diff --git a/address/src/main/java/com/alibaba/nacos/address/auth/AddressServerAuthManager.java b/address/src/main/java/com/alibaba/nacos/address/auth/AddressServerAuthManager.java index fb7c08b9897..617cd232dab 100644 --- a/address/src/main/java/com/alibaba/nacos/address/auth/AddressServerAuthManager.java +++ b/address/src/main/java/com/alibaba/nacos/address/auth/AddressServerAuthManager.java @@ -16,10 +16,10 @@ package com.alibaba.nacos.address.auth; -import com.alibaba.nacos.core.auth.AccessException; -import com.alibaba.nacos.core.auth.AuthManager; -import com.alibaba.nacos.core.auth.Permission; -import com.alibaba.nacos.core.auth.User; +import com.alibaba.nacos.auth.AuthManager; +import com.alibaba.nacos.auth.exception.AccessException; +import com.alibaba.nacos.auth.model.Permission; +import com.alibaba.nacos.auth.model.User; /** * Address server auth manager. diff --git a/address/src/main/java/com/alibaba/nacos/address/configuration/AddressServerSpringConfiguration.java b/address/src/main/java/com/alibaba/nacos/address/configuration/AddressServerSpringConfiguration.java index bd822b1cee1..8c04df237f5 100644 --- a/address/src/main/java/com/alibaba/nacos/address/configuration/AddressServerSpringConfiguration.java +++ b/address/src/main/java/com/alibaba/nacos/address/configuration/AddressServerSpringConfiguration.java @@ -17,7 +17,7 @@ package com.alibaba.nacos.address.configuration; import com.alibaba.nacos.address.auth.AddressServerAuthManager; -import com.alibaba.nacos.core.auth.AuthManager; +import com.alibaba.nacos.auth.AuthManager; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; diff --git a/auth/pom.xml b/auth/pom.xml index 0653a75e7bc..b3339d0ed3e 100644 --- a/auth/pom.xml +++ b/auth/pom.xml @@ -36,7 +36,21 @@ + + ${project.groupId} + nacos-common + + + + org.springframework.boot + spring-boot-starter + true + + + org.apache.tomcat.embed + tomcat-embed-core + diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthManager.java b/auth/src/main/java/com/alibaba/nacos/auth/AuthManager.java similarity index 88% rename from core/src/main/java/com/alibaba/nacos/core/auth/AuthManager.java rename to auth/src/main/java/com/alibaba/nacos/auth/AuthManager.java index b1cfaeea8cd..0009e0569f0 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthManager.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/AuthManager.java @@ -14,12 +14,17 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth; + +import com.alibaba.nacos.auth.exception.AccessException; +import com.alibaba.nacos.auth.model.Permission; +import com.alibaba.nacos.auth.model.User; /** * Access control entry. Can be extended by 3rd party implementations. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public interface AuthManager { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/Secured.java b/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java similarity index 86% rename from core/src/main/java/com/alibaba/nacos/core/auth/Secured.java rename to auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java index 2b129f05517..06e53bba8a1 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/Secured.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java @@ -14,8 +14,11 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.annotation; +import com.alibaba.nacos.auth.common.ActionTypes; +import com.alibaba.nacos.auth.parser.DefaultResourceParser; +import com.alibaba.nacos.auth.parser.ResourceParser; import org.apache.commons.lang3.StringUtils; import java.lang.annotation.Retention; @@ -25,6 +28,7 @@ * Annotation indicating that the annotated request should be authorized. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ @Retention(RetentionPolicy.RUNTIME) diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/ActionTypes.java b/auth/src/main/java/com/alibaba/nacos/auth/common/ActionTypes.java similarity index 94% rename from core/src/main/java/com/alibaba/nacos/core/auth/ActionTypes.java rename to auth/src/main/java/com/alibaba/nacos/auth/common/ActionTypes.java index 4cace580b17..77157b61fad 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/ActionTypes.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/common/ActionTypes.java @@ -14,12 +14,13 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.common; /** * Resource action type definitions. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public enum ActionTypes { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthConfigs.java b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java similarity index 80% rename from core/src/main/java/com/alibaba/nacos/core/auth/AuthConfigs.java rename to auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java index a8b92871269..44e94907b26 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthConfigs.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java @@ -14,18 +14,15 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.common; +import com.alibaba.nacos.auth.common.env.ReloadableConfigs; import com.alibaba.nacos.common.JustForTest; -import com.alibaba.nacos.core.env.ReloadableConfigs; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.stereotype.Component; import java.util.Objects; @@ -33,9 +30,9 @@ * Auth related configurations. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ -@Component @Configuration public class AuthConfigs { @@ -107,21 +104,4 @@ public boolean isCachingEnabled() { public static void setCachingEnabled(boolean cachingEnabled) { AuthConfigs.cachingEnabled = cachingEnabled; } - - @Bean - public FilterRegistrationBean authFilterRegistration() { - FilterRegistrationBean registration = new FilterRegistrationBean<>(); - registration.setFilter(authFilter()); - registration.addUrlPatterns("/*"); - registration.setName("authFilter"); - registration.setOrder(6); - - return registration; - } - - @Bean - public AuthFilter authFilter() { - return new AuthFilter(); - } - } diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthSystemTypes.java b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthSystemTypes.java similarity index 93% rename from core/src/main/java/com/alibaba/nacos/core/auth/AuthSystemTypes.java rename to auth/src/main/java/com/alibaba/nacos/auth/common/AuthSystemTypes.java index 2517b5bbc94..dc45b50e33e 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthSystemTypes.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthSystemTypes.java @@ -14,12 +14,13 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.common; /** * Types of all auth implementations. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public enum AuthSystemTypes { diff --git a/core/src/main/java/com/alibaba/nacos/core/env/ReloadableConfigs.java b/auth/src/main/java/com/alibaba/nacos/auth/common/env/ReloadableConfigs.java similarity index 97% rename from core/src/main/java/com/alibaba/nacos/core/env/ReloadableConfigs.java rename to auth/src/main/java/com/alibaba/nacos/auth/common/env/ReloadableConfigs.java index 32d704a378b..6984ad52e7f 100644 --- a/core/src/main/java/com/alibaba/nacos/core/env/ReloadableConfigs.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/common/env/ReloadableConfigs.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.env; +package com.alibaba.nacos.auth.common.env; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; @@ -31,6 +31,7 @@ * Reload application.properties. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ @Component diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AccessException.java b/auth/src/main/java/com/alibaba/nacos/auth/exception/AccessException.java similarity index 94% rename from core/src/main/java/com/alibaba/nacos/core/auth/AccessException.java rename to auth/src/main/java/com/alibaba/nacos/auth/exception/AccessException.java index 50b5b581f36..e53574d7285 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AccessException.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/exception/AccessException.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.exception; import com.alibaba.nacos.api.exception.NacosException; @@ -22,6 +22,7 @@ * Exception to be thrown if authorization is failed. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public class AccessException extends NacosException { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/Permission.java b/auth/src/main/java/com/alibaba/nacos/auth/model/Permission.java similarity index 96% rename from core/src/main/java/com/alibaba/nacos/core/auth/Permission.java rename to auth/src/main/java/com/alibaba/nacos/auth/model/Permission.java index 9e3ca334707..cf30a5ecf97 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/Permission.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/model/Permission.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.model; import java.io.Serializable; @@ -22,6 +22,7 @@ * Permission to auth. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public class Permission implements Serializable { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/Resource.java b/auth/src/main/java/com/alibaba/nacos/auth/model/Resource.java similarity index 96% rename from core/src/main/java/com/alibaba/nacos/core/auth/Resource.java rename to auth/src/main/java/com/alibaba/nacos/auth/model/Resource.java index 74a9bb5d95d..fa15feddf0e 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/Resource.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/model/Resource.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.model; import java.io.Serializable; @@ -22,6 +22,7 @@ * Resource used in authorization. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public class Resource implements Serializable { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/User.java b/auth/src/main/java/com/alibaba/nacos/auth/model/User.java similarity index 95% rename from core/src/main/java/com/alibaba/nacos/core/auth/User.java rename to auth/src/main/java/com/alibaba/nacos/auth/model/User.java index 806cb8bee0a..0db4fd7ab2d 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/User.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/model/User.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.model; import java.io.Serializable; @@ -22,6 +22,7 @@ * User information in authorization. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public class User implements Serializable { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/DefaultResourceParser.java b/auth/src/main/java/com/alibaba/nacos/auth/parser/DefaultResourceParser.java similarity index 94% rename from core/src/main/java/com/alibaba/nacos/core/auth/DefaultResourceParser.java rename to auth/src/main/java/com/alibaba/nacos/auth/parser/DefaultResourceParser.java index 86d36645ac6..dcc1699fa68 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/DefaultResourceParser.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/parser/DefaultResourceParser.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.parser; import org.apache.commons.lang3.StringUtils; @@ -22,6 +22,7 @@ * Default resource parser. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public class DefaultResourceParser implements ResourceParser { diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/ResourceParser.java b/auth/src/main/java/com/alibaba/nacos/auth/parser/ResourceParser.java similarity index 94% rename from core/src/main/java/com/alibaba/nacos/core/auth/ResourceParser.java rename to auth/src/main/java/com/alibaba/nacos/auth/parser/ResourceParser.java index b86a1e0894f..9902aa1ef19 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/ResourceParser.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/parser/ResourceParser.java @@ -14,12 +14,13 @@ * limitations under the License. */ -package com.alibaba.nacos.core.auth; +package com.alibaba.nacos.auth.parser; /** * Resource parser. * * @author nkorange + * @author mai.jh * @since 1.2.0 */ public interface ResourceParser { diff --git a/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java b/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java index 4bfc266ac2e..bf31875edfb 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java @@ -16,11 +16,10 @@ package com.alibaba.nacos.config.server.auth; -import com.alibaba.nacos.core.auth.Resource; -import com.alibaba.nacos.core.auth.ResourceParser; - import javax.servlet.http.HttpServletRequest; +import com.alibaba.nacos.auth.model.Resource; +import com.alibaba.nacos.auth.parser.ResourceParser; import org.apache.commons.lang3.StringUtils; /** diff --git a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java index 812b93cab80..be8505eede6 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java @@ -17,6 +17,8 @@ package com.alibaba.nacos.config.server.controller; import com.alibaba.nacos.api.exception.NacosException; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.common.utils.MapUtils; import com.alibaba.nacos.config.server.auth.ConfigResourceParser; @@ -43,8 +45,6 @@ import com.alibaba.nacos.config.server.utils.RequestUtil; import com.alibaba.nacos.config.server.utils.TimeUtils; import com.alibaba.nacos.config.server.utils.ZipUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.utils.InetUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.time.DateFormatUtils; diff --git a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigOpsController.java b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigOpsController.java index cb7728c0606..54bf19c2323 100755 --- a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigOpsController.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigOpsController.java @@ -16,6 +16,8 @@ package com.alibaba.nacos.config.server.controller; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.common.model.RestResultUtils; import com.alibaba.nacos.common.utils.Objects; @@ -29,8 +31,6 @@ import com.alibaba.nacos.config.server.service.repository.embedded.DatabaseOperate; import com.alibaba.nacos.config.server.utils.LogUtil; import com.alibaba.nacos.config.server.utils.PropertyUtil; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.utils.ApplicationUtils; import com.alibaba.nacos.core.utils.WebUtils; import org.apache.commons.lang3.StringUtils; diff --git a/config/src/main/java/com/alibaba/nacos/config/server/utils/RequestUtil.java b/config/src/main/java/com/alibaba/nacos/config/server/utils/RequestUtil.java index e6ca390f98f..834d4dcae23 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/utils/RequestUtil.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/utils/RequestUtil.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.config.server.utils; -import com.alibaba.nacos.core.auth.User; +import com.alibaba.nacos.auth.model.User; import org.apache.commons.lang3.StringUtils; import javax.servlet.http.HttpServletRequest; diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java b/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java index efd441cabb8..d0ca0fe3e51 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java @@ -16,14 +16,14 @@ package com.alibaba.nacos.console.controller; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.config.server.model.TenantInfo; import com.alibaba.nacos.config.server.service.repository.PersistService; import com.alibaba.nacos.console.model.Namespace; import com.alibaba.nacos.console.model.NamespaceAllInfo; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.DeleteMapping; diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/PermissionController.java b/console/src/main/java/com/alibaba/nacos/console/controller/PermissionController.java index 4730fa1be82..d808009f318 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/PermissionController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/PermissionController.java @@ -16,11 +16,11 @@ package com.alibaba.nacos.console.controller; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.DeleteMapping; diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/RoleController.java b/console/src/main/java/com/alibaba/nacos/console/controller/RoleController.java index f89e691b8a1..6592ed39fdf 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/RoleController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/RoleController.java @@ -16,11 +16,11 @@ package com.alibaba.nacos.console.controller; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.DeleteMapping; diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java b/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java index 13562dfa2f7..c9f391159b7 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java @@ -17,6 +17,11 @@ package com.alibaba.nacos.console.controller; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; +import com.alibaba.nacos.auth.common.AuthConfigs; +import com.alibaba.nacos.auth.common.AuthSystemTypes; +import com.alibaba.nacos.auth.exception.AccessException; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.common.utils.JacksonUtils; import com.alibaba.nacos.config.server.auth.RoleInfo; @@ -28,11 +33,6 @@ import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl; import com.alibaba.nacos.console.utils.JwtTokenUtils; import com.alibaba.nacos.console.utils.PasswordEncoderUtil; -import com.alibaba.nacos.core.auth.AccessException; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.AuthConfigs; -import com.alibaba.nacos.core.auth.AuthSystemTypes; -import com.alibaba.nacos.core.auth.Secured; import com.fasterxml.jackson.databind.node.ObjectNode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; diff --git a/console/src/main/java/com/alibaba/nacos/console/exception/ConsoleExceptionHandler.java b/console/src/main/java/com/alibaba/nacos/console/exception/ConsoleExceptionHandler.java index 7853593a795..d76080c45dc 100644 --- a/console/src/main/java/com/alibaba/nacos/console/exception/ConsoleExceptionHandler.java +++ b/console/src/main/java/com/alibaba/nacos/console/exception/ConsoleExceptionHandler.java @@ -16,8 +16,8 @@ package com.alibaba.nacos.console.exception; +import com.alibaba.nacos.auth.exception.AccessException; import com.alibaba.nacos.common.utils.ExceptionUtil; -import com.alibaba.nacos.core.auth.AccessException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java index 9d42a2a4cee..62eadc35ce7 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.console.security.nacos; -import com.alibaba.nacos.core.auth.AuthConfigs; +import com.alibaba.nacos.auth.common.AuthConfigs; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthConfig.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthConfig.java index 7956420b974..b06826baed5 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthConfig.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthConfig.java @@ -16,10 +16,10 @@ package com.alibaba.nacos.console.security.nacos; +import com.alibaba.nacos.auth.common.AuthConfigs; +import com.alibaba.nacos.auth.common.AuthSystemTypes; import com.alibaba.nacos.console.filter.JwtAuthenticationTokenFilter; import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl; -import com.alibaba.nacos.core.auth.AuthConfigs; -import com.alibaba.nacos.core.auth.AuthSystemTypes; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java index c35fcc8611c..8a7b80db038 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java @@ -17,14 +17,14 @@ package com.alibaba.nacos.console.security.nacos; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.auth.AuthManager; +import com.alibaba.nacos.auth.exception.AccessException; +import com.alibaba.nacos.auth.model.Permission; +import com.alibaba.nacos.auth.model.User; import com.alibaba.nacos.config.server.auth.RoleInfo; import com.alibaba.nacos.config.server.utils.RequestUtil; import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl; import com.alibaba.nacos.console.security.nacos.users.NacosUser; -import com.alibaba.nacos.core.auth.AccessException; -import com.alibaba.nacos.core.auth.AuthManager; -import com.alibaba.nacos.core.auth.Permission; -import com.alibaba.nacos.core.auth.User; import com.alibaba.nacos.core.utils.Loggers; import io.jsonwebtoken.ExpiredJwtException; import org.apache.commons.lang3.StringUtils; diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java index 2b64fcb9203..d2aff9036e0 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java @@ -16,6 +16,8 @@ package com.alibaba.nacos.console.security.nacos.roles; +import com.alibaba.nacos.auth.common.AuthConfigs; +import com.alibaba.nacos.auth.model.Permission; import com.alibaba.nacos.config.server.auth.PermissionInfo; import com.alibaba.nacos.config.server.auth.PermissionPersistService; import com.alibaba.nacos.config.server.auth.RoleInfo; @@ -23,8 +25,6 @@ import com.alibaba.nacos.config.server.model.Page; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl; -import com.alibaba.nacos.core.auth.AuthConfigs; -import com.alibaba.nacos.core.auth.Permission; import com.alibaba.nacos.core.utils.Loggers; import io.jsonwebtoken.lang.Collections; import org.apache.commons.lang3.StringUtils; diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUser.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUser.java index d0aaf196b33..8113ae94811 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUser.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUser.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.console.security.nacos.users; -import com.alibaba.nacos.core.auth.User; +import com.alibaba.nacos.auth.model.User; /** * Nacos User. diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUserDetailsServiceImpl.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUserDetailsServiceImpl.java index b899feff603..3f8457d24cd 100644 --- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUserDetailsServiceImpl.java +++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/users/NacosUserDetailsServiceImpl.java @@ -16,10 +16,10 @@ package com.alibaba.nacos.console.security.nacos.users; +import com.alibaba.nacos.auth.common.AuthConfigs; import com.alibaba.nacos.config.server.auth.UserPersistService; import com.alibaba.nacos.config.server.model.Page; import com.alibaba.nacos.config.server.model.User; -import com.alibaba.nacos.core.auth.AuthConfigs; import com.alibaba.nacos.core.utils.Loggers; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Scheduled; diff --git a/console/src/test/java/com/alibaba/nacos/console/controller/UserControllerTest.java b/console/src/test/java/com/alibaba/nacos/console/controller/UserControllerTest.java index 0588372b272..9b3fe8dd62b 100644 --- a/console/src/test/java/com/alibaba/nacos/console/controller/UserControllerTest.java +++ b/console/src/test/java/com/alibaba/nacos/console/controller/UserControllerTest.java @@ -16,11 +16,11 @@ package com.alibaba.nacos.console.controller; +import com.alibaba.nacos.auth.common.AuthConfigs; +import com.alibaba.nacos.auth.common.AuthSystemTypes; +import com.alibaba.nacos.auth.exception.AccessException; import com.alibaba.nacos.console.security.nacos.NacosAuthManager; import com.alibaba.nacos.console.security.nacos.users.NacosUser; -import com.alibaba.nacos.core.auth.AccessException; -import com.alibaba.nacos.core.auth.AuthConfigs; -import com.alibaba.nacos.core.auth.AuthSystemTypes; import com.fasterxml.jackson.databind.JsonNode; import org.junit.Before; import org.junit.Test; diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthConfig.java b/core/src/main/java/com/alibaba/nacos/core/auth/AuthConfig.java new file mode 100644 index 00000000000..daf85f7e608 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/auth/AuthConfig.java @@ -0,0 +1,46 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.auth; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +/** + * auth filter config. + * + * @author mai.jh + */ +@Configuration +public class AuthConfig { + + @Bean + public FilterRegistrationBean authFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean<>(); + registration.setFilter(authFilter()); + registration.addUrlPatterns("/*"); + registration.setName("authFilter"); + registration.setOrder(6); + + return registration; + } + + @Bean + public AuthFilter authFilter() { + return new AuthFilter(); + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java index 0cf41dcff71..95fc13a194c 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java @@ -16,6 +16,12 @@ package com.alibaba.nacos.core.auth; +import com.alibaba.nacos.auth.AuthManager; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.AuthConfigs; +import com.alibaba.nacos.auth.exception.AccessException; +import com.alibaba.nacos.auth.model.Permission; +import com.alibaba.nacos.auth.parser.ResourceParser; import com.alibaba.nacos.common.utils.ExceptionUtil; import com.alibaba.nacos.core.code.ControllerMethodsCache; import com.alibaba.nacos.core.utils.Constants; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/CatalogController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/CatalogController.java index 966b0c00f90..ce0992e8fde 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/CatalogController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/CatalogController.java @@ -21,9 +21,9 @@ import com.alibaba.nacos.api.naming.CommonParams; import com.alibaba.nacos.api.naming.pojo.Cluster; import com.alibaba.nacos.api.naming.utils.NamingUtils; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.utils.WebUtils; import com.alibaba.nacos.naming.core.Instance; import com.alibaba.nacos.naming.core.Service; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/ClusterController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/ClusterController.java index d3d75fe0ba6..3d1e94890f6 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/ClusterController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/ClusterController.java @@ -21,8 +21,8 @@ import com.alibaba.nacos.api.naming.CommonParams; import com.alibaba.nacos.api.naming.pojo.healthcheck.AbstractHealthChecker; import com.alibaba.nacos.api.naming.pojo.healthcheck.HealthCheckerFactory; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.core.utils.WebUtils; import com.alibaba.nacos.naming.core.Cluster; import com.alibaba.nacos.naming.core.Service; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/HealthController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/HealthController.java index 428e1d61a72..85957f5f4c7 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/HealthController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/HealthController.java @@ -19,9 +19,9 @@ import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.api.naming.CommonParams; import com.alibaba.nacos.api.naming.pojo.healthcheck.AbstractHealthChecker; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.utils.ApplicationUtils; import com.alibaba.nacos.core.utils.WebUtils; import com.alibaba.nacos.naming.core.Instance; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java index 403ff6ec9fa..6e43835d130 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java @@ -22,9 +22,9 @@ import com.alibaba.nacos.api.naming.NamingResponseCode; import com.alibaba.nacos.api.naming.PreservedMetadataKeys; import com.alibaba.nacos.api.naming.utils.NamingUtils; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.utils.WebUtils; import com.alibaba.nacos.naming.core.Instance; import com.alibaba.nacos.naming.core.Service; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/OperatorController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/OperatorController.java index 30de8d2df5b..f0500924ccc 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/OperatorController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/OperatorController.java @@ -17,9 +17,9 @@ package com.alibaba.nacos.naming.controllers; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.cluster.Member; import com.alibaba.nacos.core.cluster.NodeState; import com.alibaba.nacos.core.cluster.ServerMemberManager; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/ServiceController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/ServiceController.java index f5265c7c7d3..a0b72c67dd3 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/ServiceController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/ServiceController.java @@ -21,10 +21,10 @@ import com.alibaba.nacos.api.naming.CommonParams; import com.alibaba.nacos.api.naming.utils.NamingUtils; import com.alibaba.nacos.api.selector.SelectorType; +import com.alibaba.nacos.auth.annotation.Secured; +import com.alibaba.nacos.auth.common.ActionTypes; import com.alibaba.nacos.common.utils.IoUtils; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.ActionTypes; -import com.alibaba.nacos.core.auth.Secured; import com.alibaba.nacos.core.cluster.ServerMemberManager; import com.alibaba.nacos.core.utils.WebUtils; import com.alibaba.nacos.naming.core.Cluster; diff --git a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java index 773a1df5390..8024a215ecf 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java @@ -18,8 +18,8 @@ import com.alibaba.nacos.api.naming.CommonParams; import com.alibaba.nacos.api.naming.utils.NamingUtils; -import com.alibaba.nacos.core.auth.Resource; -import com.alibaba.nacos.core.auth.ResourceParser; +import com.alibaba.nacos.auth.model.Resource; +import com.alibaba.nacos.auth.parser.ResourceParser; import org.apache.commons.lang3.StringUtils; import javax.servlet.http.HttpServletRequest; diff --git a/test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java b/test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java index 306007880c5..33a088039c2 100644 --- a/test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java +++ b/test/src/test/java/com/alibaba/nacos/test/core/auth/AuthBase.java @@ -16,8 +16,8 @@ package com.alibaba.nacos.test.core.auth; import com.alibaba.nacos.api.PropertyKeyConst; +import com.alibaba.nacos.auth.common.AuthConfigs; import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.auth.AuthConfigs; import com.alibaba.nacos.test.base.HttpClient4Test; import com.alibaba.nacos.test.base.Params; import com.fasterxml.jackson.databind.JsonNode; diff --git a/test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java b/test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java index 61c343db7f0..dbad58fe20a 100644 --- a/test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java +++ b/test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java @@ -16,9 +16,9 @@ package com.alibaba.nacos.test.core.auth; import com.alibaba.nacos.Nacos; +import com.alibaba.nacos.auth.model.Permission; import com.alibaba.nacos.common.utils.JacksonUtils; import com.alibaba.nacos.config.server.model.Page; -import com.alibaba.nacos.core.auth.Permission; import com.alibaba.nacos.test.base.HttpClient4Test; import com.alibaba.nacos.test.base.Params; import com.fasterxml.jackson.core.type.TypeReference;