From 89685a65ed378e564fcaf3a7155d65eb93ed78d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E7=BF=8A=20SionYang?= Date: Mon, 3 Apr 2023 18:36:43 +0800 Subject: [PATCH] Don't stopping startup for illegal token.secret.key when auth.enabled is false. (#10265) --- distribution/conf/announcement.conf | 2 +- .../auth/impl/token/impl/JwtTokenManager.java | 14 ++++++++++---- .../auth/impl/token/impl/JwtTokenManagerTest.java | 15 +++++++++++---- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/distribution/conf/announcement.conf b/distribution/conf/announcement.conf index 0c55968b5..c18d8a41f 100644 --- a/distribution/conf/announcement.conf +++ b/distribution/conf/announcement.conf @@ -1 +1 @@ -当前集群没有开启鉴权,请参考[文档](https://nacos.io/zh-cn/docs/v2/guide/user/auth.html)开启鉴权~ \ No newline at end of file +当前集群没有开启鉴权,请参考文档开启鉴权~ \ No newline at end of file diff --git a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java index fda3b5c8e..9c2424b05 100644 --- a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java +++ b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java @@ -16,6 +16,7 @@ package com.alibaba.nacos.plugin.auth.impl.token.impl; +import com.alibaba.nacos.auth.config.AuthConfigs; import com.alibaba.nacos.common.event.ServerConfigChangeEvent; import com.alibaba.nacos.common.notify.Event; import com.alibaba.nacos.common.notify.NotifyCenter; @@ -56,7 +57,10 @@ public class JwtTokenManager extends Subscriber impleme private volatile NacosJwtParser jwtParser; - public JwtTokenManager() { + private final AuthConfigs authConfigs; + + public JwtTokenManager(AuthConfigs authConfigs) { + this.authConfigs = authConfigs; NotifyCenter.registerSubscriber(this); processProperties(); } @@ -70,9 +74,11 @@ public class JwtTokenManager extends Subscriber impleme try { this.jwtParser = new NacosJwtParser(encodedSecretKey); } catch (Exception e) { - throw new IllegalArgumentException( - "the length of secret key must great than or equal 32 bytes; And the secret key must be encoded by base64." - + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e); + if (authConfigs.isAuthEnabled()) { + throw new IllegalArgumentException( + "the length of secret key must great than or equal 32 bytes; And the secret key must be encoded by base64." + + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e); + } } } diff --git a/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java b/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java index f7a3a1b6a..01cfec998 100644 --- a/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java +++ b/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java @@ -16,6 +16,7 @@ package com.alibaba.nacos.plugin.auth.impl.token.impl; +import com.alibaba.nacos.auth.config.AuthConfigs; import com.alibaba.nacos.plugin.auth.exception.AccessException; import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants; import com.alibaba.nacos.plugin.auth.impl.jwt.NacosJwtParser; @@ -24,6 +25,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; import org.springframework.mock.env.MockEnvironment; import org.springframework.security.core.Authentication; @@ -32,11 +34,16 @@ import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.concurrent.TimeUnit; +import static org.mockito.Mockito.when; + @RunWith(MockitoJUnitRunner.class) public class JwtTokenManagerTest { private JwtTokenManager jwtTokenManager; + @Mock + private AuthConfigs authConfigs; + @Before public void setUp() { MockEnvironment mockEnvironment = new MockEnvironment(); @@ -47,8 +54,7 @@ public class JwtTokenManagerTest { AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString()); EnvUtil.setEnvironment(mockEnvironment); - - jwtTokenManager = new JwtTokenManager(); + jwtTokenManager = new JwtTokenManager(authConfigs); } @Test @@ -70,7 +76,7 @@ public class JwtTokenManagerTest { EnvUtil.setEnvironment(mockEnvironment); - JwtTokenManager jwtTokenManager = new JwtTokenManager(); + JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs); String nacosToken = jwtTokenManager.createToken("nacos"); Assert.assertNotNull(nacosToken); jwtTokenManager.validateToken(nacosToken); @@ -85,6 +91,7 @@ public class JwtTokenManagerTest { @Test public void testInvalidSecretKey() { + when(authConfigs.isAuthEnabled()).thenReturn(true); Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE")); } @@ -109,7 +116,7 @@ public class JwtTokenManagerTest { EnvUtil.setEnvironment(mockEnvironment); - JwtTokenManager jwtTokenManager = new JwtTokenManager(); + JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs); String nacosToken = jwtTokenManager.createToken("nacos"); Assert.assertNotNull(nacosToken); System.out.println("oldToken: " + nacosToken);