This commit is contained in:
nkorange 2020-02-04 17:21:33 +08:00
parent 44cd2a8603
commit 374c575c79
4 changed files with 26 additions and 16 deletions

View File

@ -15,7 +15,6 @@
*/ */
package com.alibaba.nacos.config.server.auth; package com.alibaba.nacos.config.server.auth;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.core.auth.Resource; import com.alibaba.nacos.core.auth.Resource;
import com.alibaba.nacos.core.auth.ResourceParser; import com.alibaba.nacos.core.auth.ResourceParser;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -39,13 +38,13 @@ public class ConfigResourceParser implements ResourceParser {
String groupName = req.getParameter("group"); String groupName = req.getParameter("group");
String dataId = req.getParameter("dataId"); String dataId = req.getParameter("dataId");
if (StringUtils.isBlank(namespaceId)) {
namespaceId = Constants.DEFAULT_NAMESPACE_ID;
}
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append(namespaceId).append(Resource.SPLITTER); if (StringUtils.isNotBlank(namespaceId)) {
sb.append(namespaceId);
}
sb.append(Resource.SPLITTER);
if (StringUtils.isBlank(dataId)) { if (StringUtils.isBlank(dataId)) {
sb.append("*") sb.append("*")

View File

@ -17,10 +17,12 @@ package com.alibaba.nacos.console.controller;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.api.common.Constants; import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.config.server.auth.RoleInfo;
import com.alibaba.nacos.config.server.model.RestResult; import com.alibaba.nacos.config.server.model.RestResult;
import com.alibaba.nacos.config.server.model.User; import com.alibaba.nacos.config.server.model.User;
import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; import com.alibaba.nacos.console.security.nacos.NacosAuthConfig;
import com.alibaba.nacos.console.security.nacos.NacosAuthManager; import com.alibaba.nacos.console.security.nacos.NacosAuthManager;
import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl;
import com.alibaba.nacos.console.security.nacos.users.NacosUser; import com.alibaba.nacos.console.security.nacos.users.NacosUser;
import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl; import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.console.utils.JwtTokenUtils; import com.alibaba.nacos.console.utils.JwtTokenUtils;
@ -37,6 +39,7 @@ import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.List;
/** /**
* User related methods entry * User related methods entry
@ -57,6 +60,9 @@ public class UserController {
@Autowired @Autowired
private NacosUserDetailsServiceImpl userDetailsService; private NacosUserDetailsServiceImpl userDetailsService;
@Autowired
private NacosRoleServiceImpl roleService;
@Autowired @Autowired
private AuthConfigs authConfigs; private AuthConfigs authConfigs;
@ -94,7 +100,12 @@ public class UserController {
@DeleteMapping @DeleteMapping
@Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE) @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
public Object deleteUser(@RequestParam String username) { public Object deleteUser(@RequestParam String username) {
List<RoleInfo> roleInfoList = roleService.getRoles(username);
for (RoleInfo roleInfo : roleInfoList) {
if (roleInfo.getRole().equals(NacosRoleServiceImpl.GLOBAL_ADMIN_ROLE)) {
throw new IllegalArgumentException("cannot delete admin: " + username);
}
}
userDetailsService.deleteUser(username); userDetailsService.deleteUser(username);
return new RestResult<>(200, "delete user ok!"); return new RestResult<>(200, "delete user ok!");
} }

View File

@ -66,10 +66,6 @@ public class AuthFilter implements Filter {
return; return;
} }
if (Loggers.AUTH.isDebugEnabled()) {
Loggers.AUTH.debug("auth filter start, request: {} {}", req.getMethod(), req.getRequestURI());
}
try { try {
String path = new URI(req.getRequestURI()).getPath(); String path = new URI(req.getRequestURI()).getPath();
@ -82,6 +78,10 @@ public class AuthFilter implements Filter {
if (method.isAnnotationPresent(Secured.class) && authConfigs.isAuthEnabled()) { if (method.isAnnotationPresent(Secured.class) && authConfigs.isAuthEnabled()) {
if (Loggers.AUTH.isDebugEnabled()) {
Loggers.AUTH.debug("auth start, request: {} {}", req.getMethod(), req.getRequestURI());
}
Secured secured = method.getAnnotation(Secured.class); Secured secured = method.getAnnotation(Secured.class);
String action = secured.action().toString(); String action = secured.action().toString();
String resource = secured.resource(); String resource = secured.resource();

View File

@ -47,13 +47,13 @@ public class NamingResourceParser implements ResourceParser {
} }
serviceName = NamingUtils.getServiceName(serviceName); serviceName = NamingUtils.getServiceName(serviceName);
if (StringUtils.isBlank(namespaceId)) {
namespaceId = Constants.DEFAULT_NAMESPACE_ID;
}
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append(namespaceId).append(Resource.SPLITTER); if (StringUtils.isNotBlank(namespaceId)) {
sb.append(namespaceId);
}
sb.append(Resource.SPLITTER);
if (StringUtils.isBlank(serviceName)) { if (StringUtils.isBlank(serviceName)) {
sb.append("*") sb.append("*")