zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't stopping startup for illegal token.secret.key when auth.enabled is false. (#10265)

Browse Source
This commit is contained in:
杨翊 SionYang 2023-04-03 18:36:43 +08:00 committed by GitHub
parent 250f5c3708
commit 89685a65ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
distribution/conf/announcement.conf
View File

@ -1 +1 @@
当前集群没有开启鉴权,请参考[文档](https://nacos.io/zh-cn/docs/v2/guide/user/auth.html)开启鉴权~ 当前集群没有开启鉴权,请参考<a href="https://nacos.io/zh-cn/docs/v2/guide/user/auth.html">文档</a>开启鉴权~

8
plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
View File

@ -16,6 +16,7 @@
package com.alibaba.nacos.plugin.auth.impl.token.impl; package com.alibaba.nacos.plugin.auth.impl.token.impl;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.event.ServerConfigChangeEvent; import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
import com.alibaba.nacos.common.notify.Event; import com.alibaba.nacos.common.notify.Event;
import com.alibaba.nacos.common.notify.NotifyCenter; import com.alibaba.nacos.common.notify.NotifyCenter;
@ -56,7 +57,10 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
private volatile NacosJwtParser jwtParser; private volatile NacosJwtParser jwtParser;
public JwtTokenManager() { private final AuthConfigs authConfigs;
public JwtTokenManager(AuthConfigs authConfigs) {
this.authConfigs = authConfigs;
NotifyCenter.registerSubscriber(this); NotifyCenter.registerSubscriber(this);
processProperties(); processProperties();
} }
@ -70,10 +74,12 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
try { try {
this.jwtParser = new NacosJwtParser(encodedSecretKey); this.jwtParser = new NacosJwtParser(encodedSecretKey);
} catch (Exception e) { } catch (Exception e) {
if (authConfigs.isAuthEnabled()) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"the length of secret key must great than or equal 32 bytes; And the secret key must be encoded by base64." "the length of secret key must great than or equal 32 bytes; And the secret key must be encoded by base64."
+ "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e); + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e);
} }
}
} }

15
plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
View File

@ -16,6 +16,7 @@
package com.alibaba.nacos.plugin.auth.impl.token.impl; package com.alibaba.nacos.plugin.auth.impl.token.impl;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.exception.AccessException; import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants; import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.jwt.NacosJwtParser; import com.alibaba.nacos.plugin.auth.impl.jwt.NacosJwtParser;
@ -24,6 +25,7 @@ import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.mock.env.MockEnvironment; import org.springframework.mock.env.MockEnvironment;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -32,11 +34,16 @@ import java.nio.charset.StandardCharsets;
import java.util.Base64; import java.util.Base64;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class) @RunWith(MockitoJUnitRunner.class)
public class JwtTokenManagerTest { public class JwtTokenManagerTest {
private JwtTokenManager jwtTokenManager; private JwtTokenManager jwtTokenManager;
@Mock
private AuthConfigs authConfigs;
@Before @Before
public void setUp() { public void setUp() {
MockEnvironment mockEnvironment = new MockEnvironment(); MockEnvironment mockEnvironment = new MockEnvironment();
@ -47,8 +54,7 @@ public class JwtTokenManagerTest {
AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString()); AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
EnvUtil.setEnvironment(mockEnvironment); EnvUtil.setEnvironment(mockEnvironment);
jwtTokenManager = new JwtTokenManager(authConfigs);
jwtTokenManager = new JwtTokenManager();
} }
@Test @Test
@ -70,7 +76,7 @@ public class JwtTokenManagerTest {
EnvUtil.setEnvironment(mockEnvironment); EnvUtil.setEnvironment(mockEnvironment);
JwtTokenManager jwtTokenManager = new JwtTokenManager(); JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
String nacosToken = jwtTokenManager.createToken("nacos"); String nacosToken = jwtTokenManager.createToken("nacos");
Assert.assertNotNull(nacosToken); Assert.assertNotNull(nacosToken);
jwtTokenManager.validateToken(nacosToken); jwtTokenManager.validateToken(nacosToken);
@ -85,6 +91,7 @@ public class JwtTokenManagerTest {
@Test @Test
public void testInvalidSecretKey() { public void testInvalidSecretKey() {
when(authConfigs.isAuthEnabled()).thenReturn(true);
Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE")); Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE"));
} }
@ -109,7 +116,7 @@ public class JwtTokenManagerTest {
EnvUtil.setEnvironment(mockEnvironment); EnvUtil.setEnvironment(mockEnvironment);
JwtTokenManager jwtTokenManager = new JwtTokenManager(); JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
String nacosToken = jwtTokenManager.createToken("nacos"); String nacosToken = jwtTokenManager.createToken("nacos");
Assert.assertNotNull(nacosToken); Assert.assertNotNull(nacosToken);
System.out.println("oldToken: " + nacosToken); System.out.println("oldToken: " + nacosToken);