zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SignType

Browse Source
This commit is contained in:
KomachiSion 2022-01-17 17:15:42 +08:00
parent 3c9e83372c
commit 79e7a95e62
9 changed files with 75 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java
View File

@ -17,6 +17,7 @@
package com.alibaba.nacos.auth.annotation;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.auth.parser.DefaultResourceParser;
import com.alibaba.nacos.auth.parser.ResourceParser;
import com.alibaba.nacos.common.utils.StringUtils;
@ -49,9 +50,17 @@ public @interface Secured {
String resource() default StringUtils.EMPTY;
/**
* Resource name parser. Should have lower priority than resource().
* The module of resource related to the request.
*
* @return module name
*/
String signType() default SignType.NAMING;
/**
* Custom resource parser. Should have lower priority than resource().
*
* @return class type of resource parser
*/
@Deprecated
Class<? extends ResourceParser> parser() default DefaultResourceParser.class;
}

31
auth/src/main/java/com/alibaba/nacos/auth/constant/SignType.java Normal file
View File

@ -0,0 +1,31 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.constant;
/**
* Auth sign type.
*
* @author xiweng.yy
*/
public class SignType {
public static final String NAMING = "naming";
public static final String CONFIG = "config";
public static final String CONSOLE = "console";
}

33
config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java
View File

@ -20,6 +20,7 @@ import com.alibaba.nacos.api.config.ConfigType;
import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.common.model.RestResult;
import com.alibaba.nacos.common.model.RestResultUtils;
import com.alibaba.nacos.common.utils.DateFormatUtils;
@ -117,7 +118,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@PostMapping
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public Boolean publishConfig(HttpServletRequest request, HttpServletResponse response,
@RequestParam(value = "dataId") String dataId, @RequestParam(value = "group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -191,7 +192,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@GetMapping
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public void getConfig(HttpServletRequest request, HttpServletResponse response,
@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -215,7 +216,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@GetMapping(params = "show=all")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigAllInfo detailConfigInfo(HttpServletRequest request, HttpServletResponse response,
@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant)
@ -233,7 +234,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@DeleteMapping
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public Boolean deleteConfig(HttpServletRequest request, HttpServletResponse response,
@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -267,7 +268,7 @@ public class ConfigController {
* @Param [request, response, dataId, group, tenant, tag]
*/
@DeleteMapping(params = "delType=ids")
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<Boolean> deleteConfigs(HttpServletRequest request, HttpServletResponse response,
@RequestParam(value = "ids") List<Long> ids) {
String clientIp = RequestUtil.getRemoteIp(request);
@ -288,7 +289,7 @@ public class ConfigController {
}
@GetMapping("/catalog")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<ConfigAdvanceInfo> getConfigAdvanceInfo(@RequestParam("dataId") String dataId,
@RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) {
@ -300,7 +301,7 @@ public class ConfigController {
* The client listens for configuration changes.
*/
@PostMapping("/listener")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public void listener(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
@ -328,7 +329,7 @@ public class ConfigController {
* Subscribe to configured client information.
*/
@GetMapping("/listener")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public GroupkeyListenserStatus getListeners(@RequestParam("dataId") String dataId,
@RequestParam("group") String group, @RequestParam(value = "tenant", required = false) String tenant,
@RequestParam(value = "sampleTime", required = false, defaultValue = "1") int sampleTime) throws Exception {
@ -346,7 +347,7 @@ public class ConfigController {
* Query the configuration information and return it in JSON format.
*/
@GetMapping(params = "search=accurate")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public Page<ConfigInfo> searchConfig(@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "appName", required = false) String appName,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -373,7 +374,7 @@ public class ConfigController {
* and group are NULL, but content is not NULL. In this case, all configurations are returned.
*/
@GetMapping(params = "search=blur")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public Page<ConfigInfo> fuzzySearchConfig(@RequestParam("dataId") String dataId,
@RequestParam("group") String group, @RequestParam(value = "appName", required = false) String appName,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -404,7 +405,7 @@ public class ConfigController {
* @return Execute to operate result.
*/
@DeleteMapping(params = "beta=true")
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<Boolean> stopBeta(@RequestParam(value = "dataId") String dataId,
@RequestParam(value = "group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) {
@ -428,7 +429,7 @@ public class ConfigController {
* @return RestResult for ConfigInfo4Beta.
*/
@GetMapping(params = "beta=true")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<ConfigInfo4Beta> queryBeta(@RequestParam(value = "dataId") String dataId,
@RequestParam(value = "group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant) {
@ -452,7 +453,7 @@ public class ConfigController {
* @return ResponseEntity.
*/
@GetMapping(params = "export=true")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ResponseEntity<byte[]> exportConfig(@RequestParam(value = "dataId", required = false) String dataId,
@RequestParam(value = "group", required = false) String group,
@RequestParam(value = "appName", required = false) String appName,
@ -504,7 +505,7 @@ public class ConfigController {
* @return ResponseEntity.
*/
@GetMapping(params = "exportV2=true")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ResponseEntity<byte[]> exportConfigV2(@RequestParam(value = "dataId", required = false) String dataId,
@RequestParam(value = "group", required = false) String group,
@RequestParam(value = "appName", required = false) String appName,
@ -551,7 +552,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@PostMapping(params = "import=true")
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<Map<String, Object>> importAndPublishConfig(HttpServletRequest request,
@RequestParam(value = "src_user", required = false) String srcUser,
@RequestParam(value = "namespace", required = false) String namespace,
@ -775,7 +776,7 @@ public class ConfigController {
* @throws NacosException NacosException.
*/
@PostMapping(params = "clone=true")
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public RestResult<Map<String, Object>> cloneConfig(HttpServletRequest request,
@RequestParam(value = "src_user", required = false) String srcUser,
@RequestParam(value = "tenant", required = true) String namespace,

9
config/src/main/java/com/alibaba/nacos/config/server/controller/HistoryController.java
View File

@ -18,6 +18,7 @@ package com.alibaba.nacos.config.server.controller;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.auth.exception.AccessException;
import com.alibaba.nacos.common.utils.NamespaceUtil;
import com.alibaba.nacos.config.server.auth.ConfigResourceParser;
@ -65,7 +66,7 @@ public class HistoryController {
* @return the page of history config.
*/
@GetMapping(params = "search=accurate")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public Page<ConfigHistoryInfo> listConfigHistory(@RequestParam("dataId") String dataId,
@RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@ -92,7 +93,7 @@ public class HistoryController {
* @return history config info
*/
@GetMapping
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigHistoryInfo getConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("nid") Long nid)
throws AccessException {
@ -135,7 +136,7 @@ public class HistoryController {
* @since 1.4.0
*/
@GetMapping(value = "/previous")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigHistoryInfo getPreviousConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("id") Long id)
throws AccessException {
@ -155,7 +156,7 @@ public class HistoryController {
* @return list
*/
@GetMapping(value = "/configs")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public List<ConfigInfoWrapper> getDataIds(@RequestParam("tenant") String tenant) {
// check tenant
ParamUtils.checkTenant(tenant);

3
config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigChangeBatchListenRequestHandler.java
View File

@ -23,6 +23,7 @@ import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.remote.request.RequestMeta;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.config.server.auth.ConfigResourceParser;
import com.alibaba.nacos.config.server.service.ConfigCacheService;
import com.alibaba.nacos.config.server.utils.GroupKey2;
@ -47,7 +48,7 @@ public class ConfigChangeBatchListenRequestHandler
@Override
@TpsControl(pointName = "ConfigListen")
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigChangeBatchListenResponse handle(ConfigBatchListenRequest configChangeListenRequest, RequestMeta meta)
throws NacosException {
String connectionId = StringPool.get(meta.getConnectionId());

3
config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java
View File

@ -23,6 +23,7 @@ import com.alibaba.nacos.api.remote.request.RequestMeta;
import com.alibaba.nacos.api.remote.response.ResponseCode;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.common.utils.MapUtil;
import com.alibaba.nacos.config.server.auth.ConfigResourceParser;
import com.alibaba.nacos.config.server.model.ConfigInfo;
@ -62,7 +63,7 @@ public class ConfigPublishRequestHandler extends RequestHandler<ConfigPublishReq
@Override
@TpsControl(pointName = "ConfigPublish", parsers = {ConfigPublishGroupKeyParser.class,
ConfigPublishGroupParser.class})
@Secured(action = ActionTypes.WRITE, resource = "", parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigPublishResponse handle(ConfigPublishRequest request, RequestMeta meta) throws NacosException {
try {

3
config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigQueryRequestHandler.java
View File

@ -23,6 +23,7 @@ import com.alibaba.nacos.api.remote.request.RequestMeta;
import com.alibaba.nacos.api.remote.response.ResponseCode;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.config.server.auth.ConfigResourceParser;
import com.alibaba.nacos.config.server.constant.Constants;
import com.alibaba.nacos.config.server.model.CacheItem;
@ -70,7 +71,7 @@ public class ConfigQueryRequestHandler extends RequestHandler<ConfigQueryRequest
@Override
@TpsControl(pointName = "ConfigQuery", parsers = {ConfigQueryGroupKeyParser.class, ConfigQueryGroupParser.class})
@Secured(action = ActionTypes.READ, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigQueryResponse handle(ConfigQueryRequest request, RequestMeta meta) throws NacosException {
try {

3
config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigRemoveRequestHandler.java
View File

@ -22,6 +22,7 @@ import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.remote.request.RequestMeta;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.constant.ActionTypes;
import com.alibaba.nacos.auth.constant.SignType;
import com.alibaba.nacos.config.server.auth.ConfigResourceParser;
import com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent;
import com.alibaba.nacos.config.server.service.ConfigChangePublisher;
@ -54,7 +55,7 @@ public class ConfigRemoveRequestHandler extends RequestHandler<ConfigRemoveReque
@Override
@TpsControl(pointName = "ConfigRemove")
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG, parser = ConfigResourceParser.class)
public ConfigRemoveResponse handle(ConfigRemoveRequest configRemoveRequest, RequestMeta meta)
throws NacosException {
// check tenant

9
naming/src/main/java/com/alibaba/nacos/naming/remote/rpc/handler/SubscribeServiceRequestHandler.java
View File

@ -47,11 +47,10 @@ public class SubscribeServiceRequestHandler extends RequestHandler<SubscribeServ
private final ServiceStorage serviceStorage;
private final NamingMetadataManager metadataManager;
private final EphemeralClientOperationServiceImpl clientOperationService;
public SubscribeServiceRequestHandler(ServiceStorage serviceStorage,
NamingMetadataManager metadataManager,
public SubscribeServiceRequestHandler(ServiceStorage serviceStorage, NamingMetadataManager metadataManager,
EphemeralClientOperationServiceImpl clientOperationService) {
this.serviceStorage = serviceStorage;
this.metadataManager = metadataManager;
@ -67,8 +66,8 @@ public class SubscribeServiceRequestHandler extends RequestHandler<SubscribeServ
String app = request.getHeader("app", "unknown");
String groupedServiceName = NamingUtils.getGroupedName(serviceName, groupName);
Service service = Service.newService(namespaceId, groupName, serviceName, true);
Subscriber subscriber = new Subscriber(meta.getClientIp(), meta.getClientVersion(), app,
meta.getClientIp(), namespaceId, groupedServiceName, 0, request.getClusters());
Subscriber subscriber = new Subscriber(meta.getClientIp(), meta.getClientVersion(), app, meta.getClientIp(),
namespaceId, groupedServiceName, 0, request.getClusters());
ServiceInfo serviceInfo = ServiceUtil.selectInstancesWithHealthyProtection(serviceStorage.getData(service),
metadataManager.getServiceMetadata(service).orElse(null), subscriber);
if (request.isSubscribe()) {