthConstants.PARAM_PASSWORD); diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java index c7b120af3fa..0332ba729b0 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java @@ -67,16 +67,11 @@ public boolean enableAuth(ActionTypes action, String type) { // enable all of action and type return true; } - + @Override public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { - return false; - } - - @Override - public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInhead) throws AccessException { checkNacosAuthManager(); - String token = resolveToken(identityContext,tokenInhead); + String token = resolveToken(identityContext); NacosUser nacosUser; if (StringUtils.isNotBlank(token)) { nacosUser = authenticationManager.authenticate(token); @@ -91,16 +86,13 @@ public boolean validateIdentityInHeader(IdentityContext identityContext, Resourc return true; } - private String resolveToken(IdentityContext identityContext,String token) { + private String resolveToken(IdentityContext identityContext) { String bearerToken = identityContext.getParameter(AuthConstants.AUTHORIZATION_HEADER, StringUtils.EMPTY); if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(AuthConstants.TOKEN_PREFIX)) { return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length()); } - String result = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); - if(result.equals(StringUtils.EMPTY)){ - return token; - } - return result; + + return identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY); } @Override diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java index 5eae341def7..beeb183de65 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java @@ -111,9 +111,7 @@ private String resolveToken(HttpServletRequest request) { return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length()); } bearerToken = request.getParameter(Constants.ACCESS_TOKEN); - if(StringUtils.isBlank(bearerToken)){ - bearerToken = request.getHeader(Constants.ACCESS_TOKEN); - } + return bearerToken; } diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java index 66f9e5ae6a2..8ec6b16efa0 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java @@ -72,9 +72,6 @@ private String resolveToken(HttpServletRequest request) { return bearerToken.substring(TOKEN_PREFIX.length()); } String jwt = request.getParameter(Constants.ACCESS_TOKEN); - if(StringUtils.isBlank(jwt)){ - jwt = request.getHeader(Constants.ACCESS_TOKEN); - } if (StringUtils.isNotBlank(jwt)) { return jwt; } diff --git a/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java index 868e4670ebe..93b4ef24cd3 100644 --- a/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java @@ -57,17 +57,6 @@ public interface AuthPluginService { * @throws AccessException if authentication is failed */ boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException; - - /** - * To validate whether the identity context from request is legal or illegal. - * - * @param identityContext where we can find the user information - * @param resource resource about this user information - * @param tokenInHeader token in header - * @return {@code true} if legal, otherwise {@code false} - * @throws AccessException if authentication is failed - */ - boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInHeader) throws AccessException; /** * Validate the identity whether has the resource authority. diff --git a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java index 8ad50a1a37c..6d3300acc18 100644 --- a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java +++ b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java @@ -47,12 +47,7 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - - @Override - public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { - return false; - } - + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException { return false; diff --git a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java index 2adb04a7195..40864e53af4 100644 --- a/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java +++ b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java @@ -46,12 +46,7 @@ public boolean enableAuth(ActionTypes action, String type) { public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException { return false; } - - @Override - public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException { - return false; - } - + @Override public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException { return false; From a0d641abf7f0282932c3f82b0ecd0b1e6587f514 Mon Sep 17 00:00:00 2001 From: lizhuodong <2205553696@qq.com> Date: Thu, 18 Jul 2024 10:01:56 +0800 Subject: [PATCH 3/4] =?UTF-8?q?recode=20for=20=EF=BC=88fix=20accessToken?= =?UTF-8?q?=20issue=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- console-ui/src/globalLib.js | 4 +- .../nacos/test/base/HttpClient4Test.java | 12 ++++- .../nacos/test/core/auth/AuthBase.java | 46 +++++++++++------- .../test/core/auth/Permission_ITCase.java | 3 +- .../nacos/test/core/auth/Role_ITCase.java | 38 ++++++++++----- .../nacos/test/core/auth/User_ITCase.java | 47 ++++++++++++++----- 6 files changed, 103 insertions(+), 47 deletions(-) diff --git a/console-ui/src/globalLib.js b/console-ui/src/globalLib.js index c2542702ddf..4b3cf48275f 100644 --- a/console-ui/src/globalLib.js +++ b/console-ui/src/globalLib.js @@ -525,8 +525,8 @@ const request = (function(_global) { console.log('Token Error', localStorage.token, e); goLogin(); } - const { accessToken = '' } = token; - params.push(`accessToken=${accessToken}`); + //const { accessToken = '' } = token; + //params.push(`accessToken=${accessToken}`); } return $.ajax( diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/base/HttpClient4Test.java b/test/core-test/src/test/java/com/alibaba/nacos/test/base/HttpClient4Test.java index 31fb3c6fca2..200698e74b5 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/base/HttpClient4Test.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/base/HttpClient4Test.java @@ -54,11 +54,21 @@ protected ResponseEntity request(String path, MultiValueMap ResponseEntity request(String path, MultiValueMap params, Class clazz, HttpMethod httpMethod) { HttpHeaders headers = new HttpHeaders(); - + HttpEntity entity = new HttpEntity(headers); UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(this.base.toString() + path).queryParams(params); + return this.restTemplate.exchange(builder.toUriString(), httpMethod, entity, clazz); + } + protected ResponseEntity request(String path, MultiValueMap params,MultiValueMap headersMap, Class clazz, HttpMethod httpMethod) { + + HttpHeaders headers = new HttpHeaders(); + headers.addAll(headersMap); + HttpEntity entity = new HttpEntity(headers); + + UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(this.base.toString() + path).queryParams(params); + return this.restTemplate.exchange(builder.toUriString(), httpMethod, entity, clazz); } } diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java index 5db5e3eb9ac..23f39045b8e 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java @@ -88,20 +88,26 @@ protected void init(int port) throws Exception { // Create a user: ResponseEntity response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username1).appendParam("password", password1) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done() + , String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); // Create a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username2).appendParam("password", password2) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); // Create a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username3).appendParam("password", password3) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -109,7 +115,8 @@ protected void init(int port) throws Exception { // Create a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", role1).appendParam("username", username1).appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.POST); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -117,7 +124,9 @@ protected void init(int port) throws Exception { // Create a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", role2).appendParam("username", username2).appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.POST); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -131,21 +140,22 @@ protected void init(int port) throws Exception { // Add read permission of namespace1 to role1: response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role1).appendParam("resource", namespace1 + ":*:*").appendParam("action", "r") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); // Add write permission of namespace1 to role2: response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role2).appendParam("resource", namespace1 + ":*:*").appendParam("action", "w") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); // Add read/write permission of namespace1 to role3: response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role3).appendParam("resource", namespace1 + ":*:*").appendParam("action", "rw") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.POST); System.out.println(response); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -160,60 +170,62 @@ protected void destroy() { // Delete permission: ResponseEntity response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role1).appendParam("resource", namespace1 + ":*:*").appendParam("action", "r") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete permission: response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role2).appendParam("resource", namespace1 + ":*:*").appendParam("action", "w") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete permission: response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", role3).appendParam("resource", namespace1 + ":*:*").appendParam("action", "rw") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", role1).appendParam("username", username1).appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", role2).appendParam("username", username2).appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", role3).appendParam("username", username3).appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username1).appendParam("password", password1) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username2).appendParam("password", password2) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", username3).appendParam("password", password3) - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java index af52a17472e..aa63453a9c4 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java @@ -69,7 +69,8 @@ void destroy() { // Delete permission: ResponseEntity response = request("/nacos/v1/auth/permissions", Params.newParams().appendParam("role", "role1").appendParam("resource", "public:*:*").appendParam("action", "rw") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + .appendParam("accessToken", accessToken).done(), + String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Role_ITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Role_ITCase.java index 83cee5c8d25..85fb10ceab6 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Role_ITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Role_ITCase.java @@ -67,20 +67,22 @@ void destroy() { // Delete role: ResponseEntity response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role1").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(),Params.newParams().appendParam("Authorization", accessToken).done(), String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role2").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a user: response = request("/nacos/v1/auth/users", - Params.newParams().appendParam("username", "username2").appendParam("accessToken", accessToken).done(), String.class, + Params.newParams().appendParam("username", "username2").appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -90,7 +92,8 @@ void destroy() { void login() { ResponseEntity response = request("/nacos/v1/auth/users/login", - Params.newParams().appendParam("username", "nacos").appendParam("password", "nacos").done(), String.class, HttpMethod.POST); + Params.newParams().appendParam("username", "nacos").appendParam("password", "nacos").done(), + String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); JsonNode json = JacksonUtils.toObj(response.getBody()); @@ -106,21 +109,24 @@ void createDeleteQueryRole() { // Create a user: ResponseEntity response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username2").appendParam("password", "password1") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // Create a role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role1").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.POST); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query role of user: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("username", "username2").appendParam("pageNo", "1").appendParam("pageSize", "10") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -141,14 +147,16 @@ void createDeleteQueryRole() { // Add second role to user: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role2").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.POST); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query roles of user: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("username", "username2").appendParam("pageNo", "1").appendParam("pageSize", "10") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -176,14 +184,16 @@ void createDeleteQueryRole() { // Delete role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role2").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query roles of user: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("username", "username2").appendParam("pageNo", "1").appendParam("pageSize", "10") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -208,14 +218,16 @@ void createDeleteQueryRole() { // Delete role: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("role", "role1").appendParam("username", "username2").appendParam("accessToken", accessToken) - .done(), String.class, HttpMethod.DELETE); + .done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query roles of user: response = request("/nacos/v1/auth/roles", Params.newParams().appendParam("username", "username2").appendParam("pageNo", "1").appendParam("pageSize", "10") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/User_ITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/User_ITCase.java index 7cc53226524..8c8896a1b72 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/User_ITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/User_ITCase.java @@ -70,14 +70,16 @@ void destroy() { // Delete a user: ResponseEntity response = request("/nacos/v1/auth/users", - Params.newParams().appendParam("username", "username1").appendParam("accessToken", accessToken).done(), String.class, + Params.newParams().appendParam("username", "username1").appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); // Delete a user: request("/nacos/v1/auth/users", - Params.newParams().appendParam("username", "username2").appendParam("accessToken", accessToken).done(), String.class, + Params.newParams().appendParam("username", "username2").appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -110,14 +112,17 @@ void createUpdateDeleteUser() { // Create a user: ResponseEntity response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("password", "password1") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("pageNo", "1").appendParam("pageSize", String.valueOf(Integer.MAX_VALUE)) - .appendParam("accessToken", accessToken).done(), String.class); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -140,14 +145,18 @@ void createUpdateDeleteUser() { // Update a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("newPassword", "password2") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.PUT); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.PUT); assertTrue(response.getStatusCode().is2xxSuccessful()); // Query a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("pageNo", "1").appendParam("pageSize", String.valueOf(Integer.MAX_VALUE)) - .appendParam("accessToken", accessToken).done(), String.class); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class,HttpMethod.GET); userPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() { }); @@ -167,7 +176,8 @@ void createUpdateDeleteUser() { // Delete a user: response = request("/nacos/v1/auth/users", - Params.newParams().appendParam("username", "username1").appendParam("accessToken", accessToken).done(), String.class, + Params.newParams().appendParam("username", "username1").appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class, HttpMethod.DELETE); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -175,7 +185,8 @@ void createUpdateDeleteUser() { // Query a user: response = request("/nacos/v1/auth/users", Params.newParams().appendParam("pageNo", "1").appendParam("pageSize", String.valueOf(Integer.MAX_VALUE)) - .appendParam("accessToken", accessToken).done(), String.class); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(),String.class,HttpMethod.GET); assertTrue(response.getStatusCode().is2xxSuccessful()); @@ -206,12 +217,16 @@ void updateUserWithPermission() { // create username1 ResponseEntity response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("password", "password1") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // create username2 response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username2").appendParam("password", "password2") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.POST); assertTrue(response.getStatusCode().is2xxSuccessful()); // user login @@ -226,19 +241,25 @@ void updateUserWithPermission() { // update by admin response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("newPassword", "password3") - .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.PUT); + .appendParam("accessToken", accessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.PUT); assertTrue(response.getStatusCode().is2xxSuccessful()); // update by same user response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("newPassword", "password4") - .appendParam("accessToken", user1AccessToken).done(), String.class, HttpMethod.PUT); + .appendParam("accessToken", user1AccessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.PUT); assertTrue(response.getStatusCode().is2xxSuccessful()); // update by another user response = request("/nacos/v1/auth/users", Params.newParams().appendParam("username", "username1").appendParam("newPassword", "password5") - .appendParam("accessToken", user2AccessToken).done(), String.class, HttpMethod.PUT); + .appendParam("accessToken", user2AccessToken).done(), + Params.newParams().appendParam("Authorization", accessToken).done(), + String.class, HttpMethod.PUT); assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode()); } } From 90ea400e4988901a0dfa1ef6e8efc6dc3ca4c614 Mon Sep 17 00:00:00 2001 From: lizhuodong <2205553696@qq.com> Date: Thu, 18 Jul 2024 11:44:01 +0800 Subject: [PATCH 4/4] Update request.js --- console-ui/src/utils/request.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/console-ui/src/utils/request.js b/console-ui/src/utils/request.js index efc8a0f78fc..56dbd84f9f0 100644 --- a/console-ui/src/utils/request.js +++ b/console-ui/src/utils/request.js @@ -49,7 +49,7 @@ const request = () => { goLogin(); } const { accessToken = '', username = '' } = token; - config.params.accessToken = accessToken; + //config.params.accessToken = accessToken; // support #3548 and fix #5835 if (!url.includes('auth')) { config.params.username = username;