[ISSUE #9710]prometheus-sd support basic auth. (#9912)

* [ISSUE #9710]prometheus-sd support basic auth. * [ISSUE #9710]prometheus-sd support basic auth.
2023-02-08 11:23:43 +08:00 · 2023-02-08 11:23:43 +08:00 · 4e08d61c4a
commit 4e08d61c4a
parent 30954dc612
2 changed files with 120 additions and 0 deletions
--- a/prometheus/src/main/java/com/alibaba/nacos/prometheus/conf/PrometheusSecurityConfiguration.java
+++ b/prometheus/src/main/java/com/alibaba/nacos/prometheus/conf/PrometheusSecurityConfiguration.java
@ -0,0 +1,40 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.prometheus.conf;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_PATH;
+
+
+/**
+ * prometheus auth configuration, avoid spring security configuration override.
+ *
+ * @author vividfish
+ */
+@Configuration
+@ConditionalOnMissingBean(value = WebSecurityConfigurerAdapter.class)
+public class PrometheusSecurityConfiguration extends WebSecurityConfigurerAdapter {
+    
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_PATH);
+    }
+}
--- a/prometheus/src/main/java/com/alibaba/nacos/prometheus/filter/PrometheusAuthFilter.java
+++ b/prometheus/src/main/java/com/alibaba/nacos/prometheus/filter/PrometheusAuthFilter.java
@ -0,0 +1,80 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.prometheus.filter;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.access.intercept.AuthorizationFilter;
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_PATH;
+
+/**
+ * prometheus auth configuration.
+ *
+ * @author vividfish
+ */
+@Configuration
+public class PrometheusAuthFilter {
+    
+    @Bean
+    public FilterRegistrationBean<BasicAuthenticationFilter> basicAuthenticationFilter(
+            AuthenticationManager authenticationManager) {
+        FilterRegistrationBean<BasicAuthenticationFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new BasicAuthenticationFilter(authenticationManager));
+        registration.addUrlPatterns(PROMETHEUS_CONTROLLER_PATH);
+        registration.setName("prometheusBasicAuthenticationFilter");
+        registration.setOrder(2);
+        return registration;
+    }
+    
+    @Bean
+    public FilterRegistrationBean<AnonymousAuthenticationFilter> anonymousAuthenticationFilter() {
+        FilterRegistrationBean<AnonymousAuthenticationFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new AnonymousAuthenticationFilter("annony"));
+        registration.addUrlPatterns(PROMETHEUS_CONTROLLER_PATH);
+        registration.setName("prometheusAnonymousAuthenticationFilter");
+        registration.setOrder(3);
+        return registration;
+    }
+    
+    @Bean
+    public FilterRegistrationBean<AuthorizationFilter> authorizationFilter() {
+        FilterRegistrationBean<AuthorizationFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new AuthorizationFilter(new AuthenticatedAuthorizationManager()));
+        registration.addUrlPatterns(PROMETHEUS_CONTROLLER_PATH);
+        registration.setName("prometheusAuthorizationFilter");
+        registration.setOrder(4);
+        return registration;
+    }
+    
+    @Bean
+    public FilterRegistrationBean<ExceptionTranslationFilter> exceptionTranslationFilter() {
+        FilterRegistrationBean<ExceptionTranslationFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new ExceptionTranslationFilter(new Http403ForbiddenEntryPoint()));
+        registration.addUrlPatterns(PROMETHEUS_CONTROLLER_PATH);
+        registration.setName("prometheusExceptionTranslationFilter");
+        registration.setOrder(1);
+        return registration;
+    }
+}