zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove AuthManager.java

Browse Source
This commit is contained in:
KomachiSion 2022-01-21 13:49:30 +08:00
parent e606dd7333
commit be9516d037
6 changed files with 22 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
address/src/main/java/com/alibaba/nacos/address/auth/AddressServerAuthManager.java
View File

@ -1,49 +0,0 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.address.auth;
import com.alibaba.nacos.auth.AuthManager;
import com.alibaba.nacos.auth.exception.AccessException;
import com.alibaba.nacos.auth.api.Permission;
import com.alibaba.nacos.auth.model.User;
/**
* Address server auth manager.
*
* <p>For #3091, Only implement an empty auth manager so that address server can startup.</p>
*
* @author xiweng.yy
*/
@SuppressWarnings("PMD.ServiceOrDaoClassShouldEndWithImplRule")
public class AddressServerAuthManager implements AuthManager {
@Override
public User login(Object request) throws AccessException {
User result = new User();
result.setUserName("nacos");
return result;
}
@Override
public User loginRemote(Object request) throws AccessException {
return null;
}
@Override
public void auth(Permission permission, User user) throws AccessException {
}
}

38
address/src/main/java/com/alibaba/nacos/address/configuration/AddressServerSpringConfiguration.java
View File

@ -1,38 +0,0 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.address.configuration;
import com.alibaba.nacos.address.auth.AddressServerAuthManager;
import com.alibaba.nacos.auth.AuthManager;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* Address server spring configuration.
*
* @author xiweng.yy
*/
@Configuration
public class AddressServerSpringConfiguration {
@Bean
@ConditionalOnMissingBean(value = AuthManager.class)
public AuthManager getAuthManager() {
return new AddressServerAuthManager();
}
}

58
auth/src/main/java/com/alibaba/nacos/auth/AuthManager.java
View File

@ -1,58 +0,0 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.auth.exception.AccessException;
import com.alibaba.nacos.auth.api.Permission;
import com.alibaba.nacos.auth.model.User;
/**
* Access control entry. Can be extended by 3rd party implementations.
*
* @author nkorange
* @author mai.jh
* @since 1.2.0
*/
public interface AuthManager {
/**
* Authentication of request, identify the user who request the resource.
*
* @param request where we can find the user information
* @return user related to this request, null if no user info is found.
* @throws AccessException if authentication is failed
*/
User login(Object request) throws AccessException;
/**
* Authentication of request, identify the user who request the resource.
*
* @param request where we can find the user information
* @return user related to this request, null if no user info is found.
* @throws AccessException if authentication is failed
*/
User loginRemote(Object request) throws AccessException;
/**
* Authorization of request, constituted with resource and user.
*
* @param permission permission to auth
* @param user user who wants to access the resource.
* @throws AccessException if authorization is failed
*/
void auth(Permission permission, User user) throws AccessException;
}

42
config/src/test/java/com/alibaba/nacos/config/server/auth/MockAuthManager.java
View File

@ -1,42 +0,0 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.config.server.auth;
import com.alibaba.nacos.auth.AuthManager;
import com.alibaba.nacos.auth.exception.AccessException;
import com.alibaba.nacos.auth.api.Permission;
import com.alibaba.nacos.auth.model.User;
import org.springframework.stereotype.Component;
@Component
public class MockAuthManager implements AuthManager {
@Override
public User login(Object request) throws AccessException {
return null;
}
@Override
public User loginRemote(Object request) throws AccessException {
return null;
}
@Override
public void auth(Permission permission, User user) throws AccessException {
}
}

45
console/src/main/java/com/alibaba/nacos/console/security/nacos/NacosAuthManager.java
View File

@ -17,8 +17,6 @@
package com.alibaba.nacos.console.security.nacos;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.AuthManager;
import com.alibaba.nacos.auth.api.IdentityContext;
import com.alibaba.nacos.auth.api.Permission;
import com.alibaba.nacos.auth.exception.AccessException;
@ -49,7 +47,7 @@ import java.util.List;
* @since 1.2.0
*/
@Component
public class NacosAuthManager implements AuthManager {
public class NacosAuthManager {
@Autowired
private JwtTokenManager tokenManager;
@ -60,7 +58,13 @@ public class NacosAuthManager implements AuthManager {
@Autowired
private NacosRoleServiceImpl roleService;
@Override
/**
* Authentication of request, identify the user who request the resource.
*
* @param request where we can find the user information
* @return user related to this request, null if no user info is found.
* @throws AccessException if authentication is failed
*/
public User login(Object request) throws AccessException {
HttpServletRequest req = (HttpServletRequest) request;
String token = resolveToken(req);
@ -76,15 +80,13 @@ public class NacosAuthManager implements AuthManager {
return getNacosUser(token);
}
@Override
public User loginRemote(Object request) throws AccessException {
Request req = (Request) request;
String token = resolveToken(req);
validate0(token);
return getNacosUser(token);
}
@Override
/**
* Authorization of request, constituted with resource and user.
*
* @param permission permission to auth
* @param user user who wants to access the resource.
* @throws AccessException if authorization is failed
*/
public void auth(Permission permission, User user) throws AccessException {
if (Loggers.AUTH.isDebugEnabled()) {
Loggers.AUTH.debug("auth permission: {}, user: {}", permission, user);
@ -113,23 +115,6 @@ public class NacosAuthManager implements AuthManager {
return bearerToken;
}
/**
* Get token from header.
*/
private String resolveToken(Request request) throws AccessException {
String bearerToken = request.getHeader(AuthConstants.AUTHORIZATION_HEADER);
if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(AuthConstants.TOKEN_PREFIX)) {
return bearerToken.substring(7);
}
bearerToken = request.getHeader(Constants.ACCESS_TOKEN);
if (StringUtils.isBlank(bearerToken)) {
String userName = request.getHeader(AuthConstants.PARAM_USERNAME);
String password = request.getHeader(AuthConstants.PARAM_PASSWORD);
bearerToken = resolveTokenFromUser(userName, password);
}
return bearerToken;
}
private String resolveToken(IdentityContext identityContext) throws AccessException {
String bearerToken = identityContext.getParameter(AuthConstants.AUTHORIZATION_HEADER, StringUtils.EMPTY);
if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(AuthConstants.TOKEN_PREFIX)) {

16
core/src/test/java/com/alibaba/nacos/core/auth/AuthFilterTest.java
View File

@ -17,7 +17,6 @@
package com.alibaba.nacos.core.auth;
import com.alibaba.nacos.auth.AuthManager;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.constant.HttpHeaderConsts;
@ -55,9 +54,6 @@ public class AuthFilterTest {
@Mock
private AuthConfigs authConfigs;
@Mock
private AuthManager authManager;
@Mock
private ControllerMethodsCache methodsCache;
@ -73,17 +69,18 @@ public class AuthFilterTest {
Mockito.when(authConfigs.isEnableUserAgentAuthWhite()).thenReturn(true);
request.addHeader(HttpHeaderConsts.USER_AGENT_HEADER, Constants.NACOS_SERVER_HEADER);
authFilter.doFilter(request, response, filterChain);
Mockito.when(authConfigs.isEnableUserAgentAuthWhite()).thenReturn(false);
Mockito.when(authConfigs.getServerIdentityKey()).thenReturn("1");
Mockito.when(authConfigs.getServerIdentityValue()).thenReturn("2");
request.addHeader("1", "2");
authFilter.doFilter(request, response, filterChain);
Mockito.when(authConfigs.getServerIdentityValue()).thenReturn("3");
authFilter.doFilter(request, response, filterChain);
Mockito.when(methodsCache.getMethod(Mockito.any())).thenReturn(filterChain.getClass().getMethod("testSecured"));
Mockito.when(methodsCache.getMethod(Mockito.any()))
.thenReturn(filterChain.getClass().getMethod("testSecured"));
authFilter.doFilter(request, response, filterChain);
} catch (Exception e) {
@ -93,9 +90,10 @@ public class AuthFilterTest {
}
class MockFilterChain implements FilterChain {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
throws IOException, ServletException {
System.out.println("filter chain executed");
}