Don't stopping startup for illegal token.secret.key when auth.enabled…

… is false. (#10265)
alibaba · Apr 6, 2023 · e31f830 · e31f830
1 parent 0f43ea9
commit e31f830
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/distribution/conf/announcement.conf b/distribution/conf/announcement.conf
@@ -1 +1 @@
-当前集群没有开启鉴权，请参考[文档](https://nacos.io/zh-cn/docs/v2/guide/user/auth.html)开启鉴权~
+当前集群没有开启鉴权，请参考<a href="https://nacos.io/zh-cn/docs/v2/guide/user/auth.html">文档</a>开启鉴权~
diff --git a/...ult-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java b/...ult-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
@@ -16,6 +16,7 @@
 
 package com.alibaba.nacos.plugin.auth.impl.token.impl;
 
+import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
 import com.alibaba.nacos.common.notify.Event;
 import com.alibaba.nacos.common.notify.NotifyCenter;
@@ -56,7 +57,10 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
 
     private volatile NacosJwtParser jwtParser;
 
-    public JwtTokenManager() {
+    private final AuthConfigs authConfigs;
+
+    public JwtTokenManager(AuthConfigs authConfigs) {
+        this.authConfigs = authConfigs;
         NotifyCenter.registerSubscriber(this);
         processProperties();
     }
@@ -70,9 +74,11 @@ private void processProperties() {
         try {
             this.jwtParser = new NacosJwtParser(encodedSecretKey);
         } catch (Exception e) {
-            throw new IllegalArgumentException(
-                    "the length of secret key must great than or equal 32 bytes; And the secret key  must be encoded by base64."
-                            + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e);
+            if (authConfigs.isAuthEnabled()) {
+                throw new IllegalArgumentException(
+                        "the length of secret key must great than or equal 32 bytes; And the secret key  must be encoded by base64."
+                                + "Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html", e);
+            }
         }
 
     }

diff --git a/...impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java b/...impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
@@ -16,6 +16,7 @@
 
 package com.alibaba.nacos.plugin.auth.impl.token.impl;
 
+import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.plugin.auth.exception.AccessException;
 import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
 import com.alibaba.nacos.plugin.auth.impl.jwt.NacosJwtParser;
@@ -24,6 +25,7 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.mock.env.MockEnvironment;
 import org.springframework.security.core.Authentication;
@@ -32,11 +34,16 @@
 import java.util.Base64;
 import java.util.concurrent.TimeUnit;
 
+import static org.mockito.Mockito.when;
+
 @RunWith(MockitoJUnitRunner.class)
 public class JwtTokenManagerTest {
 
     private JwtTokenManager jwtTokenManager;
 
+    @Mock
+    private AuthConfigs authConfigs;
+
     @Before
     public void setUp() {
         MockEnvironment mockEnvironment = new MockEnvironment();
@@ -47,8 +54,7 @@ public void setUp() {
                 AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
 
         EnvUtil.setEnvironment(mockEnvironment);
-
-        jwtTokenManager = new JwtTokenManager();
+        jwtTokenManager = new JwtTokenManager(authConfigs);
     }
 
     @Test
@@ -70,7 +76,7 @@ private void createToken(String secretKey) throws AccessException {
 
         EnvUtil.setEnvironment(mockEnvironment);
 
-        JwtTokenManager jwtTokenManager = new JwtTokenManager();
+        JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
         String nacosToken = jwtTokenManager.createToken("nacos");
         Assert.assertNotNull(nacosToken);
         jwtTokenManager.validateToken(nacosToken);
@@ -85,6 +91,7 @@ public void getAuthentication() throws AccessException {
 
     @Test
     public void testInvalidSecretKey() {
+        when(authConfigs.isAuthEnabled()).thenReturn(true);
         Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE"));
     }
 
@@ -109,7 +116,7 @@ public void testNacosJwtParser() throws AccessException {
 
         EnvUtil.setEnvironment(mockEnvironment);
 
-        JwtTokenManager jwtTokenManager = new JwtTokenManager();
+        JwtTokenManager jwtTokenManager = new JwtTokenManager(authConfigs);
         String nacosToken = jwtTokenManager.createToken("nacos");
         Assert.assertNotNull(nacosToken);
         System.out.println("oldToken: " + nacosToken);
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		当前集群没有开启鉴权，请参考[文档](https://nacos.io/zh-cn/docs/v2/guide/user/auth.html)开启鉴权~
		当前集群没有开启鉴权，请参考<a href="https://nacos.io/zh-cn/docs/v2/guide/user/auth.html">文档</a>开启鉴权~