Merge branch 'develop' into feature_multi_tenant

config/src/main/java/com/alibaba/nacos/config/server/model/User.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.config.server.model;
+
+/**
+ * user info
+ *
+ * @author wfnuser
+ */
+public class User {
+    private String username;
+    private String password;
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+}

config/src/main/java/com/alibaba/nacos/config/server/service/PersistService.java

@@ -33,6 +33,7 @@ import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 
+import com.alibaba.nacos.config.server.model.*;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataAccessException;
@@ -53,19 +54,6 @@ import org.springframework.transaction.TransactionSystemException;
 import org.springframework.transaction.support.TransactionCallback;
 import org.springframework.transaction.support.TransactionTemplate;
 import org.springframework.util.CollectionUtils;
-import com.alibaba.nacos.config.server.model.ConfigAdvanceInfo;
-import com.alibaba.nacos.config.server.model.ConfigAllInfo;
-import com.alibaba.nacos.config.server.model.ConfigHistoryInfo;
-import com.alibaba.nacos.config.server.model.ConfigInfo;
-import com.alibaba.nacos.config.server.model.ConfigInfo4Beta;
-import com.alibaba.nacos.config.server.model.ConfigInfo4Tag;
-import com.alibaba.nacos.config.server.model.ConfigInfoAggr;
-import com.alibaba.nacos.config.server.model.ConfigInfoBase;
-import com.alibaba.nacos.config.server.model.ConfigInfoChanged;
-import com.alibaba.nacos.config.server.model.ConfigKey;
-import com.alibaba.nacos.config.server.model.Page;
-import com.alibaba.nacos.config.server.model.SubInfo;
-import com.alibaba.nacos.config.server.model.TenantInfo;
 import com.alibaba.nacos.config.server.utils.LogUtil;
 import com.alibaba.nacos.config.server.utils.MD5;
 import com.alibaba.nacos.config.server.utils.PaginationHelper;
@@ -455,6 +443,15 @@ public class PersistService {
         }
     }
 
+    static final class UserRowMapper implements RowMapper<User> {
+        public User mapRow(ResultSet rs, int rowNum) throws SQLException {
+            User user = new User();
+            user.setUsername(rs.getString("username"));
+            user.setPassword(rs.getString("password"));
+            return user;
+        }
+    }
+
     public synchronized void reload() throws IOException {
         this.dataSourceService.reload();
     }
@@ -3113,6 +3110,22 @@ public class PersistService {
         }
     }
 
+    public User findUserByUsername(String username) {
+        String sql = "SELECT username,password FROM users WHERE username=? ";
+        try {
+            return this.jt.queryForObject(sql, new Object[] {username}, USER_ROW_MAPPER);
+        } catch (CannotGetJdbcConnectionException e) {
+            fatalLog.error("[db-error] " + e.toString(), e);
+            throw e;
+        } catch (EmptyResultDataAccessException e) {
+            return null;
+        } catch (Exception e) {
+            fatalLog.error("[db-other-error]" + e.getMessage(), e);
+            throw new RuntimeException(e);
+        }
+    }
+
+
     private List<ConfigInfo> convertDeletedConfig(List<Map<String, Object>> list) {
         List<ConfigInfo> configs = new ArrayList<ConfigInfo>();
         for (Map<String, Object> map : list) {
@@ -3265,6 +3278,8 @@ public class PersistService {
 
     static final TenantInfoRowMapper TENANT_INFO_ROW_MAPPER = new TenantInfoRowMapper();
 
+    static final UserRowMapper USER_ROW_MAPPER = new UserRowMapper();
+
     static final ConfigInfoWrapperRowMapper CONFIG_INFO_WRAPPER_ROW_MAPPER = new ConfigInfoWrapperRowMapper();
 
     static final ConfigKeyRowMapper CONFIG_KEY_ROW_MAPPER = new ConfigKeyRowMapper();

config/src/main/resources/META-INF/nacos-db.sql

@@ -176,4 +176,19 @@ CREATE TABLE `tenant_info` (
   PRIMARY KEY (`id`),
   UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`),
   KEY `idx_tenant_id` (`tenant_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info';
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info';
+
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');

config/src/main/resources/META-INF/schema.sql

@@ -173,3 +173,17 @@ CREATE TABLE tenant_info (
 CREATE INDEX tenant_info_tenant_id_idx ON tenant_info(tenant_id);
 
 
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');

console/pom.xml

@@ -65,10 +65,29 @@
             <artifactId>mockito-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+        </dependency>
     </dependencies>
     <build>
         <finalName>nacos-server</finalName>
         <plugins>
+            <plugin>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>

console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java

@@ -0,0 +1,107 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.config;
+
+import com.alibaba.nacos.console.filter.JwtAuthenticationTokenFilter;
+import com.alibaba.nacos.console.security.CustomUserDetailsServiceImpl;
+import com.alibaba.nacos.console.security.JwtAuthenticationEntryPoint;
+import com.alibaba.nacos.console.utils.JwtTokenUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+/**
+ * Spring security config
+ *
+ * @author Nacos
+ */
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    public static final String AUTHORIZATION_HEADER = "Authorization";
+
+    public static final String AUTHORIZATION_TOKEN = "access_token";
+
+    public static final String SECURITY_IGNORE_URLS_SPILT_CHAR = ",";
+
+    @Autowired
+    private CustomUserDetailsServiceImpl userDetailsService;
+
+    @Autowired
+    private JwtAuthenticationEntryPoint unauthorizedHandler;
+
+    @Autowired
+    private JwtTokenUtils tokenProvider;
+
+    @Autowired
+    private Environment env;
+
+    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+    }
+
+    @Override
+    public void configure(WebSecurity web) {
+        String ignoreURLs = env.getProperty("nacos.security.ignore.urls", "/**");
+        for (String ignoreURL : ignoreURLs.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR)) {
+            web.ignoring().antMatchers(ignoreURL.trim());
+        }
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+            .authorizeRequests()
+            .anyRequest().authenticated().and()
+            // custom token authorize exception handler
+            .exceptionHandling()
+            .authenticationEntryPoint(unauthorizedHandler).and()
+            // since we use jwt, session is not necessary
+            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+            // since we use jwt, csrf is not necessary
+            .csrf().disable();
+        http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
+
+        // disable cache
+        http.headers().cacheControl();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}

console/src/main/java/com/alibaba/nacos/console/controller/AuthController.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.controller;
+
+import com.alibaba.nacos.console.config.WebSecurityConfig;
+import com.alibaba.nacos.config.server.model.RestResult;
+import com.alibaba.nacos.console.utils.JwtTokenUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * auth
+ *
+ * @author wfnuser
+ */
+@RestController("auth")
+@RequestMapping("/v1/auth")
+public class AuthController {
+
+    @Autowired
+    private JwtTokenUtils jwtTokenUtils;
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    /**
+     * Whether the Nacos is in broken states or not, and cannot recover except by being restarted
+     *
+     * @return HTTP code equal to 200 indicates that Nacos is in right states. HTTP code equal to 500 indicates that
+     * Nacos is in broken states.
+     */
+
+    @ResponseBody
+    @RequestMapping(value = "login", method = RequestMethod.POST)
+    public RestResult<String> login(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        String username = request.getParameter("username");
+        String password = request.getParameter("password");
+
+        // 通过用户名和密码创建一个 Authentication 认证对象，实现类为 UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
+        RestResult<String> rr = new RestResult<String>();
+
+        try {
+            //通过 AuthenticationManager（默认实现为ProviderManager）的authenticate方法验证 Authentication 对象
+            Authentication authentication = authenticationManager.authenticate(authenticationToken);
+            //将 Authentication 绑定到 SecurityContext
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            //生成Token
+            String token = jwtTokenUtils.createToken(authentication);
+            //将Token写入到Http头部
+            response.addHeader(WebSecurityConfig.AUTHORIZATION_HEADER, "Bearer " + token);
+            rr.setCode(200);
+            rr.setData("Bearer " + token);
+            return rr;
+        } catch (BadCredentialsException authentication) {
+            rr.setCode(401);
+            rr.setMessage("Login failed");
+            return rr;
+        }
+    }
+}

console/src/main/java/com/alibaba/nacos/console/filter/JwtAuthenticationTokenFilter.java

@@ -0,0 +1,80 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.filter;
+
+import com.alibaba.nacos.console.config.WebSecurityConfig;
+import com.alibaba.nacos.console.utils.JwtTokenUtils;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * jwt auth token filter
+ *
+ * @author wfnuser
+ */
+public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
+
+    private static final String TOKEN_PREFIX = "Bearer ";
+
+    private JwtTokenUtils tokenProvider;
+
+    public JwtAuthenticationTokenFilter(JwtTokenUtils tokenProvider) {
+        this.tokenProvider = tokenProvider;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+        String jwt = resolveToken(request);
+
+        if (!StringUtils.isEmpty(jwt.trim()) && SecurityContextHolder.getContext().getAuthentication() == null) {
+            if (this.tokenProvider.validateToken(jwt)) {
+                /**
+                 * get auth info
+                 */
+                Authentication authentication = this.tokenProvider.getAuthentication(jwt);
+                /**
+                 * save user info to securityContext
+                 */
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * Get token from header
+     */
+    private String resolveToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader(WebSecurityConfig.AUTHORIZATION_HEADER);
+        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(TOKEN_PREFIX)) {
+            return bearerToken.substring(7, bearerToken.length());
+        }
+        String jwt = request.getParameter(WebSecurityConfig.AUTHORIZATION_TOKEN);
+        if (StringUtils.hasText(jwt)) {
+            return jwt;
+        }
+        return null;
+    }
+}

console/src/main/java/com/alibaba/nacos/console/security/CustomAuthenticationProvider.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+/**
+ * auth provider
+ *
+ * @author wfnuser
+ */
+@Component
+public class CustomAuthenticationProvider implements AuthenticationProvider {
+
+    @Autowired
+    private CustomUserDetailsServiceImpl userDetailsService;
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+
+        String username = (String) authentication.getPrincipal();
+        String password = (String) authentication.getCredentials();
+        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+
+        if (!password.equals(userDetails.getPassword())) {
+            return new UsernamePasswordAuthenticationToken(username, null, null);
+        }
+        return null;
+    }
+
+    @Override
+    public boolean supports(Class<?> aClass) {
+        return aClass.equals(UsernamePasswordAuthenticationToken.class);
+    }
+
+}

console/src/main/java/com/alibaba/nacos/console/security/CustomUserDetails.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.security;
+
+import com.alibaba.nacos.config.server.model.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+
+/**
+ * custem user
+ *
+ * @author wfnuser
+ */
+public class CustomUserDetails implements UserDetails {
+
+    private User user;
+
+    public CustomUserDetails(User user) {
+        this.user = user;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        // TODO: get authorities
+        return AuthorityUtils.commaSeparatedStringToAuthorityList("");
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPassword();
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getUsername();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

console/src/main/java/com/alibaba/nacos/console/security/CustomUserDetailsServiceImpl.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.security;
+
+
+import com.alibaba.nacos.config.server.model.User;
+import com.alibaba.nacos.config.server.service.PersistService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+/**
+ * Custem user service
+ *
+ * @author wfnuser
+ */
+@Service
+public class CustomUserDetailsServiceImpl implements UserDetailsService {
+
+    @Autowired
+    private transient PersistService persistService;
+
+    @Override
+    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
+        User user = persistService.findUserByUsername(userName);
+        if (user == null) {
+            throw new UsernameNotFoundException(userName);
+        }
+        return new CustomUserDetails(user);
+    }
+}

console/src/main/java/com/alibaba/nacos/console/security/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.security;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * jwt auth fail point
+ *
+ * @author wfnuser
+ */
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationEntryPoint.class);
+
+    @Override
+    public void commence(HttpServletRequest httpServletRequest,
+                         HttpServletResponse httpServletResponse,
+                         AuthenticationException e) throws IOException, ServletException {
+        logger.error("Responding with unauthorized error. Message - {}", e.getMessage());
+        httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+    }
+}

console/src/main/java/com/alibaba/nacos/console/utils/JwtTokenUtils.java

@@ -0,0 +1,139 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.nacos.console.utils;
+
+import io.jsonwebtoken.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.PostConstruct;
+import java.util.Date;
+import java.util.List;
+
+
+/**
+ * Jwt token tool
+ *
+ * @author wfnuser
+ */
+@Component
+public class JwtTokenUtils {
+
+    private final Logger log = LoggerFactory.getLogger(JwtTokenUtils.class);
+
+    private static final String AUTHORITIES_KEY = "auth";
+
+    /**
+     * secret key
+     */
+    private String secretKey;
+
+    /**
+     * Token validity time(ms)
+     */
+    private long tokenValidityInMilliseconds;
+
+    @PostConstruct
+    public void init() {
+        this.secretKey = "SecretKey";
+        this.tokenValidityInMilliseconds = 1000 * 60 * 30L;
+    }
+
+    /**
+     * Create token
+     *
+     * @param authentication auth info
+     * @return token
+     */
+    public String createToken(Authentication authentication) {
+        /**
+         * Current time
+         */
+        long now = (new Date()).getTime();
+        /**
+         * Validity date
+         */
+        Date validity;
+        validity = new Date(now + this.tokenValidityInMilliseconds);
+
+        /**
+         * create token
+         */
+        return Jwts.builder()
+            .setSubject(authentication.getName())
+            .claim(AUTHORITIES_KEY, "")
+            .setExpiration(validity)
+            .signWith(SignatureAlgorithm.HS512, secretKey)
+            .compact();
+    }
+
+    /**
+     * Get auth Info
+     *
+     * @param token token
+     * @return auth info
+     */
+    public Authentication getAuthentication(String token) {
+        /**
+         *  parse the payload of token
+         */
+        Claims claims = Jwts.parser()
+            .setSigningKey(secretKey)
+            .parseClaimsJws(token)
+            .getBody();
+
+        List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get(AUTHORITIES_KEY));
+
+
+        User principal = new User(claims.getSubject(), "", authorities);
+        return new UsernamePasswordAuthenticationToken(principal, "", authorities);
+    }
+
+    /**
+     * validate token
+     *
+     * @param token token
+     * @return whether valid
+     */
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
+            return true;
+        } catch (SignatureException e) {
+            log.info("Invalid JWT signature.");
+            log.trace("Invalid JWT signature trace: {}", e);
+        } catch (MalformedJwtException e) {
+            log.info("Invalid JWT token.");
+            log.trace("Invalid JWT token trace: {}", e);
+        } catch (ExpiredJwtException e) {
+            log.info("Expired JWT token.");
+            log.trace("Expired JWT token trace: {}", e);
+        } catch (UnsupportedJwtException e) {
+            log.info("Unsupported JWT token.");
+            log.trace("Unsupported JWT token trace: {}", e);
+        } catch (IllegalArgumentException e) {
+            log.info("JWT token compact of handler are invalid.");
+            log.trace("JWT token compact of handler are invalid trace: {}", e);
+        }
+        return false;
+    }
+}

console/src/main/resources/META-INF/nacos-default.properties

@@ -41,8 +41,8 @@ db.url.1=jdbc:mysql://11.163.152.91:3306/diamond_devtest?characterEncoding=utf8&
 db.user=diamond_devtest
 db.password=4b9622f3f70c7677835ac5a6719e7caf
 
-
+#spring.security.enabled=false
-
+#management.security=false
-
+#security.basic.enabled=false
-enableAccessControl=false
+#nacos.security.ignore.urls=/**
-
+nacos.security.ignore.urls=/,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/login,/v1/console/health,/v1/cs/**,/v1/ns/**,/v1/cmdb/**

console/src/main/resources/META-INF/schema.sql

@@ -171,3 +171,19 @@ CREATE TABLE tenant_info (
   constraint tenant_info_id_key PRIMARY KEY (id),
   constraint uk_tenant_info_kptenantid UNIQUE (kp,tenant_id));
 CREATE INDEX tenant_info_tenant_id_idx ON tenant_info(tenant_id);
+
+
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');

console/src/main/resources/static/console-fe/build/webpack.dev.conf.js

@@ -26,7 +26,7 @@ module.exports = Object.assign({}, base, {
       context: ['/'],
       changeOrigin: true,
       secure: false,
-      target: 'http://console.nacos.io',
+      target: 'http://localhost:8848',
       pathRewrite: {'^/v1' : '/nacos/v1'}
     }],
     disableHostCheck: true,

console/src/main/resources/static/console-fe/src/globalLib.js

@@ -603,7 +603,22 @@ const request = (function(_global) {
         beforeSend(xhr) {
           config.beforeSend && config.beforeSend(xhr);
         },
+        headers: {
+          Authorization: localStorage.getItem('token'),
+        },
       })
+    ).then(
+      success => {},
+      error => {
+        // 处理403 forbidden
+        if (error && (error.status === 403 || error.status === 401)) {
+          // 跳转至login页
+          // TODO: 用 react-router 重写，改造成本比较高，这里先hack
+          const url = window.location.href;
+          const base_url = url.split('#')[0];
+          window.location = `${base_url}#/login`;
+        }
+      }
     );
   }
   // 暴露方法

console/src/main/resources/static/console-fe/src/index.js

@@ -30,6 +30,7 @@ import Layout from './layouts/MainLayout';
 import CookieHelp from './utils/cookie';
 import { LANGUAGE_KEY, REDUX_DEVTOOLS } from './constants';
 
+import Login from './pages/Login';
 import Namespace from './pages/NameSpace';
 import Newconfig from './pages/ConfigurationManagement/NewConfig';
 import Configsync from './pages/ConfigurationManagement/ConfigSync';
@@ -111,13 +112,15 @@ class App extends React.Component {
   get router() {
     return (
       <HashRouter>
-        <Layout navList={_menu.data}>
+        <Switch>
-          <Switch>
+          <Route path="/login" component={Login} />
+
+          <Layout navList={_menu.data}>
             {MENU.map(item => (
               <Route key={item.path} {...item} />
             ))}
-          </Switch>
+          </Layout>
-        </Layout>
+        </Switch>
       </HashRouter>
     );
   }

console/src/main/resources/static/console-fe/src/layouts/Header.js

@@ -12,14 +12,16 @@
  */
 
 import React from 'react';
+import { withRouter } from 'react-router-dom';
 import PropTypes from 'prop-types';
 import { connect } from 'react-redux';
-import { ConfigProvider } from '@alifd/next';
+import { ConfigProvider, Dropdown, Menu } from '@alifd/next';
 import siteConfig from '../config';
 import { changeLanguage } from '@/reducers/locale';
 
 import './index.scss';
 
+@withRouter
 @connect(
   state => ({ ...state.locale }),
   { changeLanguage }
@@ -40,8 +42,29 @@ class Header extends React.Component {
     changeLanguage(currentLanguage);
   };
 
+  logout = () => {
+    window.localStorage.clear();
+    this.props.history.push('/login');
+  };
+
+  getUsername = () => {
+    const token = window.localStorage.getItem('token');
+    if (token) {
+      const base64Url = token.split('.')[1];
+      const base64 = base64Url.replace('-', '+').replace('_', '/');
+      const parsedToken = JSON.parse(window.atob(base64));
+      console.log(parsedToken);
+      return parsedToken.sub;
+    }
+    return '';
+  };
+
   render() {
-    const { locale = {}, language = 'en-US' } = this.props;
+    const {
+      locale = {},
+      language = 'en-us',
+      location: { pathname },
+    } = this.props;
     const { home, docs, blog, community, languageSwitchButton } = locale;
     const BASE_URL = `https://nacos.io/${language.toLocaleLowerCase()}/`;
     const NAV_MENU = [
@@ -65,6 +88,14 @@ class Header extends React.Component {
               title={siteConfig.name}
             />
           </a>
+          {/* if is login page, we will show logout */}
+          {pathname !== '/login' && (
+            <Dropdown trigger={<div className="logout">{this.getUsername()}</div>}>
+              <Menu>
+                <Menu.Item onClick={this.logout}>{locale.logout}</Menu.Item>
+              </Menu>
+            </Dropdown>
+          )}
           <span className="language-switch language-switch-primary" onClick={this.switchLang}>
             {languageSwitchButton}
           </span>

console/src/main/resources/static/console-fe/src/layouts/index.scss

@@ -18,7 +18,6 @@
   width: 100%;
   z-index: 1000;
   background-color: #fff;
-  border-bottom: 1px solid #eee;
 }
 .header-container-primary {
   background: #252a2f;
@@ -99,6 +98,13 @@
   font-size: 14px;
   opacity: 0.6;
 }
+.header-container .header-body .logout {
+  float: right;
+  color: #fff;
+  opacity: 0.6;
+  font-family: Avenir-Medium;
+  margin-right: 40px;
+}
 .header-container .header-body .language-switch:hover {
   opacity: 1;
 }

console/src/main/resources/static/console-fe/src/locales/en-US.js

@@ -18,6 +18,16 @@ const I18N_CONF = {
     blog: 'BLOG',
     community: 'COMMUNITY',
     languageSwitchButton: '中',
+    logout: 'logout',
+    passwordRequired: 'password should not be empty',
+    usernameRequired: 'username should not be empty',
+  },
+  Login: {
+    login: 'Login',
+    submit: 'Submit',
+    pleaseInputUsername: 'Please input username',
+    pleaseInputPassword: 'Please input password',
+    invalidUsernameOrPassword: 'invalid username or password',
   },
   MainLayout: {
     nacosName: 'NACOS',

console/src/main/resources/static/console-fe/src/locales/zh-CN.js

@@ -18,6 +18,16 @@ const I18N_CONF = {
     blog: '博客',
     community: '社区',
     languageSwitchButton: 'En',
+    logout: '登出',
+  },
+  Login: {
+    login: '登录',
+    submit: '提交',
+    pleaseInputUsername: '请输入用户名',
+    pleaseInputPassword: '请输入密码',
+    invalidUsernameOrPassword: '用户名或密码错误',
+    passwordRequired: '密码不能为空',
+    usernameRequired: '用户名不能为空',
   },
   MainLayout: {
     nacosName: 'NACOS',

console/src/main/resources/static/console-fe/src/pages/Login/Login.jsx

@@ -0,0 +1,120 @@
+import React from 'react';
+import { Card, Form, Input, Message, ConfigProvider, Field } from '@alifd/next';
+import { withRouter } from 'react-router-dom';
+
+import './index.scss';
+import Header from '../../layouts/Header';
+import { request } from '../../globalLib';
+
+const FormItem = Form.Item;
+
+@withRouter
+@ConfigProvider.config
+class Login extends React.Component {
+  static displayName = 'Login';
+
+  constructor(props) {
+    super(props);
+    this.field = new Field(this);
+  }
+
+  handleSubmit = () => {
+    const { locale = {} } = this.props;
+    this.field.validate((errors, values) => {
+      if (errors) {
+        return;
+      }
+      request({
+        type: 'post',
+        url: 'v1/auth/login',
+        data: values,
+        success: res => {
+          if (res.code === 200) {
+            const data = res.data;
+            // TODO: 封装一个方法存储、读取token
+            localStorage.setItem('token', data);
+            // TODO: 使用react router
+            this.props.history.push('/');
+          }
+          if (res.code === 401) {
+            Message.error({
+              content: locale.invalidUsernameOrPassword,
+            });
+          }
+        },
+        error: () => {
+          Message.error({
+            content: locale.invalidUsernameOrPassword,
+          });
+        },
+      });
+    });
+  };
+
+  render() {
+    const { locale = {} } = this.props;
+
+    return (
+      <div className="home-page">
+        <Header />
+        <section
+          className="top-section"
+          style={{
+            background: 'url(img/black_dot.png) repeat',
+            backgroundSize: '14px 14px',
+          }}
+        >
+          <div className="vertical-middle product-area">
+            <img className="product-logo" src="img/nacos.png" />
+            <p className="product-desc">
+              an easy-to-use dynamic service discovery, configuration and service management
+              platform for building cloud native applications
+            </p>
+          </div>
+          <div className="animation animation1" />
+          <div className="animation animation2" />
+          <div className="animation animation3" />
+          <div className="animation animation4" />
+          <div className="animation animation5" />
+          <Card className="login-panel" contentHeight="auto">
+            <div className="login-header">{locale.login}</div>
+            <Form className="login-form" field={this.field}>
+              <FormItem>
+                <Input
+                  {...this.field.init('username', {
+                    rules: [
+                      {
+                        required: true,
+                        message: locale.usernameRequired,
+                      },
+                    ],
+                  })}
+                  placeholder={locale.pleaseInputUsername}
+                />
+              </FormItem>
+              <FormItem>
+                <Input
+                  htmlType="password"
+                  placeholder={locale.pleaseInputPassword}
+                  {...this.field.init('password', {
+                    rules: [
+                      {
+                        required: true,
+                        message: locale.passwordRequired,
+                      },
+                    ],
+                  })}
+                />
+              </FormItem>
+              <FormItem label=" ">
+                <Form.Submit onClick={this.handleSubmit}>{locale.submit}</Form.Submit>
+              </FormItem>
+            </Form>
+          </Card>
+        </section>
+      </div>
+    );
+  }
+}
+
+export default Login;

console/src/main/resources/static/console-fe/src/pages/Login/index.jsx

@@ -0,0 +1,16 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import Login from './Login';
+
+export default Login;

console/src/main/resources/static/console-fe/src/pages/Login/index.scss

@@ -0,0 +1,108 @@
+$animationDuration: 2s;
+
+// 品牌色
+$brandColor: #2e3034;
+$mobileWidth: 640px;
+// 页面主体最大宽度
+$contentWidth: 1280px;
+
+@keyframes slashStar {
+  0% {
+    opacity: 1;
+  }
+
+  100% {
+    opacity: 0;
+  }
+}
+
+.home-page {
+  .top-section {
+    position: relative;
+    height: 100vh;
+    .login-panel {
+      position: absolute;
+      right: 40px;
+      width: 480px;
+      height: 540px;
+      top: 90px;
+      .login-header {
+        width: 100%;
+        line-height: 45px;
+        font-size: 32px;
+        margin-top: 58px;
+        text-align: center;
+      }
+      .login-form {
+        width: 360px;
+        margin: 80px auto auto auto;
+        input {
+          height: 60px;
+        }
+        button {
+          width: 100%;
+          height: 60px;
+          background: #4190ff 100%;
+          color: white;
+        }
+      }
+    }
+    .animation {
+      position: absolute;
+      width: 6px;
+      height: 6px;
+      border-radius: 50%;
+      background-color: #1be1f6;
+      &1 {
+        left: 15%;
+        top: 70%;
+        animation: slashStar $animationDuration ease-in-out 0.3s infinite;
+      }
+      &2 {
+        left: 34%;
+        top: 35%;
+        animation: slashStar $animationDuration ease-in-out 1.2s infinite;
+      }
+      &3 {
+        left: 53%;
+        top: 20%;
+        animation: slashStar $animationDuration ease-in-out 0.5s infinite;
+      }
+      &4 {
+        left: 72%;
+        top: 64%;
+        animation: slashStar $animationDuration ease-in-out 0.8s infinite;
+      }
+      &5 {
+        left: 87%;
+        top: 30%;
+        animation: slashStar $animationDuration ease-in-out 1.5s infinite;
+      }
+    }
+    .vertical-middle {
+      position: absolute;
+      left: 0;
+      top: 50%;
+      transform: translateY(-50%);
+    }
+    .product-area {
+      width: 431px;
+      margin-left: 40px;
+    }
+    .product-logo {
+      display: block;
+      width: 257px;
+      height: 50px;
+      margin: 0;
+    }
+    .product-desc {
+      opacity: 0.8;
+      font-family: Avenir-Medium;
+      font-size: 24px;
+      color: #fff;
+      max-width: 780px;
+      margin: 12px auto 30px;
+      text-align: left;
+    }
+  }
+}

console/src/main/resources/static/login.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>登录</title>
+</head>
+<body>
+<h3>登录</h3>
+<form action="/nacos/login" method="post">
+    <table>
+        <tr>
+            <td>用户名:</td>
+            <td><input type="text" name="username"></td>
+        </tr>
+        <tr>
+            <td>密码:</td>
+            <td><input type="password" name="password"></td>
+        </tr>
+        <tr>
+            <td colspan="2">
+                <button type="submit">登录</button>
+            </td>
+        </tr>
+    </table>
+</form>
+</body>
+</html>

core/src/main/resources/banner.txt

@@ -1,7 +1,7 @@
 
          ,--.
        ,--.'|
-   ,--,:  : |                                           Nacos 0.7.0
+   ,--,:  : |                                           Nacos ${application.version}
 ,`--.'`|  ' :                       ,---.               Running in ${nacos.mode} mode
 |   :  :  | |                      '   ,'\   .--.--.    Port: ${server.port}
 :   |   \ | :  ,--.--.     ,---.  /   /   | /  /    '   Pid: ${pid}

distribution/conf/nacos-mysql.sql

@@ -177,3 +177,18 @@ CREATE TABLE `tenant_info` (
   UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`),
   KEY `idx_tenant_id` (`tenant_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info';
+
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');

distribution/conf/schema.sql

@@ -171,3 +171,18 @@ CREATE TABLE tenant_info (
   constraint tenant_info_id_key PRIMARY KEY (id),
   constraint uk_tenant_info_kptenantid UNIQUE (kp,tenant_id));
 CREATE INDEX tenant_info_tenant_id_idx ON tenant_info(tenant_id);
+
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');

pom.xml

@@ -235,18 +235,8 @@
                         <exclude>REPORTING-BUGS.md</exclude>
                         <exclude>README.md</exclude>
                         <exclude>.github/**/*</exclude>
-                        <exclude>src/main/resources/*/*/*</exclude>
+                        <exclude>src/main/resources/**</exclude>
-                        <exclude>src/main/resources/*/*</exclude>
+                        <exclude>src/test/**</exclude>
-                        <exclude>src/main/resources/*</exclude>
-                        <exclude>src/test/resources/*</exclude>
-                        <exclude>src/main/resources/static/**/*.js</exclude>
-                        <exclude>src/main/resources/**/*.svg</exclude>
-                        <exclude>src/main/resources/static/css/*</exclude>
-                        <exclude>src/main/resources/static/js/*</exclude>
-                        <exclude>src/main/resources/static/console-fe/public/css/console1412.css</exclude>
-                        <exclude>src/main/resources/static/console-fe/public/js/vs/editor/editor.main.css</exclude>
-                        <exclude>src/main/resources/static/console-fe/dist/js/vs/editor/editor.main.css</exclude>
-                        <exclude>src/main/resources/static/console-fe/dist/*/*</exclude>
                         <exclude>bin/*</exclude>
                         <exclude>conf/*</exclude>
                         <exclude>derby.log</exclude>
@@ -707,6 +697,12 @@
                 <version>3.1.3</version>
             </dependency>
 
+            <dependency>
+                <groupId>io.jsonwebtoken</groupId>
+                <artifactId>jjwt</artifactId>
+                <version>0.9.1</version>
+            </dependency>
+
             <dependency>
                 <groupId>io.netty</groupId>
                 <artifactId>netty-all</artifactId>
@@ -731,6 +727,7 @@
                 <version>1.2</version>
             </dependency>
 
+
         </dependencies>
     </dependencyManagement>
 </project>

test/src/test/resources/schema.sql

@@ -159,3 +159,17 @@ CREATE TABLE tenant_capacity (
   constraint tenant_capacity_id_key PRIMARY KEY (id),
   constraint uk_tenant_id UNIQUE (tenant_id));
 
+CREATE TABLE users (
+	username varchar(50) NOT NULL PRIMARY KEY,
+	password varchar(500) NOT NULL,
+	enabled boolean NOT NULL
+);
+
+CREATE TABLE roles (
+	username varchar(50) NOT NULL,
+	role varchar(50) NOT NULL
+);
+
+INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE);
+
+INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');