Don't stopping startup for illegal token.secret.key when auth.enabled is false. (#10265)

2023-04-03 18:36:43 +08:00 · 2023-04-03 18:36:43 +08:00 · 89685a65ed
commit 89685a65ed
parent 250f5c3708
3 changed files with 22 additions and 9 deletions
--- a/distribution/conf/announcement.conf
+++ b/distribution/conf/announcement.conf
@ -1 +1 @@
-当前集群没有开启鉴权，请参考[文档](https://nacos.io/zh-cn/docs/v2/guide/user/auth.html)开启鉴权~
+当前集群没有开启鉴权，请参考<a href="https://nacos.io/zh-cn/docs/v2/guide/user/auth.html">文档</a>开启鉴权~
--- a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
+++ b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
@ -16,6 +16,7 @@

 package com.alibaba.nacos.plugin.auth.impl.token.impl;

+import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
 import com.alibaba.nacos.common.notify.Event;
 import com.alibaba.nacos.common.notify.NotifyCenter;
@ -56,7 +57,10 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
    
    private volatile NacosJwtParser jwtParser;
    
-    public JwtTokenManager() {
+    private final AuthConfigs authConfigs;
+    
+    public JwtTokenManager(AuthConfigs authConfigs) {
+        this.authConfigs = authConfigs;
        NotifyCenter.registerSubscriber(this);
        processProperties();
    }
@ -70,9 +74,11 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
        try {
            this.jwtParser = new NacosJwtParser(encodedSecretKey);
        } catch (Exception e) {
-            throw new IllegalArgumentException(
-                    "the length of secret key must great than or equal 32 bytes; And the secret key  must be encoded by base64."
-                            + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e);
+            if (authConfigs.isAuthEnabled()) {
+                throw new IllegalArgumentException(
+                        "the length of secret key must great than or equal 32 bytes; And the secret key  must be encoded by base64."
+                                + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e);
+            }
        }
        
    }
--- a/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
+++ b/plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
@ -16,6 +16,7 @@

 package com.alibaba.nacos.plugin.auth.impl.token.impl;

+import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.plugin.auth.exception.AccessException;
 import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
 import com.alibaba.nacos.plugin.auth.impl.jwt.NacosJwtParser;
@ -24,6 +25,7 @@ import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.mock.env.MockEnvironment;
 import org.springframework.security.core.Authentication;
@ -32,11 +34,16 @@ import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.concurrent.TimeUnit;

+import static org.mockito.Mockito.when;
+
@RunWith(MockitoJUnitRunner.class)
 public class JwtTokenManagerTest {
    
    private JwtTokenManager jwtTokenManager;
    
+    @Mock
+    private AuthConfigs authConfigs;
+    
    @Before
    public void setUp() {
        MockEnvironment mockEnvironment = new MockEnvironment();
@ -47,8 +54,7 @@ public class JwtTokenManagerTest {
                AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
        
        EnvUtil.setEnvironment(mockEnvironment);
-        
-        jwtTokenManager = new JwtTokenManager();
+        jwtTokenManager = new JwtTokenManager(authConfigs);
    }
    
    @Test
@ -70,7 +76,7 @@ public class JwtTokenManagerTest {
        
        EnvUtil.setEnvironment(mockEnvironment);
        
-        JwtTokenManager jwtTokenManager = new JwtTokenManager();
+        JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
        String nacosToken = jwtTokenManager.createToken("nacos");
        Assert.assertNotNull(nacosToken);
        jwtTokenManager.validateToken(nacosToken);
@ -85,6 +91,7 @@ public class JwtTokenManagerTest {
    
    @Test
    public void testInvalidSecretKey() {
+        when(authConfigs.isAuthEnabled()).thenReturn(true);
        Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE"));
    }
    
@ -109,7 +116,7 @@ public class JwtTokenManagerTest {
        
        EnvUtil.setEnvironment(mockEnvironment);
        
-        JwtTokenManager jwtTokenManager = new JwtTokenManager();
+        JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
        String nacosToken = jwtTokenManager.createToken("nacos");
        Assert.assertNotNull(nacosToken);
        System.out.println("oldToken: " + nacosToken);