Remove identity default value. (#10108)

auth/src/main/java/com/alibaba/nacos/auth/config/AuthConfigs.java

@@ -16,12 +16,14 @@
 
 package com.alibaba.nacos.auth.config;
 
+import com.alibaba.nacos.api.exception.NacosException;
 import com.alibaba.nacos.common.JustForTest;
 import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
 import com.alibaba.nacos.common.notify.Event;
 import com.alibaba.nacos.common.notify.NotifyCenter;
 import com.alibaba.nacos.common.notify.listener.Subscriber;
 import com.alibaba.nacos.common.utils.ConvertUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
 import com.alibaba.nacos.plugin.auth.constant.Constants;
 import com.alibaba.nacos.sys.env.EnvUtil;
 import com.alibaba.nacos.sys.utils.PropertiesUtil;
@@ -30,6 +32,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 
+import javax.annotation.PostConstruct;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -80,6 +83,24 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
         refreshPluginProperties();
     }
     
+    /**
+     * Validate auth config.
+     *
+     * @throws NacosException If the config is not valid.
+     */
+    @PostConstruct
+    public void validate() throws NacosException {
+        if (!authEnabled) {
+            return;
+        }
+        if (StringUtils.isEmpty(nacosAuthSystemType)) {
+            throw new NacosException(AuthErrorCode.INVALID_TYPE.getCode(), AuthErrorCode.INVALID_TYPE.getMsg());
+        }
+        if (StringUtils.isEmpty(serverIdentityKey) || StringUtils.isEmpty(serverIdentityValue)) {
+            throw new NacosException(AuthErrorCode.EMPTY_IDENTITY.getCode(), AuthErrorCode.EMPTY_IDENTITY.getMsg());
+        }
+    }
+    
     private void refreshPluginProperties() {
         try {
             Map<String, Properties> newProperties = new HashMap<>(1);

auth/src/main/java/com/alibaba/nacos/auth/config/AuthErrorCode.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.auth.config;
+
+/**
+ * Auth relative error codes, start with 5000X.
+ *
+ * @author xiweng.yy
+ */
+public enum AuthErrorCode {
+    
+    /**
+     * invalid auth type.
+     */
+    INVALID_TYPE(50001,
+            "Invalid auth type, Please set `nacos.core.auth.system.type`, detail: https://nacos.io/zh-cn/docs/v2/plugin/auth-plugin.html"),
+    
+    EMPTY_IDENTITY(50002,
+            "Empty identity, Please set `nacos.core.auth.server.identity.key` and `nacos.core.auth.server.identity.value`, detail: https://nacos.io/zh-cn/docs/v2/guide/user/auth.html");
+    
+    private final Integer code;
+    
+    private final String msg;
+    
+    public Integer getCode() {
+        return code;
+    }
+    
+    public String getMsg() {
+        return msg;
+    }
+    
+    AuthErrorCode(Integer code, String msg) {
+        this.code = code;
+        this.msg = msg;
+    }
+}

console/src/main/resources/application.properties

@@ -120,8 +120,8 @@ nacos.core.auth.enable.userAgentAuthWhite=false
 
 ### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
 ### The two properties is the white list for auth and used by identity the request from other server.
-nacos.core.auth.server.identity.key=serverIdentity
+nacos.core.auth.server.identity.key=
-nacos.core.auth.server.identity.value=security
+nacos.core.auth.server.identity.value=
 
 ### worked when nacos.core.auth.system.type=nacos
 ### The token expiration in seconds:

distribution/conf/application.properties

@@ -145,8 +145,8 @@ nacos.core.auth.enable.userAgentAuthWhite=false
 
 ### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
 ### The two properties is the white list for auth and used by identity the request from other server.
-nacos.core.auth.server.identity.key=serverIdentity
+nacos.core.auth.server.identity.key=
-nacos.core.auth.server.identity.value=security
+nacos.core.auth.server.identity.value=
 
 ### worked when nacos.core.auth.system.type=nacos
 ### The token expiration in seconds:

distribution/conf/application.properties.example

@@ -154,7 +154,7 @@ nacos.core.auth.enabled=false
 nacos.core.auth.default.token.expire.seconds=18000
 
 ### The default token:
-nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789012345678901234567890123456789
+#nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789012345678901234567890123456789
 
 ### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.
 nacos.core.auth.caching.enabled=true
@@ -164,8 +164,8 @@ nacos.core.auth.enable.userAgentAuthWhite=false
 
 ### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
 ### The two properties is the white list for auth and used by identity the request from other server.
-nacos.core.auth.server.identity.key=serverIdentity
+#nacos.core.auth.server.identity.key=example
-nacos.core.auth.server.identity.value=security
+#nacos.core.auth.server.identity.value=example
 
 #*************** Istio Related Configurations ***************#
 ### If turn on the MCP server: