diff --git a/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java b/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java index 43491b257..7e63f2c10 100644 --- a/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java +++ b/auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java @@ -17,6 +17,7 @@ package com.alibaba.nacos.auth.annotation; import com.alibaba.nacos.auth.constant.ActionTypes; +import com.alibaba.nacos.auth.constant.SignType; import com.alibaba.nacos.auth.parser.DefaultResourceParser; import com.alibaba.nacos.auth.parser.ResourceParser; import com.alibaba.nacos.common.utils.StringUtils; @@ -49,9 +50,17 @@ public @interface Secured { String resource() default StringUtils.EMPTY; /** - * Resource name parser. Should have lower priority than resource(). + * The module of resource related to the request. + * + * @return module name + */ + String signType() default SignType.NAMING; + + /** + * Custom resource parser. Should have lower priority than resource(). * * @return class type of resource parser */ + @Deprecated Class parser() default DefaultResourceParser.class; } diff --git a/auth/src/main/java/com/alibaba/nacos/auth/constant/SignType.java b/auth/src/main/java/com/alibaba/nacos/auth/constant/SignType.java new file mode 100644 index 000000000..bd9302e7d --- /dev/null +++ b/auth/src/main/java/com/alibaba/nacos/auth/constant/SignType.java @@ -0,0 +1,31 @@ +/* + * Copyright 1999-2021 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.auth.constant; + +/** + * Auth sign type. + * + * @author xiweng.yy + */ +public class SignType { + + public static final String NAMING = "naming"; + + public static final String CONFIG = "config"; + + public static final String CONSOLE = "console"; +} diff --git a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java index f5e35eb31..97657ff9f 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java @@ -20,6 +20,7 @@ import com.alibaba.nacos.api.config.ConfigType; import com.alibaba.nacos.api.exception.NacosException; import com.alibaba.nacos.auth.annotation.Secured; import com.alibaba.nacos.auth.constant.ActionTypes; +import com.alibaba.nacos.auth.constant.SignType; import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.common.model.RestResultUtils; import com.alibaba.nacos.common.utils.DateFormatUtils; @@ -117,7 +118,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @PostMapping - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public Boolean publishConfig(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "dataId") String dataId, @RequestParam(value = "group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -191,7 +192,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @GetMapping - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public void getConfig(HttpServletRequest request, HttpServletResponse response, @RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -215,7 +216,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @GetMapping(params = "show=all") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ConfigAllInfo detailConfigInfo(HttpServletRequest request, HttpServletResponse response, @RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) @@ -233,7 +234,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @DeleteMapping - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public Boolean deleteConfig(HttpServletRequest request, HttpServletResponse response, @RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -267,7 +268,7 @@ public class ConfigController { * @Param [request, response, dataId, group, tenant, tag] */ @DeleteMapping(params = "delType=ids") - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult deleteConfigs(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "ids") List ids) { String clientIp = RequestUtil.getRemoteIp(request); @@ -288,7 +289,7 @@ public class ConfigController { } @GetMapping("/catalog") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult getConfigAdvanceInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) { @@ -300,7 +301,7 @@ public class ConfigController { * The client listens for configuration changes. */ @PostMapping("/listener") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public void listener(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { @@ -328,7 +329,7 @@ public class ConfigController { * Subscribe to configured client information. */ @GetMapping("/listener") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public GroupkeyListenserStatus getListeners(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false) String tenant, @RequestParam(value = "sampleTime", required = false, defaultValue = "1") int sampleTime) throws Exception { @@ -346,7 +347,7 @@ public class ConfigController { * Query the configuration information and return it in JSON format. */ @GetMapping(params = "search=accurate") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public Page searchConfig(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "appName", required = false) String appName, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -373,7 +374,7 @@ public class ConfigController { * and group are NULL, but content is not NULL. In this case, all configurations are returned. */ @GetMapping(params = "search=blur") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public Page fuzzySearchConfig(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "appName", required = false) String appName, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -404,7 +405,7 @@ public class ConfigController { * @return Execute to operate result. */ @DeleteMapping(params = "beta=true") - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult stopBeta(@RequestParam(value = "dataId") String dataId, @RequestParam(value = "group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) { @@ -428,7 +429,7 @@ public class ConfigController { * @return RestResult for ConfigInfo4Beta. */ @GetMapping(params = "beta=true") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult queryBeta(@RequestParam(value = "dataId") String dataId, @RequestParam(value = "group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) { @@ -452,7 +453,7 @@ public class ConfigController { * @return ResponseEntity. */ @GetMapping(params = "export=true") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ResponseEntity exportConfig(@RequestParam(value = "dataId", required = false) String dataId, @RequestParam(value = "group", required = false) String group, @RequestParam(value = "appName", required = false) String appName, @@ -504,7 +505,7 @@ public class ConfigController { * @return ResponseEntity. */ @GetMapping(params = "exportV2=true") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ResponseEntity exportConfigV2(@RequestParam(value = "dataId", required = false) String dataId, @RequestParam(value = "group", required = false) String group, @RequestParam(value = "appName", required = false) String appName, @@ -551,7 +552,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @PostMapping(params = "import=true") - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult> importAndPublishConfig(HttpServletRequest request, @RequestParam(value = "src_user", required = false) String srcUser, @RequestParam(value = "namespace", required = false) String namespace, @@ -775,7 +776,7 @@ public class ConfigController { * @throws NacosException NacosException. */ @PostMapping(params = "clone=true") - @Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public RestResult> cloneConfig(HttpServletRequest request, @RequestParam(value = "src_user", required = false) String srcUser, @RequestParam(value = "tenant", required = true) String namespace, diff --git a/config/src/main/java/com/alibaba/nacos/config/server/controller/HistoryController.java b/config/src/main/java/com/alibaba/nacos/config/server/controller/HistoryController.java index eead0e0e3..40471880b 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/controller/HistoryController.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/controller/HistoryController.java @@ -18,6 +18,7 @@ package com.alibaba.nacos.config.server.controller; import com.alibaba.nacos.auth.annotation.Secured; import com.alibaba.nacos.auth.constant.ActionTypes; +import com.alibaba.nacos.auth.constant.SignType; import com.alibaba.nacos.auth.exception.AccessException; import com.alibaba.nacos.common.utils.NamespaceUtil; import com.alibaba.nacos.config.server.auth.ConfigResourceParser; @@ -65,7 +66,7 @@ public class HistoryController { * @return the page of history config. */ @GetMapping(params = "search=accurate") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public Page listConfigHistory(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @@ -92,7 +93,7 @@ public class HistoryController { * @return history config info */ @GetMapping - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ConfigHistoryInfo getConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("nid") Long nid) throws AccessException { @@ -135,7 +136,7 @@ public class HistoryController { * @since 1.4.0 */ @GetMapping(value = "/previous") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ConfigHistoryInfo getPreviousConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("id") Long id) throws AccessException { @@ -155,7 +156,7 @@ public class HistoryController { * @return list */ @GetMapping(value = "/configs") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public List getDataIds(@RequestParam("tenant") String tenant) { // check tenant ParamUtils.checkTenant(tenant); diff --git a/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigChangeBatchListenRequestHandler.java b/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigChangeBatchListenRequestHandler.java index c8b2eef4f..bb0e093e4 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigChangeBatchListenRequestHandler.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigChangeBatchListenRequestHandler.java @@ -23,6 +23,7 @@ import com.alibaba.nacos.api.exception.NacosException; import com.alibaba.nacos.api.remote.request.RequestMeta; import com.alibaba.nacos.auth.annotation.Secured; import com.alibaba.nacos.auth.constant.ActionTypes; +import com.alibaba.nacos.auth.constant.SignType; import com.alibaba.nacos.config.server.auth.ConfigResourceParser; import com.alibaba.nacos.config.server.service.ConfigCacheService; import com.alibaba.nacos.config.server.utils.GroupKey2; @@ -47,7 +48,7 @@ public class ConfigChangeBatchListenRequestHandler @Override @TpsControl(pointName = "ConfigListen") - @Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class) + @Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class) public ConfigChangeBatchListenResponse handle(ConfigBatchListenRequest configChangeListenRequest, RequestMeta meta) throws NacosException { String connectionId = StringPool.get(meta.getConnectionId()); diff --git a/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java b/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java index 4e2fd584c..3ec2f3cd1 100644 --- a/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java +++ b/config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java @@ -23,6 +23,7 @@ import com.alibaba.nacos.api.remote.request.RequestMeta; import com.alibaba.nacos.api.remote.response.ResponseCode; import com.alibaba.nacos.auth.annotation.Secured; import com.alibaba.nacos.auth.constant.ActionTypes; +import com.alibaba.nacos.auth.constant.SignType; import com.alibaba.nacos.common.utils.MapUtil; import com.alibaba.nacos.config.server.auth.ConfigResourceParser; import com.alibaba.nacos.config.server.model.ConfigInfo; @@ -62,7 +63,7 @@ public class ConfigPublishRequestHandler extends RequestHandler