Search in sources :

Example 1 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class UserController method createUser.

/**
 * Create a new user.
 *
 * @param username username
 * @param password password
 * @return ok if create succeed
 * @throws IllegalArgumentException if user already exist
 * @since 1.2.0
 */
@Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
@PostMapping
public Object createUser(@RequestParam String username, @RequestParam String password) {
    User user = userDetailsService.getUserFromDatabase(username);
    if (user != null) {
        throw new IllegalArgumentException("user '" + username + "' already exist!");
    }
    userDetailsService.createUser(username, PasswordEncoderUtil.encode(password));
    return RestResultUtils.success("create user ok!");
}
Also used : NacosUser(com.alibaba.nacos.console.security.nacos.users.NacosUser) User(com.alibaba.nacos.config.server.model.User) PostMapping(org.springframework.web.bind.annotation.PostMapping) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 2 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class UserController method updateUser.

/**
 * Update an user.
 *
 * @param username    username of user
 * @param newPassword new password of user
 * @param response http response
 * @param request http request
 * @return ok if update succeed
 * @throws IllegalArgumentException if user not exist or oldPassword is incorrect
 * @since 1.2.0
 */
@PutMapping
@Secured(resource = NacosAuthConfig.UPDATE_PASSWORD_ENTRY_POINT, action = ActionTypes.WRITE)
public Object updateUser(@RequestParam String username, @RequestParam String newPassword, HttpServletResponse response, HttpServletRequest request) throws IOException {
    // admin or same user
    if (!hasPermission(username, request)) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "authorization failed!");
    }
    User user = userDetailsService.getUserFromDatabase(username);
    if (user == null) {
        throw new IllegalArgumentException("user " + username + " not exist!");
    }
    userDetailsService.updateUserPassword(username, PasswordEncoderUtil.encode(newPassword));
    return RestResultUtils.success("update user ok!");
}
Also used : NacosUser(com.alibaba.nacos.console.security.nacos.users.NacosUser) User(com.alibaba.nacos.config.server.model.User) Secured(com.alibaba.nacos.auth.annotation.Secured) PutMapping(org.springframework.web.bind.annotation.PutMapping)

Example 3 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class ConfigController method publishConfig.

/**
 * Adds or updates non-aggregated data.
 *
 * @throws NacosException NacosException.
 */
@PostMapping
@Secured(action = ActionTypes.WRITE, parser = ConfigResourceParser.class)
public Boolean publishConfig(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "dataId") String dataId, @RequestParam(value = "group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam(value = "content") String content, @RequestParam(value = "tag", required = false) String tag, @RequestParam(value = "appName", required = false) String appName, @RequestParam(value = "src_user", required = false) String srcUser, @RequestParam(value = "config_tags", required = false) String configTags, @RequestParam(value = "desc", required = false) String desc, @RequestParam(value = "use", required = false) String use, @RequestParam(value = "effect", required = false) String effect, @RequestParam(value = "type", required = false) String type, @RequestParam(value = "schema", required = false) String schema) throws NacosException {
    final String srcIp = RequestUtil.getRemoteIp(request);
    final String requestIpApp = RequestUtil.getAppName(request);
    srcUser = RequestUtil.getSrcUserName(request);
    // check type
    if (!ConfigType.isValidType(type)) {
        type = ConfigType.getDefaultType().getType();
    }
    // check tenant
    ParamUtils.checkTenant(tenant);
    ParamUtils.checkParam(dataId, group, "datumId", content);
    ParamUtils.checkParam(tag);
    Map<String, Object> configAdvanceInfo = new HashMap<String, Object>(10);
    MapUtil.putIfValNoNull(configAdvanceInfo, "config_tags", configTags);
    MapUtil.putIfValNoNull(configAdvanceInfo, "desc", desc);
    MapUtil.putIfValNoNull(configAdvanceInfo, "use", use);
    MapUtil.putIfValNoNull(configAdvanceInfo, "effect", effect);
    MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
    MapUtil.putIfValNoNull(configAdvanceInfo, "schema", schema);
    ParamUtils.checkParam(configAdvanceInfo);
    if (AggrWhitelist.isAggrDataId(dataId)) {
        LOGGER.warn("[aggr-conflict] {} attempt to publish single data, {}, {}", RequestUtil.getRemoteIp(request), dataId, group);
        throw new NacosException(NacosException.NO_RIGHT, "dataId:" + dataId + " is aggr");
    }
    final Timestamp time = TimeUtils.getCurrentTime();
    String betaIps = request.getHeader("betaIps");
    ConfigInfo configInfo = new ConfigInfo(dataId, group, tenant, appName, content);
    configInfo.setType(type);
    if (StringUtils.isBlank(betaIps)) {
        if (StringUtils.isBlank(tag)) {
            persistService.insertOrUpdate(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
            ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, time.getTime()));
        } else {
            persistService.insertOrUpdateTag(configInfo, tag, srcIp, srcUser, time, false);
            ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, tag, time.getTime()));
        }
    } else {
        // beta publish
        persistService.insertOrUpdateBeta(configInfo, betaIps, srcIp, srcUser, time, false);
        ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(true, dataId, group, tenant, time.getTime()));
    }
    ConfigTraceService.logPersistenceEvent(dataId, group, tenant, requestIpApp, time.getTime(), InetUtils.getSelfIP(), ConfigTraceService.PERSISTENCE_EVENT_PUB, content);
    return true;
}
Also used : HashMap(java.util.HashMap) ConfigDataChangeEvent(com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent) ConfigInfo(com.alibaba.nacos.config.server.model.ConfigInfo) Timestamp(java.sql.Timestamp) NacosException(com.alibaba.nacos.api.exception.NacosException) PostMapping(org.springframework.web.bind.annotation.PostMapping) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 4 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class UserController method deleteUser.

/**
 * Delete an existed user.
 *
 * @param username username of user
 * @return ok if deleted succeed, keep silent if user not exist
 * @since 1.2.0
 */
@DeleteMapping
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
public Object deleteUser(@RequestParam String username) {
    List<RoleInfo> roleInfoList = roleService.getRoles(username);
    if (roleInfoList != null) {
        for (RoleInfo roleInfo : roleInfoList) {
            if (roleInfo.getRole().equals(AuthConstants.GLOBAL_ADMIN_ROLE)) {
                throw new IllegalArgumentException("cannot delete admin: " + username);
            }
        }
    }
    userDetailsService.deleteUser(username);
    return RestResultUtils.success("delete user ok!");
}
Also used : RoleInfo(com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo) DeleteMapping(org.springframework.web.bind.annotation.DeleteMapping) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 5 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class UserController method updateUser.

/**
 * Update an user.
 *
 * @param username    username of user
 * @param newPassword new password of user
 * @param response    http response
 * @param request     http request
 * @return ok if update succeed
 * @throws IllegalArgumentException if user not exist or oldPassword is incorrect
 * @since 1.2.0
 */
@PutMapping
@Secured(resource = AuthConstants.UPDATE_PASSWORD_ENTRY_POINT, action = ActionTypes.WRITE)
public Object updateUser(@RequestParam String username, @RequestParam String newPassword, HttpServletResponse response, HttpServletRequest request) throws IOException {
    // admin or same user
    if (!hasPermission(username, request)) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "authorization failed!");
        return null;
    }
    User user = userDetailsService.getUserFromDatabase(username);
    if (user == null) {
        throw new IllegalArgumentException("user " + username + " not exist!");
    }
    userDetailsService.updateUserPassword(username, PasswordEncoderUtil.encode(newPassword));
    return RestResultUtils.success("update user ok!");
}
Also used : NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser) User(com.alibaba.nacos.plugin.auth.impl.persistence.User) Secured(com.alibaba.nacos.auth.annotation.Secured) PutMapping(org.springframework.web.bind.annotation.PutMapping)

Aggregations

Secured (com.alibaba.nacos.auth.annotation.Secured)104 Resource (com.alibaba.nacos.plugin.auth.api.Resource)34 Test (org.junit.Test)32 GetMapping (org.springframework.web.bind.annotation.GetMapping)20 CanDistro (com.alibaba.nacos.naming.web.CanDistro)17 Instance (com.alibaba.nacos.api.naming.pojo.Instance)16 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)15 PostMapping (org.springframework.web.bind.annotation.PostMapping)13 PutMapping (org.springframework.web.bind.annotation.PutMapping)13 DeleteMapping (org.springframework.web.bind.annotation.DeleteMapping)12 ConfigDataChangeEvent (com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent)10 Timestamp (java.sql.Timestamp)10 NacosException (com.alibaba.nacos.api.exception.NacosException)8 AbstractNamingRequest (com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest)8 Request (com.alibaba.nacos.api.remote.request.Request)8 ConfigInfo (com.alibaba.nacos.config.server.model.ConfigInfo)8 ServiceMetadata (com.alibaba.nacos.naming.core.v2.metadata.ServiceMetadata)7 ConfigBatchListenRequest (com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest)6 HashMap (java.util.HashMap)6 ConfigAllInfo (com.alibaba.nacos.config.server.model.ConfigAllInfo)5