From 135ab364fed23eaeb887f80221094322b18182fd Mon Sep 17 00:00:00 2001 From: KomachiSion Date: Fri, 21 Jan 2022 15:40:02 +0800 Subject: [PATCH] Move client spi to nacos-auth-plugin module --- client/pom.xml | 6 + .../auth/impl/NacosClientAuthServiceImpl.java | 6 +- .../auth/impl/process/HttpLoginProcessor.java | 2 +- .../auth/impl/process/LoginProcessor.java | 2 +- .../auth/ram/RamClientAuthServiceImpl.java | 13 +- .../injector/AbstractResourceInjector.java | 4 +- .../ram/injector/ConfigResourceInjector.java | 4 +- .../ram/injector/NamingResourceInjector.java | 4 +- .../client/config/impl/ClientWorker.java | 2 +- .../config/impl/ConfigTransportClient.java | 2 +- .../remote/AbstractNamingClientProxy.java | 2 +- .../nacos/client/security/SecurityProxy.java | 8 +- ...auth.spi.client.AbstractClientAuthService} | 0 .../ram/RamClientAuthServiceImplTest.java | 4 +- .../injector/ConfigResourceInjectorTest.java | 7 +- .../injector/NamingResourceInjectorTest.java | 4 +- .../remote/AbstractNamingClientProxyTest.java | 2 +- distribution/conf/application.properties | 3 - .../auth/api}/LoginIdentityContext.java | 4 +- .../plugin/auth/api}/RequestResource.java | 12 +- .../client}/AbstractClientAuthService.java | 2 +- .../spi/client}/ClientAuthPluginManager.java | 6 +- .../auth/spi/client}/ClientAuthService.java | 5 +- .../client}/ClientAuthPluginManagerTest.java | 9 +- .../test/core/auth/Permission_ITCase.java | 258 +++++++----------- 25 files changed, 152 insertions(+), 219 deletions(-) rename client/src/main/resources/META-INF/services/{com.alibaba.nacos.client.auth.spi.AbstractClientAuthService => com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService} (100%) rename {client/src/main/java/com/alibaba/nacos/client/auth => plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api}/LoginIdentityContext.java (94%) rename {client/src/main/java/com/alibaba/nacos/client/auth/spi => plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api}/RequestResource.java (93%) rename {client/src/main/java/com/alibaba/nacos/client/auth/spi => plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client}/AbstractClientAuthService.java (96%) rename {client/src/main/java/com/alibaba/nacos/client/auth => plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client}/ClientAuthPluginManager.java (92%) rename {client/src/main/java/com/alibaba/nacos/client/auth/spi => plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client}/ClientAuthService.java (91%) rename {client/src/test/java/com/alibaba/nacos/client/auth => plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/client}/ClientAuthPluginManagerTest.java (87%) diff --git a/client/pom.xml b/client/pom.xml index 50a3f496e..87308fd52 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -66,6 +66,12 @@ nacos-common true + + + ${project.groupId} + nacos-auth-plugin + ${version} + ${project.groupId} diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/impl/NacosClientAuthServiceImpl.java b/client/src/main/java/com/alibaba/nacos/client/auth/impl/NacosClientAuthServiceImpl.java index 454451285..307c22b2f 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/impl/NacosClientAuthServiceImpl.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/impl/NacosClientAuthServiceImpl.java @@ -18,10 +18,10 @@ package com.alibaba.nacos.client.auth.impl; import com.alibaba.nacos.api.PropertyKeyConst; import com.alibaba.nacos.api.exception.NacosException; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.impl.process.HttpLoginProcessor; -import com.alibaba.nacos.client.auth.spi.AbstractClientAuthService; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.common.utils.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/HttpLoginProcessor.java b/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/HttpLoginProcessor.java index f2486e484..3dee89f0b 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/HttpLoginProcessor.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/HttpLoginProcessor.java @@ -19,7 +19,7 @@ package com.alibaba.nacos.client.auth.impl.process; import com.alibaba.nacos.api.PropertyKeyConst; import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.client.auth.impl.NacosAuthLoginConstant; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.utils.ContextPathUtil; import com.alibaba.nacos.common.http.HttpRestResult; import com.alibaba.nacos.common.http.client.NacosRestTemplate; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/LoginProcessor.java b/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/LoginProcessor.java index 5da458fbb..5f49eef47 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/LoginProcessor.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/impl/process/LoginProcessor.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.client.auth.impl.process; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import java.util.Properties; /** diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImpl.java b/client/src/main/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImpl.java index 7adac4693..70289cdd9 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImpl.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImpl.java @@ -18,15 +18,16 @@ package com.alibaba.nacos.client.auth.ram; import com.alibaba.nacos.api.PropertyKeyConst; import com.alibaba.nacos.api.exception.NacosException; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.client.auth.ram.identify.StsConfig; import com.alibaba.nacos.client.auth.ram.injector.AbstractResourceInjector; import com.alibaba.nacos.client.auth.ram.injector.ConfigResourceInjector; import com.alibaba.nacos.client.auth.ram.injector.NamingResourceInjector; -import com.alibaba.nacos.client.auth.spi.AbstractClientAuthService; -import com.alibaba.nacos.client.auth.spi.RequestResource; import com.alibaba.nacos.client.auth.ram.utils.SpasAdapter; -import com.alibaba.nacos.client.auth.ram.identify.StsConfig; import com.alibaba.nacos.common.utils.StringUtils; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.RequestResource; +import com.alibaba.nacos.plugin.auth.constant.SignType; +import com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,8 +51,8 @@ public class RamClientAuthServiceImpl extends AbstractClientAuthService { public RamClientAuthServiceImpl() { ramContext = new RamContext(); resourceInjectors = new HashMap<>(); - resourceInjectors.put(RequestResource.NAMING, new NamingResourceInjector()); - resourceInjectors.put(RequestResource.CONFIG, new ConfigResourceInjector()); + resourceInjectors.put(SignType.NAMING, new NamingResourceInjector()); + resourceInjectors.put(SignType.CONFIG, new ConfigResourceInjector()); } @Override diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/AbstractResourceInjector.java b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/AbstractResourceInjector.java index 5202c703f..3467f393a 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/AbstractResourceInjector.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/AbstractResourceInjector.java @@ -16,9 +16,9 @@ package com.alibaba.nacos.client.auth.ram.injector; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.RamContext; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; /** * Abstract aliyun RAM resource injector. diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjector.java b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjector.java index 3c55ddaac..8b176033f 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjector.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjector.java @@ -18,9 +18,9 @@ package com.alibaba.nacos.client.auth.ram.injector; import com.alibaba.nacos.api.exception.NacosException; import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.RamContext; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.config.impl.ConfigHttpClientManager; import com.alibaba.nacos.client.auth.ram.utils.SpasAdapter; import com.alibaba.nacos.client.auth.ram.identify.StsConfig; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjector.java b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjector.java index 4d0502363..3ea10f132 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjector.java +++ b/client/src/main/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjector.java @@ -18,9 +18,9 @@ package com.alibaba.nacos.client.auth.ram.injector; import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.api.naming.utils.NamingUtils; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.RamContext; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.auth.ram.utils.SignUtil; import com.alibaba.nacos.common.utils.StringUtils; diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java index 974ddefef..60c3ae9f8 100644 --- a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java +++ b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java @@ -37,7 +37,7 @@ import com.alibaba.nacos.api.exception.NacosException; import com.alibaba.nacos.api.remote.RemoteConstants; import com.alibaba.nacos.api.remote.request.Request; import com.alibaba.nacos.api.remote.response.Response; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.config.common.GroupKey; import com.alibaba.nacos.client.config.filter.impl.ConfigFilterChainManager; import com.alibaba.nacos.client.config.filter.impl.ConfigResponse; diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigTransportClient.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigTransportClient.java index 4dce50147..85f931878 100644 --- a/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigTransportClient.java +++ b/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigTransportClient.java @@ -19,7 +19,7 @@ package com.alibaba.nacos.client.config.impl; import com.alibaba.nacos.api.PropertyKeyConst; import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.api.exception.NacosException; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.config.filter.impl.ConfigResponse; import com.alibaba.nacos.client.security.SecurityProxy; import com.alibaba.nacos.client.utils.ParamUtil; diff --git a/client/src/main/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxy.java b/client/src/main/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxy.java index db1f18743..60d35afeb 100644 --- a/client/src/main/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxy.java +++ b/client/src/main/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxy.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.client.naming.remote; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.naming.event.ServerListChangedEvent; import com.alibaba.nacos.client.security.SecurityProxy; import com.alibaba.nacos.client.utils.AppNameUtils; diff --git a/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java b/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java index 509f989b6..d0362719b 100644 --- a/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java +++ b/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java @@ -17,10 +17,10 @@ package com.alibaba.nacos.client.security; import com.alibaba.nacos.api.exception.NacosException; -import com.alibaba.nacos.client.auth.ClientAuthPluginManager; -import com.alibaba.nacos.client.auth.LoginIdentityContext; -import com.alibaba.nacos.client.auth.spi.ClientAuthService; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.spi.client.ClientAuthPluginManager; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.spi.client.ClientAuthService; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.common.http.client.NacosRestTemplate; import com.alibaba.nacos.common.lifecycle.Closeable; diff --git a/client/src/main/resources/META-INF/services/com.alibaba.nacos.client.auth.spi.AbstractClientAuthService b/client/src/main/resources/META-INF/services/com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService similarity index 100% rename from client/src/main/resources/META-INF/services/com.alibaba.nacos.client.auth.spi.AbstractClientAuthService rename to client/src/main/resources/META-INF/services/com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService diff --git a/client/src/test/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImplTest.java b/client/src/test/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImplTest.java index f3cfde8b8..6613a62ef 100644 --- a/client/src/test/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImplTest.java +++ b/client/src/test/java/com/alibaba/nacos/client/auth/ram/RamClientAuthServiceImplTest.java @@ -17,9 +17,9 @@ package com.alibaba.nacos.client.auth.ram; import com.alibaba.nacos.api.PropertyKeyConst; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.injector.AbstractResourceInjector; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.common.utils.ReflectUtils; import org.junit.Before; import org.junit.Test; diff --git a/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjectorTest.java b/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjectorTest.java index af1c74b88..7a9495405 100644 --- a/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjectorTest.java +++ b/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjectorTest.java @@ -17,10 +17,11 @@ package com.alibaba.nacos.client.auth.ram.injector; import com.alibaba.nacos.api.PropertyKeyConst; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.RamContext; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.auth.ram.identify.StsConfig; +import com.alibaba.nacos.plugin.auth.constant.SignType; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -45,7 +46,7 @@ public class ConfigResourceInjectorTest { ramContext.setAccessKey(PropertyKeyConst.ACCESS_KEY); ramContext.setSecretKey(PropertyKeyConst.SECRET_KEY); resource = new RequestResource(); - resource.setType(RequestResource.CONFIG); + resource.setType(SignType.CONFIG); resource.setNamespace("tenant"); resource.setGroup("group"); cachedSecurityCredentialsUrl = StsConfig.getInstance().getSecurityCredentialsUrl(); diff --git a/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjectorTest.java b/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjectorTest.java index e1ee359b2..c31f018ec 100644 --- a/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjectorTest.java +++ b/client/src/test/java/com/alibaba/nacos/client/auth/ram/injector/NamingResourceInjectorTest.java @@ -17,9 +17,9 @@ package com.alibaba.nacos.client.auth.ram.injector; import com.alibaba.nacos.api.PropertyKeyConst; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.client.auth.ram.RamContext; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.auth.ram.utils.SignUtil; import org.junit.Assert; import org.junit.Before; diff --git a/client/src/test/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxyTest.java b/client/src/test/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxyTest.java index c82a1c855..5ba1d7ead 100644 --- a/client/src/test/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxyTest.java +++ b/client/src/test/java/com/alibaba/nacos/client/naming/remote/AbstractNamingClientProxyTest.java @@ -26,7 +26,7 @@ import com.alibaba.nacos.api.naming.pojo.Service; import com.alibaba.nacos.api.naming.pojo.ServiceInfo; import com.alibaba.nacos.api.selector.AbstractSelector; import com.alibaba.nacos.client.auth.ram.utils.SignUtil; -import com.alibaba.nacos.client.auth.spi.RequestResource; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import com.alibaba.nacos.client.naming.event.ServerListChangedEvent; import com.alibaba.nacos.client.security.SecurityProxy; import com.alibaba.nacos.client.utils.AppNameUtils; diff --git a/distribution/conf/application.properties b/distribution/conf/application.properties index ab3844515..522d5776d 100644 --- a/distribution/conf/application.properties +++ b/distribution/conf/application.properties @@ -146,9 +146,6 @@ nacos.core.auth.system.type=nacos ### If turn on auth system: nacos.core.auth.enabled=false -### authority key in request: -nacos.core.auth.authorityKey=authority,username,password - ### worked when nacos.core.auth.system.type=ldap,{0} is Placeholder,replace login username # nacos.core.auth.ldap.url=ldap://localhost:389 # nacos.core.auth.ldap.userdn=cn={0},ou=user,dc=company,dc=com diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/LoginIdentityContext.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/LoginIdentityContext.java similarity index 94% rename from client/src/main/java/com/alibaba/nacos/client/auth/LoginIdentityContext.java rename to plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/LoginIdentityContext.java index c9635c6ba..5077d34d7 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/LoginIdentityContext.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/LoginIdentityContext.java @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth; +package com.alibaba.nacos.plugin.auth.api; import java.util.HashMap; import java.util.Map; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/spi/RequestResource.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/RequestResource.java similarity index 93% rename from client/src/main/java/com/alibaba/nacos/client/auth/spi/RequestResource.java rename to plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/RequestResource.java index fe770dd7e..99ce1e675 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/spi/RequestResource.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/api/RequestResource.java @@ -14,7 +14,9 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth.spi; +package com.alibaba.nacos.plugin.auth.api; + +import com.alibaba.nacos.plugin.auth.constant.SignType; /** * Request resources. @@ -23,10 +25,6 @@ package com.alibaba.nacos.client.auth.spi; */ public class RequestResource { - public static final String NAMING = "naming"; - - public static final String CONFIG = "config"; - /** * Request type: naming or config. */ @@ -81,7 +79,7 @@ public class RequestResource { */ public static Builder namingBuilder() { Builder result = new Builder(); - result.setType(NAMING); + result.setType(SignType.NAMING); return result; } @@ -92,7 +90,7 @@ public class RequestResource { */ public static Builder configBuilder() { Builder result = new Builder(); - result.setType(CONFIG); + result.setType(SignType.CONFIG); return result; } diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/spi/AbstractClientAuthService.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/AbstractClientAuthService.java similarity index 96% rename from client/src/main/java/com/alibaba/nacos/client/auth/spi/AbstractClientAuthService.java rename to plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/AbstractClientAuthService.java index 0298e0583..e95d01bf2 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/spi/AbstractClientAuthService.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/AbstractClientAuthService.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth.spi; +package com.alibaba.nacos.plugin.auth.spi.client; import com.alibaba.nacos.common.http.client.NacosRestTemplate; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/ClientAuthPluginManager.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManager.java similarity index 92% rename from client/src/main/java/com/alibaba/nacos/client/auth/ClientAuthPluginManager.java rename to plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManager.java index 608e5056c..31cd731ff 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/ClientAuthPluginManager.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManager.java @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,11 +14,9 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth; +package com.alibaba.nacos.plugin.auth.spi.client; import com.alibaba.nacos.api.exception.NacosException; -import com.alibaba.nacos.client.auth.spi.AbstractClientAuthService; -import com.alibaba.nacos.client.auth.spi.ClientAuthService; import com.alibaba.nacos.common.http.client.NacosRestTemplate; import com.alibaba.nacos.common.lifecycle.Closeable; import com.alibaba.nacos.common.spi.NacosServiceLoader; diff --git a/client/src/main/java/com/alibaba/nacos/client/auth/spi/ClientAuthService.java b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthService.java similarity index 91% rename from client/src/main/java/com/alibaba/nacos/client/auth/spi/ClientAuthService.java rename to plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthService.java index ed8a7c6b9..e917cddc5 100644 --- a/client/src/main/java/com/alibaba/nacos/client/auth/spi/ClientAuthService.java +++ b/plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthService.java @@ -14,11 +14,12 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth.spi; +package com.alibaba.nacos.plugin.auth.spi.client; -import com.alibaba.nacos.client.auth.LoginIdentityContext; +import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; import com.alibaba.nacos.common.http.client.NacosRestTemplate; import com.alibaba.nacos.common.lifecycle.Closeable; +import com.alibaba.nacos.plugin.auth.api.RequestResource; import java.util.List; import java.util.Properties; diff --git a/client/src/test/java/com/alibaba/nacos/client/auth/ClientAuthPluginManagerTest.java b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManagerTest.java similarity index 87% rename from client/src/test/java/com/alibaba/nacos/client/auth/ClientAuthPluginManagerTest.java rename to plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManagerTest.java index 0e5860d12..c9c110fa0 100644 --- a/client/src/test/java/com/alibaba/nacos/client/auth/ClientAuthPluginManagerTest.java +++ b/plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/client/ClientAuthPluginManagerTest.java @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,9 +14,8 @@ * limitations under the License. */ -package com.alibaba.nacos.client.auth; +package com.alibaba.nacos.plugin.auth.spi.client; -import com.alibaba.nacos.client.auth.spi.ClientAuthService; import com.alibaba.nacos.common.http.client.NacosRestTemplate; import org.junit.Assert; import org.junit.Before; @@ -29,7 +28,7 @@ import java.util.List; import java.util.Set; /** - * {@link com.alibaba.nacos.client.auth.ClientAuthPluginManager} unit test. + * {@link ClientAuthPluginManager} unit test. * * @author wuyfee * @date 2021-08-12 12:56 @@ -39,7 +38,7 @@ import java.util.Set; public class ClientAuthPluginManagerTest { private ClientAuthPluginManager clientAuthPluginManager; - + @Mock private List serverlist; diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java index bc61697b8..717d67ccf 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/core/auth/Permission_ITCase.java @@ -13,17 +13,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package com.alibaba.nacos.test.core.auth; import com.alibaba.nacos.Nacos; -import com.alibaba.nacos.plugin.auth.api.Permission; import com.alibaba.nacos.common.utils.JacksonUtils; import com.alibaba.nacos.config.server.model.Page; +import com.alibaba.nacos.plugin.auth.api.Permission; import com.alibaba.nacos.test.base.HttpClient4Test; import com.alibaba.nacos.test.base.Params; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonNode; - import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -43,167 +43,119 @@ import java.util.concurrent.TimeUnit; * @since 1.2.0 */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos"}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = { + "server.servlet.context-path=/nacos"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class Permission_ITCase extends HttpClient4Test { - + @LocalServerPort private int port; - + private String accessToken; - + @Before public void init() throws Exception { TimeUnit.SECONDS.sleep(5L); String url = String.format("http://localhost:%d/", port); this.base = new URL(url); } - + @After public void destroy() { - + // Delete permission: ResponseEntity response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "public:*:*") - .appendParam("action", "rw") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "public:*:*") + .appendParam("action", "rw").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Delete permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "test1:*:*") - .appendParam("action", "r") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "test1:*:*") + .appendParam("action", "r").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Delete role: response = request("/nacos/v1/auth/roles", - Params.newParams() - .appendParam("role", "role1") - .appendParam("username", "username3") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("role", "role1").appendParam("username", "username3") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Delete a user: response = request("/nacos/v1/auth/users", - Params.newParams() - .appendParam("username", "username3") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("username", "username3").appendParam("accessToken", accessToken).done(), + String.class, HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); } - + @Test public void login() { - + ResponseEntity response = request("/nacos/v1/auth/users/login", - Params.newParams() - .appendParam("username", "nacos") - .appendParam("password", "nacos") - .done(), - String.class, - HttpMethod.POST); - + Params.newParams().appendParam("username", "nacos").appendParam("password", "nacos").done(), + String.class, HttpMethod.POST); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); JsonNode json = JacksonUtils.toObj(response.getBody()); Assert.assertTrue(json.has("accessToken")); accessToken = json.get("accessToken").textValue(); } - + @Test public void createDeleteQueryPermission() { - + login(); - + // Create a user: ResponseEntity response = request("/nacos/v1/auth/users", - Params.newParams() - .appendParam("username", "username3") - .appendParam("password", "password1") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.POST); - + Params.newParams().appendParam("username", "username3").appendParam("password", "password1") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Create role: response = request("/nacos/v1/auth/roles", - Params.newParams() - .appendParam("role", "role1") - .appendParam("username", "username3") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.POST); - + Params.newParams().appendParam("role", "role1").appendParam("username", "username3") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.POST); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Create permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "public:*:*") - .appendParam("action", "rw") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.POST); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "public:*:*") + .appendParam("action", "rw").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.POST); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Create another permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "test1:*:*") - .appendParam("action", "r") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.POST); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "test1:*:*") + .appendParam("action", "r").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.POST); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Query permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("pageNo", "1") - .appendParam("pageSize", "10") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.GET); - + Params.newParams().appendParam("role", "role1").appendParam("pageNo", "1").appendParam("pageSize", "10") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + System.out.println(response); Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - - Page permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() {}); - + + Page permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() { + }); + Assert.assertNotNull(permissionPage); Assert.assertNotNull(permissionPage.getPageItems()); - - boolean found1=false,found2=false; + + boolean found1 = false, found2 = false; for (Permission permission : permissionPage.getPageItems()) { if (permission.getResource().equals("public:*:*") && permission.getAction().equals("rw")) { found1 = true; @@ -217,41 +169,31 @@ public class Permission_ITCase extends HttpClient4Test { } Assert.assertTrue(found1); Assert.assertTrue(found2); - + // Delete permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "public:*:*") - .appendParam("action", "rw") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "public:*:*") + .appendParam("action", "rw").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Query permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("pageNo", "1") - .appendParam("pageSize", "10") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.GET); - + Params.newParams().appendParam("role", "role1").appendParam("pageNo", "1").appendParam("pageSize", "10") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - - permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() {}); - + + permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() { + }); + Assert.assertNotNull(permissionPage); Assert.assertNotNull(permissionPage.getPageItems()); - - found1=false; - found2=false; - + + found1 = false; + found2 = false; + for (Permission permission : permissionPage.getPageItems()) { if (permission.getResource().equals("public:*:*") && permission.getAction().equals("rw")) { found1 = true; @@ -262,41 +204,31 @@ public class Permission_ITCase extends HttpClient4Test { } Assert.assertFalse(found1); Assert.assertTrue(found2); - + // Delete permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("resource", "test1:*:*") - .appendParam("action", "r") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.DELETE); - + Params.newParams().appendParam("role", "role1").appendParam("resource", "test1:*:*") + .appendParam("action", "r").appendParam("accessToken", accessToken).done(), String.class, + HttpMethod.DELETE); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - + // Query permission: response = request("/nacos/v1/auth/permissions", - Params.newParams() - .appendParam("role", "role1") - .appendParam("pageNo", "1") - .appendParam("pageSize", "10") - .appendParam("accessToken", accessToken) - .done(), - String.class, - HttpMethod.GET); - + Params.newParams().appendParam("role", "role1").appendParam("pageNo", "1").appendParam("pageSize", "10") + .appendParam("accessToken", accessToken).done(), String.class, HttpMethod.GET); + Assert.assertTrue(response.getStatusCode().is2xxSuccessful()); - - permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() {}); - + + permissionPage = JacksonUtils.toObj(response.getBody(), new TypeReference>() { + }); + Assert.assertNotNull(permissionPage); Assert.assertNotNull(permissionPage.getPageItems()); - - found1=false; - found2=false; - + + found1 = false; + found2 = false; + for (Permission permission : permissionPage.getPageItems()) { if (permission.getResource().equals("public:*:*") && permission.getAction().equals("rw")) { found1 = true;