Don't stopping startup for illegal token.secret.key when auth.enabled is false. (#10273)

plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java

@@ -70,7 +70,6 @@ public class AbstractAuthenticationManager implements IAuthenticationManager {
         if (StringUtils.isBlank(token)) {
             throw new AccessException("user not found!");
         }
-        
         return jwtTokenManager.parseToken(token);
     }
     

plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java

@@ -16,6 +16,8 @@
 
 package com.alibaba.nacos.plugin.auth.impl.token.impl;
 
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
 import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
 import com.alibaba.nacos.common.notify.Event;
@@ -101,6 +103,10 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
      * @return token
      */
     public String createToken(String userName) {
+        if (!authConfigs.isAuthEnabled()) {
+            return StringUtils.EMPTY;
+        }
+        checkJwtParser();
         return jwtParser.jwtBuilder().setUserName(userName).setExpiredTime(this.tokenValidityInSeconds).compact();
     }
     
@@ -130,6 +136,7 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
     }
     
     public NacosUser parseToken(String token) throws AccessException {
+        checkJwtParser();
         return jwtParser.parse(token);
     }
     
@@ -155,4 +162,11 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
     public Class<? extends Event> subscribeType() {
         return ServerConfigChangeEvent.class;
     }
+    
+    private void checkJwtParser() {
+        if (null == jwtParser) {
+            throw new NacosRuntimeException(NacosException.INVALID_PARAM,
+                    "Please config `nacos.core.auth.plugin.nacos.token.secret.key`, detail see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html");
+        }
+    }
 }

plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java

@@ -34,6 +34,7 @@ import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.concurrent.TimeUnit;
 
+import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -46,6 +47,7 @@ public class JwtTokenManagerTest {
     
     @Before
     public void setUp() {
+        when(authConfigs.isAuthEnabled()).thenReturn(true);
         MockEnvironment mockEnvironment = new MockEnvironment();
         mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY, Base64.getEncoder().encodeToString(
                 "SecretKey0123$567890$234567890123456789012345678901234567890123456789".getBytes(
@@ -91,7 +93,6 @@ public class JwtTokenManagerTest {
     
     @Test
     public void testInvalidSecretKey() {
-        when(authConfigs.isAuthEnabled()).thenReturn(true);
         Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE"));
     }
     
@@ -105,6 +106,13 @@ public class JwtTokenManagerTest {
         Assert.assertTrue(jwtTokenManager.getExpiredTimeInSeconds(jwtTokenManager.createToken("nacos")) > 0);
     }
     
+    @Test
+    public void testCreateTokenWhenDisableAuth() {
+        when(authConfigs.isAuthEnabled()).thenReturn(false);
+        jwtTokenManager = new JwtTokenManager(authConfigs);
+        assertEquals("", jwtTokenManager.createToken("nacos"));
+    }
+    
     @Test
     public void testNacosJwtParser() throws AccessException {
         String secretKey = "SecretKey0123$567890$234567890123456789012345678901234567890123456789";