diff --git a/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java b/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java index d60d5bb0f..6aa8ffa8e 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/auth/ConfigResourceParser.java @@ -15,7 +15,6 @@ */ package com.alibaba.nacos.config.server.auth; -import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.core.auth.Resource; import com.alibaba.nacos.core.auth.ResourceParser; import org.apache.commons.lang3.StringUtils; @@ -39,13 +38,13 @@ public class ConfigResourceParser implements ResourceParser { String groupName = req.getParameter("group"); String dataId = req.getParameter("dataId"); - if (StringUtils.isBlank(namespaceId)) { - namespaceId = Constants.DEFAULT_NAMESPACE_ID; - } - StringBuilder sb = new StringBuilder(); - sb.append(namespaceId).append(Resource.SPLITTER); + if (StringUtils.isNotBlank(namespaceId)) { + sb.append(namespaceId); + } + + sb.append(Resource.SPLITTER); if (StringUtils.isBlank(dataId)) { sb.append("*") diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java b/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java index 523bb0f43..46c771064 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/UserController.java @@ -17,10 +17,12 @@ package com.alibaba.nacos.console.controller; import com.alibaba.fastjson.JSONObject; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.config.server.auth.RoleInfo; import com.alibaba.nacos.config.server.model.RestResult; import com.alibaba.nacos.config.server.model.User; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; import com.alibaba.nacos.console.security.nacos.NacosAuthManager; +import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl; import com.alibaba.nacos.console.security.nacos.users.NacosUser; import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl; import com.alibaba.nacos.console.utils.JwtTokenUtils; @@ -37,6 +39,7 @@ import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.util.List; /** * User related methods entry @@ -57,6 +60,9 @@ public class UserController { @Autowired private NacosUserDetailsServiceImpl userDetailsService; + @Autowired + private NacosRoleServiceImpl roleService; + @Autowired private AuthConfigs authConfigs; @@ -94,7 +100,12 @@ public class UserController { @DeleteMapping @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE) public Object deleteUser(@RequestParam String username) { - + List roleInfoList = roleService.getRoles(username); + for (RoleInfo roleInfo : roleInfoList) { + if (roleInfo.getRole().equals(NacosRoleServiceImpl.GLOBAL_ADMIN_ROLE)) { + throw new IllegalArgumentException("cannot delete admin: " + username); + } + } userDetailsService.deleteUser(username); return new RestResult<>(200, "delete user ok!"); } diff --git a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java index 77bf8c8af..da7d457b3 100644 --- a/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java +++ b/core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java @@ -66,10 +66,6 @@ public class AuthFilter implements Filter { return; } - if (Loggers.AUTH.isDebugEnabled()) { - Loggers.AUTH.debug("auth filter start, request: {} {}", req.getMethod(), req.getRequestURI()); - } - try { String path = new URI(req.getRequestURI()).getPath(); @@ -82,6 +78,10 @@ public class AuthFilter implements Filter { if (method.isAnnotationPresent(Secured.class) && authConfigs.isAuthEnabled()) { + if (Loggers.AUTH.isDebugEnabled()) { + Loggers.AUTH.debug("auth start, request: {} {}", req.getMethod(), req.getRequestURI()); + } + Secured secured = method.getAnnotation(Secured.class); String action = secured.action().toString(); String resource = secured.resource(); diff --git a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java index 0632b9104..29c7e4c31 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingResourceParser.java @@ -47,13 +47,13 @@ public class NamingResourceParser implements ResourceParser { } serviceName = NamingUtils.getServiceName(serviceName); - if (StringUtils.isBlank(namespaceId)) { - namespaceId = Constants.DEFAULT_NAMESPACE_ID; - } - StringBuilder sb = new StringBuilder(); - sb.append(namespaceId).append(Resource.SPLITTER); + if (StringUtils.isNotBlank(namespaceId)) { + sb.append(namespaceId); + } + + sb.append(Resource.SPLITTER); if (StringUtils.isBlank(serviceName)) { sb.append("*")