[ISSUE #9859] 重构默认插件的登陆/鉴权逻辑

[YunWZ]

Please do not create a Pull Request without creating an issue first.

What is the purpose of the change

重构默认插件的登陆/鉴权逻辑, 提高性能.

Brief changelog

不使用Spring-Security中的登陆鉴权逻辑,由鉴权插件自己实现:

1. 优化登陆接口的逻辑,避免重复验证jwt(登陆时由插件自己生成令牌,无需重复验证);
2. 优化AcessToken的验证逻辑;

Verifying this change

XXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

• Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
• Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in test module.
• Run mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true to make sure basic checks pass. Run mvn clean install -DskipITs to make sure unit-test pass. Run mvn clean test-compile failsafe:integration-test to make sure integration-test pass.

[KomachiSion]

如果这个PR完成了， 是不是可以吧spring-security去掉？
这玩意太多安全工程师盯着了， 容易出漏洞。

[YunWZ]

如果这个PR完成了， 是不是可以吧spring-security去掉？ 这玩意太多安全工程师盯着了， 容易出漏洞。

其实我尝试过移除spring-security, 但是发现移除了spring-security之后, console不能正常登陆了.
想要彻底移除spring-security的话, 可能需要前端大佬一起看下, 且其他需要鉴权的模块也需要改--例如address模块(依赖于naming)

[codecov-commenter]

Codecov Report

Merging #9889 (06372e8) into develop (71389b0) will decrease coverage by 0.28%.
The diff coverage is 6.92%.

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #9889      +/-   ##
=============================================
- Coverage      47.36%   47.08%   -0.28%     
+ Complexity      4513     4500      -13     
=============================================
  Files            861      865       +4     
  Lines          28001    28110     +109     
  Branches        3121     3132      +11     
=============================================
- Hits           13263    13236      -27     
- Misses         13536    13679     +143     
+ Partials        1202     1195       -7     

Impacted Files	Coverage Δ
...plugin/auth/impl/CustomAuthenticationProvider.java	0.00% <ø> (ø)
.../plugin/auth/impl/JwtAuthenticationEntryPoint.java	0.00% <ø> (ø)
...alibaba/nacos/plugin/auth/impl/LdapAuthConfig.java	0.00% <0.00%> (ø)
.../nacos/plugin/auth/impl/LdapAuthPluginService.java	0.00% <0.00%> (ø)
...libaba/nacos/plugin/auth/impl/NacosAuthConfig.java	0.00% <0.00%> (ø)
...ibaba/nacos/plugin/auth/impl/NacosAuthManager.java	0.00% <ø> (ø)
...nacos/plugin/auth/impl/NacosAuthPluginService.java	0.00% <0.00%> (ø)
...pl/authenticate/AbstractAuthenticationManager.java	0.00% <0.00%> (ø)
...l/authenticate/AuthenticationNamagerDelegator.java	0.00% <0.00%> (ø)
...mpl/authenticate/DefaultAuthenticationManager.java	0.00% <0.00%> (ø)
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 71389b0...06372e8. Read the comment docs.