Example 36 with Secured
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class HistoryController method getConfigHistoryInfo.
/**
* Query the detailed configuration history information. notes:
*
* @param nid history_config_info nid
* @param dataId dataId @since 2.0.3
* @param group groupId @since 2.0.3
* @param tenant tenantId @since 2.0.3
* @return history config info
* @since 2.0.3 add {@link Secured}, dataId, groupId and tenant for history config permission check.
*/
@GetMapping
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
public ConfigHistoryInfo getConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("nid") Long nid) throws AccessException {
ConfigHistoryInfo configHistoryInfo = persistService.detailConfigHistory(nid);
if (Objects.isNull(configHistoryInfo)) {
return null;
}
// check if history config match the input
checkHistoryInfoPermission(configHistoryInfo, dataId, group, tenant);
String encryptedDataKey = configHistoryInfo.getEncryptedDataKey();
Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, configHistoryInfo.getContent());
configHistoryInfo.setContent(pair.getSecond());
return configHistoryInfo;
}
Also used :
ConfigHistoryInfo(com.alibaba.nacos.config.server.model.ConfigHistoryInfo)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Secured(com.alibaba.nacos.auth.annotation.Secured)
Example 37 with Secured
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class ConfigPublishRequestHandler method handle.
@Override
@TpsControl(pointName = "ConfigPublish", parsers = { ConfigPublishGroupKeyParser.class, ConfigPublishGroupParser.class })
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG)
public ConfigPublishResponse handle(ConfigPublishRequest request, RequestMeta meta) throws NacosException {
try {
String dataId = request.getDataId();
String group = request.getGroup();
String content = request.getContent();
final String tenant = request.getTenant();
final String srcIp = meta.getClientIp();
final String requestIpApp = request.getAdditionParam("requestIpApp");
final String tag = request.getAdditionParam("tag");
final String appName = request.getAdditionParam("appName");
final String type = request.getAdditionParam("type");
final String srcUser = request.getAdditionParam("src_user");
final String encryptedDataKey = request.getAdditionParam("encryptedDataKey");
// check tenant
ParamUtils.checkParam(dataId, group, "datumId", content);
ParamUtils.checkParam(tag);
Map<String, Object> configAdvanceInfo = new HashMap<String, Object>(10);
MapUtil.putIfValNoNull(configAdvanceInfo, "config_tags", request.getAdditionParam("config_tags"));
MapUtil.putIfValNoNull(configAdvanceInfo, "desc", request.getAdditionParam("desc"));
MapUtil.putIfValNoNull(configAdvanceInfo, "use", request.getAdditionParam("use"));
MapUtil.putIfValNoNull(configAdvanceInfo, "effect", request.getAdditionParam("effect"));
MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
MapUtil.putIfValNoNull(configAdvanceInfo, "schema", request.getAdditionParam("schema"));
ParamUtils.checkParam(configAdvanceInfo);
if (AggrWhitelist.isAggrDataId(dataId)) {
Loggers.REMOTE_DIGEST.warn("[aggr-conflict] {} attempt to publish single data, {}, {}", srcIp, dataId, group);
throw new NacosException(NacosException.NO_RIGHT, "dataId:" + dataId + " is aggr");
}
final Timestamp time = TimeUtils.getCurrentTime();
ConfigInfo configInfo = new ConfigInfo(dataId, group, tenant, appName, content);
configInfo.setMd5(request.getCasMd5());
configInfo.setType(type);
configInfo.setEncryptedDataKey(encryptedDataKey);
String betaIps = request.getAdditionParam("betaIps");
if (StringUtils.isBlank(betaIps)) {
if (StringUtils.isBlank(tag)) {
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateCas(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdate(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, time.getTime()));
} else {
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateTagCas(configInfo, tag, srcIp, srcUser, time, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish tag config fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdateTag(configInfo, tag, srcIp, srcUser, time, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, tag, time.getTime()));
}
} else {
// beta publish
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateBetaCas(configInfo, betaIps, srcIp, srcUser, time, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish beta config fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdateBeta(configInfo, betaIps, srcIp, srcUser, time, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(true, dataId, group, tenant, time.getTime()));
}
ConfigTraceService.logPersistenceEvent(dataId, group, tenant, requestIpApp, time.getTime(), InetUtils.getSelfIP(), ConfigTraceService.PERSISTENCE_EVENT_PUB, content);
return ConfigPublishResponse.buildSuccessResponse();
} catch (Exception e) {
Loggers.REMOTE_DIGEST.error("[ConfigPublishRequestHandler] publish config error ,request ={}", request, e);
return ConfigPublishResponse.buildFailResponse((e instanceof NacosException) ? ((NacosException) e).getErrCode() : ResponseCode.FAIL.getCode(), e.getMessage());
}
}
Also used :
HashMap(java.util.HashMap)
ConfigDataChangeEvent(com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent)
ConfigInfo(com.alibaba.nacos.config.server.model.ConfigInfo)
Timestamp(java.sql.Timestamp)
NacosException(com.alibaba.nacos.api.exception.NacosException)
NacosException(com.alibaba.nacos.api.exception.NacosException)
Secured(com.alibaba.nacos.auth.annotation.Secured)
TpsControl(com.alibaba.nacos.core.remote.control.TpsControl)
Example 38 with Secured
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class GrpcProtocolAuthServiceTest method testParseResourceWithNonExistType.
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = protocolAuthService.parseResource(namingRequest, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}Example 39 with Secured
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class HttpProtocolAuthServiceTest method testParseResourceWithNonExistType.
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}Example 40 with Secured
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class ConfigGrpcResourceParserTest method testParseWithoutDataId.
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutDataId() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("testNs", "testG", "");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
Also used :
Secured(com.alibaba.nacos.auth.annotation.Secured)
ConfigPublishRequest(com.alibaba.nacos.api.config.remote.request.ConfigPublishRequest)
ConfigBatchListenRequest(com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest)
Request(com.alibaba.nacos.api.remote.request.Request)
Resource(com.alibaba.nacos.plugin.auth.api.Resource)
Test(org.junit.Test)
Secured(com.alibaba.nacos.auth.annotation.Secured)
Aggregations
Secured (com.alibaba.nacos.auth.annotation.Secured)104
Resource (com.alibaba.nacos.plugin.auth.api.Resource)34
Test (org.junit.Test)32
GetMapping (org.springframework.web.bind.annotation.GetMapping)20
CanDistro (com.alibaba.nacos.naming.web.CanDistro)17
Instance (com.alibaba.nacos.api.naming.pojo.Instance)16
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)15
PostMapping (org.springframework.web.bind.annotation.PostMapping)13
PutMapping (org.springframework.web.bind.annotation.PutMapping)13
DeleteMapping (org.springframework.web.bind.annotation.DeleteMapping)12
ConfigDataChangeEvent (com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent)10
Timestamp (java.sql.Timestamp)10
NacosException (com.alibaba.nacos.api.exception.NacosException)8
AbstractNamingRequest (com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest)8
Request (com.alibaba.nacos.api.remote.request.Request)8
ConfigInfo (com.alibaba.nacos.config.server.model.ConfigInfo)8
ServiceMetadata (com.alibaba.nacos.naming.core.v2.metadata.ServiceMetadata)7
ConfigBatchListenRequest (com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest)6
HashMap (java.util.HashMap)6
ConfigAllInfo (com.alibaba.nacos.config.server.model.ConfigAllInfo)5
