[code quality] [nacos-console] [filter/security] the if nest optimize, the constants export, the Chinese doc fix (#5847)

console/src/main/java/com/alibaba/nacos/console/filter/JwtAuthenticationTokenFilter.java

@@ -65,7 +65,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     private String resolveToken(HttpServletRequest request) {
         String bearerToken = request.getHeader(NacosAuthConfig.AUTHORIZATION_HEADER);
         if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(TOKEN_PREFIX)) {
-            return bearerToken.substring(7);
+            return bearerToken.substring(TOKEN_PREFIX.length());
         }
         String jwt = request.getParameter(Constants.ACCESS_TOKEN);
         if (StringUtils.isNotBlank(jwt)) {

console/src/main/java/com/alibaba/nacos/console/security/nacos/LdapAuthenticationProvider.java

@@ -63,6 +63,8 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
     
     private static final String LDAP_PREFIX = "LDAP_";
     
+    private static final String DEFAULT_SECURITY_AUTH = "simple";
+    
     @Autowired
     private NacosUserDetailsServiceImpl userDetailsService;
     
@@ -112,11 +114,12 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
     
     private boolean isAdmin(String username) {
         List<RoleInfo> roleInfos = nacosRoleService.getRoles(username);
-        if (CollectionUtils.isNotEmpty(roleInfos)) {
-            for (RoleInfo roleinfo : roleInfos) {
-                if (GLOBAL_ADMIN_ROLE.equals(roleinfo.getRole())) {
-                    return true;
-                }
+        if (CollectionUtils.isEmpty(roleInfos)) {
+            return false;
+        }
+        for (RoleInfo roleinfo : roleInfos) {
+            if (GLOBAL_ADMIN_ROLE.equals(roleinfo.getRole())) {
+                return true;
             }
         }
         return false;
@@ -126,7 +129,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
         Hashtable<String, String> env = new Hashtable<>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
         env.put(Context.PROVIDER_URL, ldapUrl);
-        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+        env.put(Context.SECURITY_AUTHENTICATION, DEFAULT_SECURITY_AUTH);
         
         env.put(Context.SECURITY_PRINCIPAL, userNamePattern.replace("{0}", username));
         env.put(Context.SECURITY_CREDENTIALS, password);

console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthConfig.java

@@ -59,6 +59,10 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
 
     public static final String UPDATE_PASSWORD_ENTRY_POINT = CONSOLE_RESOURCE_NAME_PREFIX + "user/password";
     
+    private static final String DEFAULT_ALL_PATH_PATTERN = "/**";
+    
+    private static final String PROPERTY_IGNORE_URLS = "nacos.security.ignore.urls";
+
     @Autowired
     private Environment env;
     
@@ -85,12 +89,12 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
         
         String ignoreUrls = null;
         if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = "/**";
+            ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
         } else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = "/**";
+            ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
         }
         if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = env.getProperty("nacos.security.ignore.urls", "/**");
+            ignoreUrls = env.getProperty(PROPERTY_IGNORE_URLS, DEFAULT_ALL_PATH_PATTERN);
         }
         if (StringUtils.isNotBlank(ignoreUrls)) {
             for (String each : ignoreUrls.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR)) {
@@ -112,19 +116,12 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         
         if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
-            http
-                    
-                    .csrf().disable().cors() // We don't need CSRF for JWT based authentication
-                    
+            http.csrf().disable().cors()// We don't need CSRF for JWT based authentication
                     .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                    
                     .and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                     .antMatchers(LOGIN_ENTRY_POINT).permitAll()
-                    
                     .and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated()
-                    
                     .and().exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint());
-            
             // disable cache
             http.headers().cacheControl();
             

console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java

@@ -51,6 +51,10 @@ public class NacosAuthManager implements AuthManager {
     
     private static final String TOKEN_PREFIX = "Bearer ";
     
+    private static final String PARAM_USERNAME = "username";
+    
+    private static final String PARAM_PASSWORD = "password";
+    
     @Autowired
     private JwtTokenManager tokenManager;
     
@@ -152,8 +156,8 @@ public class NacosAuthManager implements AuthManager {
         }
         bearerToken = request.getParameter(Constants.ACCESS_TOKEN);
         if (StringUtils.isBlank(bearerToken)) {
-            String userName = request.getParameter("username");
-            String password = request.getParameter("password");
+            String userName = request.getParameter(PARAM_USERNAME);
+            String password = request.getParameter(PARAM_PASSWORD);
             bearerToken = resolveTokenFromUser(userName, password);
         }
         
@@ -170,8 +174,8 @@ public class NacosAuthManager implements AuthManager {
         }
         bearerToken = request.getHeader(Constants.ACCESS_TOKEN);
         if (StringUtils.isBlank(bearerToken)) {
-            String userName = request.getHeader("username");
-            String password = request.getHeader("password");
+            String userName = request.getHeader(PARAM_USERNAME);
+            String password = request.getHeader(PARAM_PASSWORD);
             bearerToken = resolveTokenFromUser(userName, password);
         }
         

console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java

@@ -52,6 +52,8 @@ public class NacosRoleServiceImpl {
     
     public static final String GLOBAL_ADMIN_ROLE = "ROLE_ADMIN";
     
+    private static final int DEFAULT_PAGE_NO = 1;
+    
     @Autowired
     private AuthConfigs authConfigs;
     
@@ -74,7 +76,7 @@ public class NacosRoleServiceImpl {
     private void reload() {
         try {
             Page<RoleInfo> roleInfoPage = rolePersistService
-                    .getRolesByUserName(StringUtils.EMPTY, 1, Integer.MAX_VALUE);
+                    .getRolesByUserName(StringUtils.EMPTY, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
             if (roleInfoPage == null) {
                 return;
             }
@@ -91,7 +93,7 @@ public class NacosRoleServiceImpl {
             Map<String, List<PermissionInfo>> tmpPermissionInfoMap = new ConcurrentHashMap<>(16);
             for (String role : tmpRoleSet) {
                 Page<PermissionInfo> permissionInfoPage = permissionPersistService
-                        .getPermissions(role, 1, Integer.MAX_VALUE);
+                        .getPermissions(role, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
                 tmpPermissionInfoMap.put(role, permissionInfoPage.getPageItems());
             }
             
@@ -157,7 +159,7 @@ public class NacosRoleServiceImpl {
     public List<RoleInfo> getRoles(String username) {
         List<RoleInfo> roleInfoList = roleInfoMap.get(username);
         if (!authConfigs.isCachingEnabled()) {
-            Page<RoleInfo> roleInfoPage = getRolesFromDatabase(username, 1, Integer.MAX_VALUE);
+            Page<RoleInfo> roleInfoPage = getRolesFromDatabase(username, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
             if (roleInfoPage != null) {
                 roleInfoList = roleInfoPage.getPageItems();
             }
@@ -176,7 +178,7 @@ public class NacosRoleServiceImpl {
     public List<PermissionInfo> getPermissions(String role) {
         List<PermissionInfo> permissionInfoList = permissionInfoMap.get(role);
         if (!authConfigs.isCachingEnabled()) {
-            Page<PermissionInfo> permissionInfoPage = getPermissionsFromDatabase(role, 1, Integer.MAX_VALUE);
+            Page<PermissionInfo> permissionInfoPage = getPermissionsFromDatabase(role, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
             if (permissionInfoPage != null) {
                 permissionInfoList = permissionInfoPage.getPageItems();
             }

console/src/main/resources/META-INF/nacos-default.properties

@@ -17,7 +17,7 @@
 # Console Default Properties
 
 spring.mvc.view.prefix=/jsp/
-# 响应页面默认后缀
+# the default suffix of page
 spring.mvc.view.suffix=.jsp
 spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
 #logging.level.root=DEBUG