geg-gas/nacos-server-kingbase
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

----初始化项目

Browse Source
This commit is contained in:
张福财
2025-09-19 20:49:14 +08:00
parent b345d2828d
commit df7765c400
2867 changed files with 359313 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
auth/pom.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 1999-2018 Alibaba Group Holding Ltd.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-all</artifactId>
<version>${revision}</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>nacos-auth</artifactId>
<packaging>jar</packaging>
<name>nacos-auth ${project.version}</name>
<url>https://nacos.io</url>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>nacos-common</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-auth-plugin</artifactId>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>nacos-sys</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</dependency>
</dependencies>
</project>

106
auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java Normal file
View File

@ -0,0 +1,106 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.auth.util.Loggers;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginManager;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
import java.util.Optional;
/**
* Abstract protocol auth service.
*
* <p>Implement #validateIdentity and #validateAuthority method template.
*
* @author xiweng.yy
*/
public abstract class AbstractProtocolAuthService<R> implements ProtocolAuthService<R> {
protected final AuthConfigs authConfigs;
protected AbstractProtocolAuthService(AuthConfigs authConfigs) {
this.authConfigs = authConfigs;
}
@Override
public boolean enableAuth(Secured secured) {
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
if (authPluginService.isPresent()) {
return authPluginService.get().enableAuth(secured.action(), secured.signType());
}
Loggers.AUTH.warn("Can't find auth plugin for type {}, please add plugin to classpath or set {} as false",
authConfigs.getNacosAuthSystemType(), Constants.Auth.NACOS_CORE_AUTH_ENABLED);
return false;
}
@Override
public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
if (authPluginService.isPresent()) {
return authPluginService.get().validateIdentity(identityContext, resource);
}
return true;
}
@Override
public boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException {
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
if (authPluginService.isPresent()) {
return authPluginService.get().validateAuthority(identityContext, permission);
}
return true;
}
/**
* Get resource from secured annotation specified resource.
*
* @param secured secured annotation
* @return resource
*/
protected Resource parseSpecifiedResource(Secured secured) {
return new Resource(null, null, secured.resource(), SignType.SPECIFIED, null);
}
/**
* Parse resource by specified resource parser.
*
* @param secured secured annotation
* @param request request
* @return resource
*/
protected Resource useSpecifiedParserToParse(Secured secured, R request) {
try {
return secured.parser().newInstance().parse(request, secured);
} catch (Exception e) {
Loggers.AUTH.error("Use specified resource parser {} parse resource failed.",
secured.parser().getCanonicalName(), e);
return Resource.EMPTY_RESOURCE;
}
}
}

76
auth/src/main/java/com/alibaba/nacos/auth/GrpcProtocolAuthService.java Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.auth.context.GrpcIdentityContextBuilder;
import com.alibaba.nacos.auth.parser.grpc.AbstractGrpcResourceParser;
import com.alibaba.nacos.auth.parser.grpc.ConfigGrpcResourceParser;
import com.alibaba.nacos.auth.parser.grpc.NamingGrpcResourceParser;
import com.alibaba.nacos.auth.util.Loggers;
import com.alibaba.nacos.common.utils.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* Auth Service for Grpc protocol.
*
* @author xiweng.yy
*/
public class GrpcProtocolAuthService extends AbstractProtocolAuthService<Request> {
private final Map<String, AbstractGrpcResourceParser> resourceParserMap;
private final GrpcIdentityContextBuilder identityContextBuilder;
public GrpcProtocolAuthService(AuthConfigs authConfigs) {
super(authConfigs);
resourceParserMap = new HashMap<>(2);
identityContextBuilder = new GrpcIdentityContextBuilder(authConfigs);
}
@Override
public void initialize() {
resourceParserMap.put(SignType.NAMING, new NamingGrpcResourceParser());
resourceParserMap.put(SignType.CONFIG, new ConfigGrpcResourceParser());
}
@Override
public Resource parseResource(Request request, Secured secured) {
if (StringUtils.isNotBlank(secured.resource())) {
return parseSpecifiedResource(secured);
}
String type = secured.signType();
AbstractGrpcResourceParser parser = resourceParserMap.get(type);
if (parser == null) {
Loggers.AUTH.warn("Can't find Grpc request resourceParser for type {}", type);
return useSpecifiedParserToParse(secured, request);
}
return parser.parse(request, secured);
}
@Override
public IdentityContext parseIdentity(Request request) {
return identityContextBuilder.build(request);
}
}

75
auth/src/main/java/com/alibaba/nacos/auth/HttpProtocolAuthService.java Normal file
View File

@ -0,0 +1,75 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.auth.context.HttpIdentityContextBuilder;
import com.alibaba.nacos.auth.parser.http.AbstractHttpResourceParser;
import com.alibaba.nacos.auth.parser.http.ConfigHttpResourceParser;
import com.alibaba.nacos.auth.parser.http.NamingHttpResourceParser;
import com.alibaba.nacos.auth.util.Loggers;
import com.alibaba.nacos.common.utils.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
/**
* Auth Service for Http protocol.
*
* @author xiweng.yy
*/
public class HttpProtocolAuthService extends AbstractProtocolAuthService<HttpServletRequest> {
private final Map<String, AbstractHttpResourceParser> resourceParserMap;
private final HttpIdentityContextBuilder identityContextBuilder;
public HttpProtocolAuthService(AuthConfigs authConfigs) {
super(authConfigs);
resourceParserMap = new HashMap<>(2);
identityContextBuilder = new HttpIdentityContextBuilder(authConfigs);
}
@Override
public void initialize() {
resourceParserMap.put(SignType.NAMING, new NamingHttpResourceParser());
resourceParserMap.put(SignType.CONFIG, new ConfigHttpResourceParser());
}
@Override
public Resource parseResource(HttpServletRequest request, Secured secured) {
if (StringUtils.isNotBlank(secured.resource())) {
return parseSpecifiedResource(secured);
}
String type = secured.signType();
if (!resourceParserMap.containsKey(type)) {
Loggers.AUTH.warn("Can't find Http request resourceParser for type {} use specified resource parser", type);
return useSpecifiedParserToParse(secured, request);
}
return resourceParserMap.get(type).parse(request, secured);
}
@Override
public IdentityContext parseIdentity(HttpServletRequest request) {
return identityContextBuilder.build(request);
}
}

88
auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
/**
* Protocol auth service.
*
* @author xiweng.yy
*/
public interface ProtocolAuthService<R> {
/**
* Init protocol auth service.
*/
void initialize();
/**
* Judgement whether enable auth feature according to secured information.
* <p>
* configuration authEnabled in {@link com.alibaba.nacos.auth.config.AuthConfigs} is the main switch.
* If authEnabled is {@code false}, this method and other follow methods should not be called.
*
* This method is only for plugin to judge whether auth this {@link Secured}.
* For example, plugins can only auth for write action or only for naming type request.
* </p>
*
* @param secured secured information
* @return {@code true} if enable auth, otherwise {@code false}
*/
boolean enableAuth(Secured secured);
/**
* Parse resource from protocol request and secured annotation.
*
* @param request protocol request
* @param secured api secured annotation
* @return resource
*/
Resource parseResource(R request, Secured secured);
/**
* Parse identity context from protocol request.
*
* @param request protocol request
* @return identity context
*/
IdentityContext parseIdentity(R request);
/**
* Validate identity whether is legal.
*
* @param identityContext identity context
* @param resource resource
* @return {@code true} if legal, otherwise {@code false}
* @throws AccessException exception during validating
*/
boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException;
/**
* Validate identity whether had permission for the resource and action.
*
* @param identityContext identity context
* @param permission permission include resource and action
* @return {@code true} if legal, otherwise {@code false}
* @throws AccessException exception during validating
*/
boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException;
}

73
auth/src/main/java/com/alibaba/nacos/auth/annotation/Secured.java Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.annotation;
import com.alibaba.nacos.auth.parser.DefaultResourceParser;
import com.alibaba.nacos.auth.parser.ResourceParser;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
/**
* Annotation indicating that the annotated request should be authorized.
*
* @author nkorange
* @author mai.jh
* @since 1.2.0
*/
@Retention(RetentionPolicy.RUNTIME)
public @interface Secured {
/**
* The action type of the request.
*
* @return action type, default READ
*/
ActionTypes action() default ActionTypes.READ;
/**
* The name of resource related to the request.
*
* @return resource name
*/
String resource() default StringUtils.EMPTY;
/**
* The module of resource related to the request.
*
* @return module name
*/
String signType() default SignType.NAMING;
/**
* Custom resource parser. Should have lower priority than resource() and typed parser.
*
* @return class type of resource parser
*/
Class<? extends ResourceParser> parser() default DefaultResourceParser.class;
/**
* Specified tags for this secured, these tags will be injected into {@link com.alibaba.nacos.plugin.auth.api.Resource}
* as the keys and values of properties.
*
* @return tags
*/
String[] tags() default {};
}

203
auth/src/main/java/com/alibaba/nacos/auth/config/AuthConfigs.java Normal file
View File

@ -0,0 +1,203 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.config;
import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.common.JustForTest;
import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
import com.alibaba.nacos.common.notify.Event;
import com.alibaba.nacos.common.notify.NotifyCenter;
import com.alibaba.nacos.common.notify.listener.Subscriber;
import com.alibaba.nacos.common.utils.ConvertUtils;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.sys.module.ModuleState;
import com.alibaba.nacos.sys.module.ModuleStateHolder;
import com.alibaba.nacos.sys.utils.PropertiesUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import javax.annotation.PostConstruct;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
/**
* Auth related configurations.
*
* @author nkorange
* @author mai.jh
* @since 1.2.0
*/
@Configuration
public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
private static final Logger LOGGER = LoggerFactory.getLogger(AuthConfigs.class);
private static final String PREFIX = "nacos.core.auth.plugin";
@JustForTest
private static Boolean cachingEnabled = null;
/**
* Whether auth enabled.
*/
@Value("${" + Constants.Auth.NACOS_CORE_AUTH_ENABLED + ":false}")
private boolean authEnabled;
/**
* Which auth system is in use.
*/
@Value("${" + Constants.Auth.NACOS_CORE_AUTH_SYSTEM_TYPE + ":}")
private String nacosAuthSystemType;
@Value("${" + Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_KEY + ":}")
private String serverIdentityKey;
@Value("${" + Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_VALUE + ":}")
private String serverIdentityValue;
@Value("${" + Constants.Auth.NACOS_CORE_AUTH_ENABLE_USER_AGENT_AUTH_WHITE + ":false}")
private boolean enableUserAgentAuthWhite;
private Map<String, Properties> authPluginProperties = new HashMap<>();
public AuthConfigs() {
NotifyCenter.registerSubscriber(this);
refreshPluginProperties();
}
/**
* Validate auth config.
*
* @throws NacosException If the config is not valid.
*/
@PostConstruct
public void validate() throws NacosException {
if (!authEnabled) {
return;
}
if (StringUtils.isEmpty(nacosAuthSystemType)) {
throw new NacosException(AuthErrorCode.INVALID_TYPE.getCode(), AuthErrorCode.INVALID_TYPE.getMsg());
}
if (EnvUtil.getStandaloneMode()) {
return;
}
if (StringUtils.isEmpty(serverIdentityKey) || StringUtils.isEmpty(serverIdentityValue)) {
throw new NacosException(AuthErrorCode.EMPTY_IDENTITY.getCode(), AuthErrorCode.EMPTY_IDENTITY.getMsg());
}
}
private void refreshPluginProperties() {
try {
Map<String, Properties> newProperties = new HashMap<>(1);
Properties properties = PropertiesUtil.getPropertiesWithPrefix(EnvUtil.getEnvironment(), PREFIX);
if (properties != null) {
for (String each : properties.stringPropertyNames()) {
int typeIndex = each.indexOf('.');
String type = each.substring(0, typeIndex);
String subKey = each.substring(typeIndex + 1);
newProperties.computeIfAbsent(type, key -> new Properties())
.setProperty(subKey, properties.getProperty(each));
}
}
authPluginProperties = newProperties;
} catch (Exception e) {
LOGGER.warn("Refresh plugin properties failed ", e);
}
}
public String getNacosAuthSystemType() {
return nacosAuthSystemType;
}
public String getServerIdentityKey() {
return serverIdentityKey;
}
public String getServerIdentityValue() {
return serverIdentityValue;
}
public boolean isEnableUserAgentAuthWhite() {
return enableUserAgentAuthWhite;
}
/**
* auth function is open.
*
* @return auth function is open
*/
public boolean isAuthEnabled() {
return authEnabled;
}
/**
* Whether permission information can be cached.
*
* @return bool
*/
public boolean isCachingEnabled() {
if (Objects.nonNull(AuthConfigs.cachingEnabled)) {
return cachingEnabled;
}
return ConvertUtils.toBoolean(EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_CACHING_ENABLED, "true"));
}
public Properties getAuthPluginProperties(String authType) {
if (!authPluginProperties.containsKey(authType)) {
LOGGER.warn("Can't find properties for type {}, will use empty properties", authType);
return new Properties();
}
return authPluginProperties.get(authType);
}
@JustForTest
public static void setCachingEnabled(boolean cachingEnabled) {
AuthConfigs.cachingEnabled = cachingEnabled;
}
@Override
public void onEvent(ServerConfigChangeEvent event) {
try {
authEnabled = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_ENABLED, Boolean.class, false);
cachingEnabled = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_CACHING_ENABLED, Boolean.class, true);
serverIdentityKey = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_KEY, "");
serverIdentityValue = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_VALUE, "");
enableUserAgentAuthWhite = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_ENABLE_USER_AGENT_AUTH_WHITE,
Boolean.class, false);
nacosAuthSystemType = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SYSTEM_TYPE, "");
refreshPluginProperties();
ModuleStateHolder.getInstance().getModuleState(AuthModuleStateBuilder.AUTH_MODULE)
.ifPresent(moduleState -> {
ModuleState temp = new AuthModuleStateBuilder().build();
moduleState.getStates().putAll(temp.getStates());
});
} catch (Exception e) {
LOGGER.warn("Upgrade auth config from env failed, use old value", e);
}
}
@Override
public Class<? extends Event> subscribeType() {
return ServerConfigChangeEvent.class;
}
}

51
auth/src/main/java/com/alibaba/nacos/auth/config/AuthErrorCode.java Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.config;
/**
* Auth relative error codes, start with 5000X.
*
* @author xiweng.yy
*/
public enum AuthErrorCode {
/**
* invalid auth type.
*/
INVALID_TYPE(50001,
"Invalid auth type, Please set `nacos.core.auth.system.type`, detail: https://nacos.io/zh-cn/docs/v2/plugin/auth-plugin.html"),
EMPTY_IDENTITY(50002,
"Empty identity, Please set `nacos.core.auth.server.identity.key` and `nacos.core.auth.server.identity.value`, detail: https://nacos.io/zh-cn/docs/v2/guide/user/auth.html");
private final Integer code;
private final String msg;
public Integer getCode() {
return code;
}
public String getMsg() {
return msg;
}
AuthErrorCode(Integer code, String msg) {
this.code = code;
this.msg = msg;
}
}

57
auth/src/main/java/com/alibaba/nacos/auth/config/AuthModuleStateBuilder.java Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.config;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginManager;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
import com.alibaba.nacos.sys.module.ModuleState;
import com.alibaba.nacos.sys.module.ModuleStateBuilder;
import com.alibaba.nacos.sys.utils.ApplicationUtils;
import java.util.Optional;
/**
* Module state builder for auth module.
*
* @author xiweng.yy
*/
public class AuthModuleStateBuilder implements ModuleStateBuilder {
public static final String AUTH_MODULE = "auth";
public static final String AUTH_ENABLED = "auth_enabled";
public static final String LOGIN_PAGE_ENABLED = "login_page_enabled";
public static final String AUTH_SYSTEM_TYPE = "auth_system_type";
@Override
public ModuleState build() {
ModuleState result = new ModuleState(AUTH_MODULE);
AuthConfigs authConfigs = ApplicationUtils.getBean(AuthConfigs.class);
result.newState(AUTH_ENABLED, authConfigs.isAuthEnabled());
result.newState(LOGIN_PAGE_ENABLED, isLoginPageEnabled(authConfigs));
result.newState(AUTH_SYSTEM_TYPE, authConfigs.getNacosAuthSystemType());
return result;
}
private Boolean isLoginPageEnabled(AuthConfigs authConfigs) {
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
return authPluginService.map(AuthPluginService::isLoginEnabled).orElse(false);
}
}

73
auth/src/main/java/com/alibaba/nacos/auth/context/GrpcIdentityContextBuilder.java Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.context;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginManager;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
/**
* Identity context builder for Grpc.
*
* @author Nacos
*/
public class GrpcIdentityContextBuilder implements IdentityContextBuilder<Request> {
private final AuthConfigs authConfigs;
public GrpcIdentityContextBuilder(AuthConfigs authConfigs) {
this.authConfigs = authConfigs;
}
/**
* get identity context from grpc.
*
* @param request grpc request
* @return IdentityContext request context
*/
@Override
public IdentityContext build(Request request) {
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
IdentityContext result = new IdentityContext();
getRemoteIp(request, result);
if (!authPluginService.isPresent()) {
return result;
}
Set<String> identityNames = new HashSet<>(authPluginService.get().identityNames());
Map<String, String> map = request.getHeaders();
for (Map.Entry<String, String> entry : map.entrySet()) {
if (identityNames.contains(entry.getKey())) {
result.setParameter(entry.getKey(), entry.getValue());
}
}
return result;
}
private void getRemoteIp(Request request, IdentityContext result) {
result.setParameter(Constants.Identity.REMOTE_IP, request.getHeader(Constants.Identity.X_REAL_IP));
}
}

109
auth/src/main/java/com/alibaba/nacos/auth/context/HttpIdentityContextBuilder.java Normal file
View File

@ -0,0 +1,109 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.context;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginManager;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;
import java.util.Map;
import java.util.Optional;
import java.util.TreeMap;
/**
* Identity context builder for HTTP.
*
* @author Nacos
*/
public class HttpIdentityContextBuilder implements IdentityContextBuilder<HttpServletRequest> {
private static final String X_FORWARDED_FOR = "X-Forwarded-For";
private static final String X_FORWARDED_FOR_SPLIT_SYMBOL = ",";
private final AuthConfigs authConfigs;
public HttpIdentityContextBuilder(AuthConfigs authConfigs) {
this.authConfigs = authConfigs;
}
/**
* get identity context from http.
*
* @param request user request
* @return IdentityContext from request context
*/
@Override
public IdentityContext build(HttpServletRequest request) {
IdentityContext result = new IdentityContext();
getRemoteIp(request, result);
Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
.findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
if (!authPluginService.isPresent()) {
return result;
}
// According to RFC2616, HTTP header and URI is case-insensitive, so use tree map with CASE_INSENSITIVE_ORDER
// to match the identity key and save the real key in map value.
Map<String, String> identityNames = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
for (String each : authPluginService.get().identityNames()) {
identityNames.put(each, each);
}
getIdentityFromHeader(request, result, identityNames);
getIdentityFromParameter(request, result, identityNames);
return result;
}
private void getIdentityFromHeader(HttpServletRequest request, IdentityContext result,
Map<String, String> identityNames) {
Enumeration<String> headerEnu = request.getHeaderNames();
while (headerEnu.hasMoreElements()) {
String paraName = headerEnu.nextElement();
if (identityNames.containsKey(paraName)) {
result.setParameter(identityNames.get(paraName), request.getHeader(paraName));
}
}
}
private void getIdentityFromParameter(HttpServletRequest request, IdentityContext result,
Map<String, String> identityNames) {
Enumeration<String> paramEnu = request.getParameterNames();
while (paramEnu.hasMoreElements()) {
String paraName = paramEnu.nextElement();
if (identityNames.containsKey(paraName)) {
result.setParameter(identityNames.get(paraName), request.getParameter(paraName));
}
}
}
private void getRemoteIp(HttpServletRequest request, IdentityContext result) {
String remoteIp = StringUtils.EMPTY;
String xForwardedFor = request.getHeader(X_FORWARDED_FOR);
if (!StringUtils.isBlank(xForwardedFor)) {
remoteIp = xForwardedFor.split(X_FORWARDED_FOR_SPLIT_SYMBOL)[0].trim();
}
if (StringUtils.isBlank(remoteIp)) {
String nginxHeader = request.getHeader(Constants.Identity.X_REAL_IP);
remoteIp = StringUtils.isBlank(nginxHeader) ? request.getRemoteAddr() : nginxHeader;
}
result.setParameter(Constants.Identity.REMOTE_IP, remoteIp);
}
}

35
auth/src/main/java/com/alibaba/nacos/auth/context/IdentityContextBuilder.java Normal file
View File

@ -0,0 +1,35 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.context;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
/**
* Identify context.
*
* @author wuyfee
*/
public interface IdentityContextBuilder<T> {
/**
* build identity context from request.
* @param request user request
* @return IdentityContext from request context
*/
IdentityContext build(T request);
}

88
auth/src/main/java/com/alibaba/nacos/auth/parser/AbstractResourceParser.java Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import java.util.Properties;
/**
* Abstract Resource parser.
*
* @author xiweng.yy
* @since 2.1.0
*/
public abstract class AbstractResourceParser<R> implements ResourceParser<R> {
@Override
public Resource parse(R request, Secured secured) {
String namespaceId = getNamespaceId(request);
String group = getGroup(request);
String name = getResourceName(request);
Properties properties = getProperties(request);
String action = secured.action().toString();
properties.putIfAbsent(Constants.Resource.ACTION, action);
injectTagsToProperties(properties, secured);
return new Resource(namespaceId, group, name, secured.signType(), properties);
}
/**
* Get namespaceId from request.
*
* @param request request
* @return namespaceId
*/
protected abstract String getNamespaceId(R request);
/**
* Get group name from request.
*
* @param request request
* @return group name
*/
protected abstract String getGroup(R request);
/**
* Get resource name from request.
*
* @param request request
* @return resource name
*/
protected abstract String getResourceName(R request);
/**
* Get custom properties from request.
*
* @param request request
* @return custom properties
*/
protected abstract Properties getProperties(R request);
/**
* Inject tags defined in {@link Secured#tags()} into Resource properties, both key and value.
*
* @param properties properties in resource
* @param secured secured
*/
protected void injectTagsToProperties(Properties properties, Secured secured) {
for (String each : secured.tags()) {
properties.put(each, each);
}
}
}

35
auth/src/main/java/com/alibaba/nacos/auth/parser/DefaultResourceParser.java Normal file
View File

@ -0,0 +1,35 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.Resource;
/**
* Default resource parser.
*
* @author nkorange
* @author mai.jh
* @since 1.2.0
*/
public class DefaultResourceParser implements ResourceParser<Object> {
@Override
public Resource parse(Object request, Secured secured) {
return Resource.EMPTY_RESOURCE;
}
}

39
auth/src/main/java/com/alibaba/nacos/auth/parser/ResourceParser.java Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.Resource;
/**
* Resource parser.
*
* @author nkorange
* @author mai.jh
* @since 1.2.0
*/
public interface ResourceParser<R> {
/**
* Parse resource from request.
*
* @param request request
* @param secured request secured
* @return resource
*/
Resource parse(R request, Secured secured);
}

38
auth/src/main/java/com/alibaba/nacos/auth/parser/grpc/AbstractGrpcResourceParser.java Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.grpc;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.parser.AbstractResourceParser;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import java.util.Properties;
/**
* Abstract Grpc Resource Parser.
*
* @author xiweng.yy
*/
public abstract class AbstractGrpcResourceParser extends AbstractResourceParser<Request> {
@Override
protected Properties getProperties(Request request) {
Properties properties = new Properties();
properties.setProperty(Constants.Resource.REQUEST_CLASS, request.getClass().getSimpleName());
return properties;
}
}

74
auth/src/main/java/com/alibaba/nacos/auth/parser/grpc/ConfigGrpcResourceParser.java Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.grpc;
import com.alibaba.nacos.api.config.remote.request.AbstractConfigRequest;
import com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.utils.ReflectUtils;
import com.alibaba.nacos.common.utils.StringUtils;
import java.util.List;
/**
* Config Grpc resource parser.
*
* @author xiweng.yy
*/
public class ConfigGrpcResourceParser extends AbstractGrpcResourceParser {
@Override
protected String getNamespaceId(Request request) {
String namespaceId = StringUtils.EMPTY;
if (request instanceof ConfigBatchListenRequest) {
List<ConfigBatchListenRequest.ConfigListenContext> configListenContexts = ((ConfigBatchListenRequest) request)
.getConfigListenContexts();
if (!configListenContexts.isEmpty()) {
namespaceId = ((ConfigBatchListenRequest) request).getConfigListenContexts().get(0).getTenant();
}
} else if (request instanceof AbstractConfigRequest) {
namespaceId = ((AbstractConfigRequest) request).getTenant();
} else {
namespaceId = (String) ReflectUtils.getFieldValue(request, "tenant", StringUtils.EMPTY);
}
return StringUtils.isBlank(namespaceId) ? StringUtils.EMPTY : namespaceId;
}
@Override
protected String getGroup(Request request) {
String groupName;
if (request instanceof AbstractConfigRequest) {
groupName = ((AbstractConfigRequest) request).getGroup();
} else {
groupName = (String) ReflectUtils
.getFieldValue(request, com.alibaba.nacos.api.common.Constants.GROUP, StringUtils.EMPTY);
}
return StringUtils.isBlank(groupName) ? StringUtils.EMPTY : groupName;
}
@Override
protected String getResourceName(Request request) {
String dataId;
if (request instanceof AbstractConfigRequest) {
dataId = ((AbstractConfigRequest) request).getDataId();
} else {
dataId = (String) ReflectUtils
.getFieldValue(request, com.alibaba.nacos.api.common.Constants.DATAID, StringUtils.EMPTY);
}
return StringUtils.isBlank(dataId) ? StringUtils.EMPTY : dataId;
}
}

62
auth/src/main/java/com/alibaba/nacos/auth/parser/grpc/NamingGrpcResourceParser.java Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.grpc;
import com.alibaba.nacos.api.PropertyKeyConst;
import com.alibaba.nacos.api.naming.CommonParams;
import com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.utils.ReflectUtils;
import com.alibaba.nacos.common.utils.StringUtils;
/**
* Naming Grpc resource parser.
*
* @author xiweng.yy
*/
public class NamingGrpcResourceParser extends AbstractGrpcResourceParser {
@Override
protected String getNamespaceId(Request request) {
if (request instanceof AbstractNamingRequest) {
return ((AbstractNamingRequest) request).getNamespace();
}
return (String) ReflectUtils.getFieldValue(request, PropertyKeyConst.NAMESPACE, StringUtils.EMPTY);
}
@Override
protected String getGroup(Request request) {
String groupName;
if (request instanceof AbstractNamingRequest) {
groupName = ((AbstractNamingRequest) request).getGroupName();
} else {
groupName = (String) ReflectUtils.getFieldValue(request, CommonParams.GROUP_NAME, StringUtils.EMPTY);
}
return StringUtils.isBlank(groupName) ? StringUtils.EMPTY : groupName;
}
@Override
protected String getResourceName(Request request) {
String serviceName;
if (request instanceof AbstractNamingRequest) {
serviceName = ((AbstractNamingRequest) request).getServiceName();
} else {
serviceName = (String) ReflectUtils.getFieldValue(request, CommonParams.SERVICE_NAME, "");
}
return StringUtils.isBlank(serviceName) ? StringUtils.EMPTY : serviceName;
}
}

30
auth/src/main/java/com/alibaba/nacos/auth/parser/http/AbstractHttpResourceParser.java Normal file
View File

@ -0,0 +1,30 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.http;
import com.alibaba.nacos.auth.parser.AbstractResourceParser;
import javax.servlet.http.HttpServletRequest;
/**
* Abstract Http Resource Parser.
*
* @author xiweng.yy
*/
public abstract class AbstractHttpResourceParser extends AbstractResourceParser<HttpServletRequest> {
}

54
auth/src/main/java/com/alibaba/nacos/auth/parser/http/ConfigHttpResourceParser.java Normal file
View File

@ -0,0 +1,54 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.http;
import com.alibaba.nacos.common.utils.NamespaceUtil;
import com.alibaba.nacos.common.utils.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.util.Properties;
/**
* Config Http resource parser.
*
* @author xiweng.yy
*/
public class ConfigHttpResourceParser extends AbstractHttpResourceParser {
@Override
protected String getNamespaceId(HttpServletRequest request) {
return NamespaceUtil.processNamespaceParameter(request.getParameter("tenant"));
}
@Override
protected String getGroup(HttpServletRequest request) {
String groupName = request.getParameter(com.alibaba.nacos.api.common.Constants.GROUP);
return StringUtils.isBlank(groupName) ? StringUtils.EMPTY : groupName;
}
@Override
protected String getResourceName(HttpServletRequest request) {
String dataId = request.getParameter(com.alibaba.nacos.api.common.Constants.DATAID);
return StringUtils.isBlank(dataId) ? StringUtils.EMPTY : dataId;
}
@Override
protected Properties getProperties(HttpServletRequest request) {
return new Properties();
}
}

68
auth/src/main/java/com/alibaba/nacos/auth/parser/http/NamingHttpResourceParser.java Normal file
View File

@ -0,0 +1,68 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.http;
import com.alibaba.nacos.api.naming.CommonParams;
import com.alibaba.nacos.api.naming.utils.NamingUtils;
import com.alibaba.nacos.common.utils.NamespaceUtil;
import com.alibaba.nacos.common.utils.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.util.Properties;
/**
* Naming Http resource parser.
*
* @author xiweng.yy
*/
public class NamingHttpResourceParser extends AbstractHttpResourceParser {
@Override
protected String getNamespaceId(HttpServletRequest request) {
return NamespaceUtil.processNamespaceParameter(request.getParameter(CommonParams.NAMESPACE_ID));
}
/**
* Group name from http request might be in service name with format ${group}@@${service}. So if group name is blank
* or {@code null}, should try to get group name from service.
*
* @param request http request
* @return group
*/
@Override
protected String getGroup(HttpServletRequest request) {
String groupName = request.getParameter(CommonParams.GROUP_NAME);
if (StringUtils.isBlank(groupName)) {
String serviceName = request.getParameter(CommonParams.SERVICE_NAME);
groupName = NamingUtils.getGroupName(serviceName);
}
return StringUtils.isBlank(groupName) ? StringUtils.EMPTY : groupName;
}
@Override
protected String getResourceName(HttpServletRequest request) {
// See comment in #getGroup
String serviceName = NamingUtils.getServiceName(request.getParameter(CommonParams.SERVICE_NAME));
return StringUtils.isBlank(serviceName) ? StringUtils.EMPTY : serviceName;
}
@Override
protected Properties getProperties(HttpServletRequest request) {
return new Properties();
}
}

43
auth/src/main/java/com/alibaba/nacos/auth/util/AuthHeaderUtil.java Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.util;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.http.param.Header;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.sys.utils.ApplicationUtils;
/**
* Auth header util.
*
* @author xiweng.yy
*/
public class AuthHeaderUtil {
/**
* Add identity info to Http header.
*
* @param header http header
*/
public static void addIdentityToHeader(Header header) {
AuthConfigs authConfigs = ApplicationUtils.getBean(AuthConfigs.class);
if (StringUtils.isNotBlank(authConfigs.getServerIdentityKey())) {
header.addParam(authConfigs.getServerIdentityKey(), authConfigs.getServerIdentityValue());
}
}
}

41
auth/src/main/java/com/alibaba/nacos/auth/util/Loggers.java Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.util;
import ch.qos.logback.classic.Level;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Loggers for core.
*
* @author nkorange
* @since 1.2.0
*/
public class Loggers {
private static final String AUTH_LOG_NAME = "auth";
public static final Logger AUTH = LoggerFactory.getLogger("com.alibaba.nacos.auth");
public static void setLogLevel(String logName, String level) {
if (AUTH_LOG_NAME.equals(logName)) {
((ch.qos.logback.classic.Logger) AUTH).setLevel(Level.valueOf(level));
}
}
}

17
auth/src/main/resources/META-INF/services/com.alibaba.nacos.sys.module.ModuleStateBuilder Normal file
View File

@ -0,0 +1,17 @@
#
# Copyright 1999-2023 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
com.alibaba.nacos.auth.config.AuthModuleStateBuilder

159
auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java Normal file
View File

@ -0,0 +1,159 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.api.config.remote.request.ConfigPublishRequest;
import com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.auth.mock.MockAuthPluginService;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@RunWith(MockitoJUnitRunner.class)
public class GrpcProtocolAuthServiceTest {
@Mock
private AuthConfigs authConfigs;
private ConfigPublishRequest configRequest;
private AbstractNamingRequest namingRequest;
private GrpcProtocolAuthService protocolAuthService;
@Before
public void setUp() throws Exception {
protocolAuthService = new GrpcProtocolAuthService(authConfigs);
protocolAuthService.initialize();
mockConfigRequest();
mockNamingRequest();
}
private void mockConfigRequest() {
configRequest = new ConfigPublishRequest();
configRequest.setTenant("testCNs");
configRequest.setGroup("testCG");
configRequest.setDataId("testD");
}
private void mockNamingRequest() {
namingRequest = new AbstractNamingRequest() {
};
namingRequest.setNamespace("testNNs");
namingRequest.setGroupName("testNG");
namingRequest.setServiceName("testS");
}
@Test
@Secured(resource = "testResource")
public void testParseResourceWithSpecifiedResource() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithSpecifiedResource");
Resource actual = protocolAuthService.parseResource(namingRequest, secured);
assertEquals("testResource", actual.getName());
assertEquals(SignType.SPECIFIED, actual.getType());
assertNull(actual.getNamespaceId());
assertNull(actual.getGroup());
assertNull(actual.getProperties());
}
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = protocolAuthService.parseResource(namingRequest, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}
@Test
@Secured()
public void testParseResourceWithNamingType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNamingType");
Resource actual = protocolAuthService.parseResource(namingRequest, secured);
assertEquals(SignType.NAMING, actual.getType());
assertEquals("testS", actual.getName());
assertEquals("testNNs", actual.getNamespaceId());
assertEquals("testNG", actual.getGroup());
assertNotNull(actual.getProperties());
}
@Test
@Secured(signType = SignType.CONFIG)
public void testParseResourceWithConfigType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithConfigType");
Resource actual = protocolAuthService.parseResource(configRequest, secured);
assertEquals(SignType.CONFIG, actual.getType());
assertEquals("testD", actual.getName());
assertEquals("testCNs", actual.getNamespaceId());
assertEquals("testCG", actual.getGroup());
assertNotNull(actual.getProperties());
}
@Test
public void testParseIdentity() {
IdentityContext actual = protocolAuthService.parseIdentity(namingRequest);
assertNotNull(actual);
}
@Test
public void testValidateIdentityWithoutPlugin() throws AccessException {
IdentityContext identityContext = new IdentityContext();
assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
}
@Test
public void testValidateIdentityWithPlugin() throws AccessException {
Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
IdentityContext identityContext = new IdentityContext();
assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
}
@Test
public void testValidateAuthorityWithoutPlugin() throws AccessException {
assertTrue(protocolAuthService
.validateAuthority(new IdentityContext(), new Permission(Resource.EMPTY_RESOURCE, "")));
}
@Test
public void testValidateAuthorityWithPlugin() throws AccessException {
Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
assertFalse(protocolAuthService
.validateAuthority(new IdentityContext(), new Permission(Resource.EMPTY_RESOURCE, "")));
}
private Secured getMethodSecure(String methodName) throws NoSuchMethodException {
Method method = GrpcProtocolAuthServiceTest.class.getMethod(methodName);
return method.getAnnotation(Secured.class);
}
}

149
auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java Normal file
View File

@ -0,0 +1,149 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.naming.CommonParams;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.auth.mock.MockAuthPluginService;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
@RunWith(MockitoJUnitRunner.class)
public class HttpProtocolAuthServiceTest {
@Mock
private AuthConfigs authConfigs;
@Mock
private HttpServletRequest request;
private HttpProtocolAuthService httpProtocolAuthService;
@Before
public void setUp() throws Exception {
httpProtocolAuthService = new HttpProtocolAuthService(authConfigs);
httpProtocolAuthService.initialize();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNNs");
Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testNG");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
Mockito.when(request.getParameter(eq("tenant"))).thenReturn("testCNs");
Mockito.when(request.getParameter(eq(Constants.GROUP))).thenReturn("testCG");
Mockito.when(request.getParameter(eq(Constants.DATAID))).thenReturn("testD");
}
@Test
@Secured(resource = "testResource")
public void testParseResourceWithSpecifiedResource() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithSpecifiedResource");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals("testResource", actual.getName());
assertEquals(SignType.SPECIFIED, actual.getType());
assertNull(actual.getNamespaceId());
assertNull(actual.getGroup());
assertNull(actual.getProperties());
}
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}
@Test
@Secured()
public void testParseResourceWithNamingType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNamingType");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals(SignType.NAMING, actual.getType());
assertEquals("testS", actual.getName());
assertEquals("testNNs", actual.getNamespaceId());
assertEquals("testNG", actual.getGroup());
assertNotNull(actual.getProperties());
}
@Test
@Secured(signType = SignType.CONFIG)
public void testParseResourceWithConfigType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithConfigType");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals(SignType.CONFIG, actual.getType());
assertEquals("testD", actual.getName());
assertEquals("testCNs", actual.getNamespaceId());
assertEquals("testCG", actual.getGroup());
assertNotNull(actual.getProperties());
}
@Test
public void testParseIdentity() {
IdentityContext actual = httpProtocolAuthService.parseIdentity(request);
assertNotNull(actual);
}
@Test
public void testValidateIdentityWithoutPlugin() throws AccessException {
IdentityContext identityContext = new IdentityContext();
assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
}
@Test
public void testValidateIdentityWithPlugin() throws AccessException {
Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
IdentityContext identityContext = new IdentityContext();
assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
}
@Test
public void testValidateAuthorityWithoutPlugin() throws AccessException {
assertTrue(httpProtocolAuthService
.validateAuthority(new IdentityContext(), new Permission(Resource.EMPTY_RESOURCE, "")));
}
@Test
public void testValidateAuthorityWithPlugin() throws AccessException {
Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
assertFalse(httpProtocolAuthService
.validateAuthority(new IdentityContext(), new Permission(Resource.EMPTY_RESOURCE, "")));
}
private Secured getMethodSecure(String methodName) throws NoSuchMethodException {
Method method = HttpProtocolAuthServiceTest.class.getMethod(methodName);
return method.getAnnotation(Secured.class);
}
}

66
auth/src/test/java/com/alibaba/nacos/auth/config/AuthConfigsTest.java Normal file
View File

@ -0,0 +1,66 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.config;
import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.env.MockEnvironment;
import static org.junit.Assert.assertEquals;
public class AuthConfigsTest {
private static final boolean TEST_AUTH_ENABLED = true;
private static final boolean TEST_CACHING_ENABLED = false;
private static final String TEST_SERVER_IDENTITY_KEY = "testKey";
private static final String TEST_SERVER_IDENTITY_VALUE = "testValue";
private static final boolean TEST_ENABLE_UA_WHITE = true;
private AuthConfigs authConfigs;
private MockEnvironment environment;
@Before
public void setUp() throws Exception {
environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
environment.setProperty("nacos.core.auth.plugin.test.key", "test");
authConfigs = new AuthConfigs();
}
@Test
public void testUpgradeFromEvent() {
environment.setProperty("nacos.core.auth.enabled", String.valueOf(TEST_AUTH_ENABLED));
environment.setProperty("nacos.core.auth.caching.enabled", String.valueOf(TEST_CACHING_ENABLED));
environment.setProperty("nacos.core.auth.server.identity.key", TEST_SERVER_IDENTITY_KEY);
environment.setProperty("nacos.core.auth.server.identity.value", TEST_SERVER_IDENTITY_VALUE);
environment.setProperty("nacos.core.auth.enable.userAgentAuthWhite", String.valueOf(TEST_ENABLE_UA_WHITE));
authConfigs.onEvent(ServerConfigChangeEvent.newEvent());
assertEquals(TEST_AUTH_ENABLED, authConfigs.isAuthEnabled());
assertEquals(TEST_CACHING_ENABLED, authConfigs.isCachingEnabled());
assertEquals(TEST_SERVER_IDENTITY_KEY, authConfigs.getServerIdentityKey());
assertEquals(TEST_SERVER_IDENTITY_VALUE, authConfigs.getServerIdentityValue());
assertEquals(TEST_ENABLE_UA_WHITE, authConfigs.isEnableUserAgentAuthWhite());
}
}

61
auth/src/test/java/com/alibaba/nacos/auth/config/AuthModuleStateBuilderTest.java Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.config;
import com.alibaba.nacos.sys.module.ModuleState;
import com.alibaba.nacos.sys.utils.ApplicationUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.context.ConfigurableApplicationContext;
import static com.alibaba.nacos.auth.config.AuthModuleStateBuilder.AUTH_ENABLED;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class AuthModuleStateBuilderTest {
@Mock
private ConfigurableApplicationContext context;
@Mock
private AuthConfigs authConfigs;
@Before
public void setUp() throws Exception {
when(context.getBean(AuthConfigs.class)).thenReturn(authConfigs);
ApplicationUtils.injectContext(context);
when(authConfigs.getNacosAuthSystemType()).thenReturn("nacos");
}
@After
public void tearDown() throws Exception {
}
@Test
public void testBuild() {
ModuleState actual = new AuthModuleStateBuilder().build();
assertFalse((Boolean) actual.getStates().get(AUTH_ENABLED));
assertFalse((Boolean) actual.getStates().get("login_page_enabled"));
assertEquals("nacos", actual.getStates().get("auth_system_type"));
}
}

76
auth/src/test/java/com/alibaba/nacos/auth/context/GrpcIdentityContextBuilderTest.java Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.context;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import java.util.HashMap;
import java.util.Map;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class GrpcIdentityContextBuilderTest {
private static final String TEST_PLUGIN = "test";
private static final String IDENTITY_TEST_KEY = "identity-test-key";
private static final String IDENTITY_TEST_VALUE = "identity-test-value";
@Mock
private AuthConfigs authConfigs;
@Mock
private Request request;
private GrpcIdentityContextBuilder identityContextBuilder;
@Before
public void setUp() throws Exception {
identityContextBuilder = new GrpcIdentityContextBuilder(authConfigs);
when(authConfigs.getNacosAuthSystemType()).thenReturn(TEST_PLUGIN);
Map<String, String> headers = new HashMap<>();
headers.put(IDENTITY_TEST_KEY, IDENTITY_TEST_VALUE);
when(request.getHeaders()).thenReturn(headers);
when(request.getHeader(Constants.Identity.X_REAL_IP)).thenReturn("1.1.1.1");
}
@Test
public void testBuildWithoutPlugin() {
when(authConfigs.getNacosAuthSystemType()).thenReturn("non-exist");
IdentityContext actual = identityContextBuilder.build(request);
assertNull(actual.getParameter(IDENTITY_TEST_KEY));
}
@Test
public void testBuild() {
IdentityContext actual = identityContextBuilder.build(request);
assertEquals(IDENTITY_TEST_VALUE, actual.getParameter(IDENTITY_TEST_KEY));
assertEquals("1.1.1.1", actual.getParameter(Constants.Identity.REMOTE_IP));
}
}

108
auth/src/test/java/com/alibaba/nacos/auth/context/HtppIdentityContextBuilderTest.java Normal file
View File

@ -0,0 +1,108 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.context;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.constant.Constants;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class HtppIdentityContextBuilderTest {
private static final String TEST_PLUGIN = "test";
private static final String IDENTITY_TEST_KEY = "identity-test-key";
private static final String IDENTITY_TEST_VALUE = "identity-test-value";
@Mock
private AuthConfigs authConfigs;
@Mock
private HttpServletRequest request;
@Mock
private Enumeration<String> headerNames;
@Mock
private Enumeration<String> parameterNames;
private HttpIdentityContextBuilder identityContextBuilder;
@Before
public void setUp() throws Exception {
identityContextBuilder = new HttpIdentityContextBuilder(authConfigs);
when(authConfigs.getNacosAuthSystemType()).thenReturn(TEST_PLUGIN);
}
@Test
public void testBuildWithoutPlugin() {
mockHeader(true);
mockParameter(true);
when(authConfigs.getNacosAuthSystemType()).thenReturn("non-exist");
IdentityContext actual = identityContextBuilder.build(request);
assertNull(actual.getParameter(IDENTITY_TEST_KEY));
}
@Test
public void testBuildWithHeader() {
mockHeader(true);
mockParameter(false);
IdentityContext actual = identityContextBuilder.build(request);
assertEquals(IDENTITY_TEST_VALUE, actual.getParameter(IDENTITY_TEST_KEY));
assertEquals("1.1.1.1", actual.getParameter(Constants.Identity.REMOTE_IP));
}
@Test
public void testBuildWithParameter() {
mockHeader(false);
mockParameter(true);
IdentityContext actual = identityContextBuilder.build(request);
assertEquals(IDENTITY_TEST_VALUE, actual.getParameter(IDENTITY_TEST_KEY));
}
private void mockHeader(boolean contained) {
when(request.getHeaderNames()).thenReturn(headerNames);
if (contained) {
when(headerNames.hasMoreElements()).thenReturn(true, false);
when(headerNames.nextElement()).thenReturn(IDENTITY_TEST_KEY, (String) null);
when(request.getHeader(IDENTITY_TEST_KEY)).thenReturn(IDENTITY_TEST_VALUE);
when(request.getHeader(Constants.Identity.X_REAL_IP)).thenReturn("1.1.1.1");
}
}
private void mockParameter(boolean contained) {
when(request.getParameterNames()).thenReturn(parameterNames);
if (contained) {
when(parameterNames.hasMoreElements()).thenReturn(true, false);
when(parameterNames.nextElement()).thenReturn(IDENTITY_TEST_KEY, (String) null);
when(request.getParameter(IDENTITY_TEST_KEY)).thenReturn(IDENTITY_TEST_VALUE);
}
}
}

59
auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.mock;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import java.util.Collection;
import java.util.Collections;
public class MockAuthPluginService implements AuthPluginService {
public static final String TEST_PLUGIN = "test";
public static final String IDENTITY_TEST_KEY = "identity-test-key";
@Override
public Collection<String> identityNames() {
return Collections.singletonList(IDENTITY_TEST_KEY);
}
@Override
public boolean enableAuth(ActionTypes action, String type) {
return true;
}
@Override
public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
return false;
}
@Override
public Boolean validateAuthority(IdentityContext identityContext, Permission permission) {
return false;
}
@Override
public String getAuthServiceName() {
return TEST_PLUGIN;
}
}

118
auth/src/test/java/com/alibaba/nacos/auth/parser/grpc/ConfigGrpcResourceParserTest.java Normal file
View File

@ -0,0 +1,118 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.grpc;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest;
import com.alibaba.nacos.api.config.remote.request.ConfigPublishRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.Resource;
import org.junit.Before;
import org.junit.Test;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
public class ConfigGrpcResourceParserTest {
private ConfigGrpcResourceParser resourceParser;
@Before
public void setUp() throws Exception {
resourceParser = new ConfigGrpcResourceParser();
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithFullContext() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("testNs", "testG", "testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutNamespace() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("", "testG", "testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals("", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutGroup() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("testNs", "", "testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutDataId() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("testNs", "testG", "");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithConfigBatchListenRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
ConfigBatchListenRequest request = new ConfigBatchListenRequest();
request.addConfigListenContext("testG", "testD", "testNs", "111");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
private Request mockConfigRequest(String tenant, String group, String dataId) {
ConfigPublishRequest request = new ConfigPublishRequest();
request.setTenant(tenant);
request.setGroup(group);
request.setDataId(dataId);
return request;
}
private Secured getMethodSecure() throws NoSuchMethodException {
StackTraceElement[] traces = new Exception().getStackTrace();
StackTraceElement callerElement = traces[1];
String methodName = callerElement.getMethodName();
Method method = this.getClass().getMethod(methodName);
return method.getAnnotation(Secured.class);
}
}

182
auth/src/test/java/com/alibaba/nacos/auth/parser/grpc/NamingGrpcResourceParserTest.java Normal file
View File

@ -0,0 +1,182 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.grpc;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest;
import com.alibaba.nacos.api.naming.remote.request.NotifySubscriberRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.Resource;
import org.junit.Before;
import org.junit.Test;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
public class NamingGrpcResourceParserTest {
private NamingGrpcResourceParser resourceParser;
@Before
public void setUp() throws Exception {
resourceParser = new NamingGrpcResourceParser();
}
@Test
@Secured()
public void testParseWithFullContextForNamingRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
AbstractNamingRequest request = mockNamingRequest("testNs", "testG", "testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(MockNamingRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithFullContextForOtherRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockOtherRequest("testNs", "testG", "testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(NotifySubscriberRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutNamespaceForNamingRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
AbstractNamingRequest request = mockNamingRequest(null, "testG", "testS");
Resource actual = resourceParser.parse(request, secured);
assertNull(actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(MockNamingRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutNamespaceForOtherRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockOtherRequest(null, "testG", "testS");
Resource actual = resourceParser.parse(request, secured);
assertNull(actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(NotifySubscriberRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutGroupForNamingRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
AbstractNamingRequest request = mockNamingRequest("testNs", null, "testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(MockNamingRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutGroupForOtherRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockOtherRequest("testNs", null, "testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(NotifySubscriberRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutDataIdForNamingRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
AbstractNamingRequest request = mockNamingRequest("testNs", "testG", null);
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(MockNamingRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
@Test
@Secured()
public void testParseWithoutDataIdForOtherRequest() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockOtherRequest("testNs", "testG", null);
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertEquals(NotifySubscriberRequest.class.getSimpleName(), actual.getProperties().getProperty(
com.alibaba.nacos.plugin.auth.constant.Constants.Resource.REQUEST_CLASS));
}
private AbstractNamingRequest mockNamingRequest(String testNs, String testG, String testS) {
MockNamingRequest result = new MockNamingRequest();
result.setNamespace(testNs);
result.setGroupName(testG);
result.setServiceName(testS);
return result;
}
private Request mockOtherRequest(String testNs, String testG, String testS) {
NotifySubscriberRequest result = new NotifySubscriberRequest();
result.setNamespace(testNs);
result.setGroupName(testG);
result.setServiceName(testS);
return result;
}
private Secured getMethodSecure() throws NoSuchMethodException {
StackTraceElement[] traces = new Exception().getStackTrace();
StackTraceElement callerElement = traces[1];
String methodName = callerElement.getMethodName();
Method method = this.getClass().getMethod(methodName);
return method.getAnnotation(Secured.class);
}
private class MockNamingRequest extends AbstractNamingRequest {
}
}

110
auth/src/test/java/com/alibaba/nacos/auth/parser/http/ConfigHttpResourceParserTest.java Normal file
View File

@ -0,0 +1,110 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.http;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.Resource;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.eq;
@RunWith(MockitoJUnitRunner.class)
public class ConfigHttpResourceParserTest {
@Mock
private HttpServletRequest request;
private ConfigHttpResourceParser resourceParser;
@Before
public void setUp() throws Exception {
resourceParser = new ConfigHttpResourceParser();
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithFullContext() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq("tenant"))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(Constants.GROUP))).thenReturn("testG");
Mockito.when(request.getParameter(eq(Constants.DATAID))).thenReturn("testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutNamespace() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(Constants.GROUP))).thenReturn("testG");
Mockito.when(request.getParameter(eq(Constants.DATAID))).thenReturn("testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals(StringUtils.EMPTY, actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutGroup() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq("tenant"))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(Constants.DATAID))).thenReturn("testD");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals("testD", actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutDataId() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq("tenant"))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(Constants.GROUP))).thenReturn("testG");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
private Secured getMethodSecure() throws NoSuchMethodException {
StackTraceElement[] traces = new Exception().getStackTrace();
StackTraceElement callerElement = traces[1];
String methodName = callerElement.getMethodName();
Method method = this.getClass().getMethod(methodName);
return method.getAnnotation(Secured.class);
}
}

152
auth/src/test/java/com/alibaba/nacos/auth/parser/http/NamingHttpResourceParserTest.java Normal file
View File

@ -0,0 +1,152 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.auth.parser.http;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.naming.CommonParams;
import com.alibaba.nacos.auth.annotation.Secured;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.Resource;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
@RunWith(MockitoJUnitRunner.class)
public class NamingHttpResourceParserTest {
@Mock
private HttpServletRequest request;
private NamingHttpResourceParser resourceParser;
@Before
public void setUp() throws Exception {
resourceParser = new NamingHttpResourceParser();
}
@Test
@Secured()
public void testParseWithFullContext() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testG");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured()
public void testParseWithoutNamespace() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testG");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals(StringUtils.EMPTY, actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured()
public void testParseWithoutGroup() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(Constants.DEFAULT_GROUP, actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured()
public void testParseWithGroupInService() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testG@@testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured()
public void testParseWithoutService() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testG");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured()
public void testParseWithoutGroupAndService() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals(StringUtils.EMPTY, actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
}
@Test
@Secured(tags = {"testTag"})
public void testParseWithTags() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNs");
Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testG");
Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals("testS", actual.getName());
assertEquals(Constants.Naming.NAMING_MODULE, actual.getType());
assertTrue(actual.getProperties().containsKey("testTag"));
}
private Secured getMethodSecure() throws NoSuchMethodException {
StackTraceElement[] traces = new Exception().getStackTrace();
StackTraceElement callerElement = traces[1];
String methodName = callerElement.getMethodName();
Method method = this.getClass().getMethod(methodName);
return method.getAnnotation(Secured.class);
}
}

17
auth/src/test/resources/META-INF/services/com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService Normal file
View File

@ -0,0 +1,17 @@
#
# Copyright 1999-2021 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
com.alibaba.nacos.auth.mock.MockAuthPluginService