Search in sources :

Example 1 with NacosUser

use of com.alibaba.nacos.plugin.auth.impl.users.NacosUser in project nacos by alibaba.

the class NacosAuthManager method login.

/**
 * Authentication of request, identify the user who request the resource.
 *
 * @param request where we can find the user information
 * @return user related to this request, null if no user info is found.
 * @throws AccessException if authentication is failed
 */
public User login(Object request) throws AccessException {
    HttpServletRequest req = (HttpServletRequest) request;
    String token = resolveToken(req);
    validate0(token);
    NacosUser user = getNacosUser(token);
    req.getSession().setAttribute(AuthConstants.NACOS_USER_KEY, user);
    req.getSession().setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_ID, user.getUserName());
    return user;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser)

Example 2 with NacosUser

use of com.alibaba.nacos.plugin.auth.impl.users.NacosUser in project nacos by alibaba.

the class NacosAuthPluginService method validateAuthority.

@Override
public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException {
    NacosUser user = (NacosUser) identityContext.getParameter(USER_IDENTITY_PARAM_KEY);
    nacosAuthManager.auth(permission, user);
    return true;
}
Also used : NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser)

Example 3 with NacosUser

use of com.alibaba.nacos.plugin.auth.impl.users.NacosUser in project nacos by alibaba.

the class UserControllerTest method setUp.

@Before
public void setUp() throws Exception {
    userController = new UserController();
    user = new NacosUser();
    user.setUserName("nacos");
    user.setGlobalAdmin(true);
    user.setToken("1234567890");
    injectObject("authConfigs", authConfigs);
    injectObject("authManager", authManager);
    injectObject("nacosAuthConfig", nacosAuthConfig);
}
Also used : NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser) Before(org.junit.Before)

Example 4 with NacosUser

use of com.alibaba.nacos.plugin.auth.impl.users.NacosUser in project nacos by alibaba.

the class UserController method login.

/**
 * Login to Nacos
 *
 * <p>This methods uses username and password to require a new token.
 *
 * @param username username of user
 * @param password password
 * @param response http response
 * @param request  http request
 * @return new token of the user
 * @throws AccessException if user info is incorrect
 */
@PostMapping("/login")
public Object login(@RequestParam String username, @RequestParam String password, HttpServletResponse response, HttpServletRequest request) throws AccessException {
    if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType()) || AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
        NacosUser user = (NacosUser) authManager.login(request);
        response.addHeader(AuthConstants.AUTHORIZATION_HEADER, AuthConstants.TOKEN_PREFIX + user.getToken());
        ObjectNode result = JacksonUtils.createEmptyJsonNode();
        result.put(Constants.ACCESS_TOKEN, user.getToken());
        result.put(Constants.TOKEN_TTL, nacosAuthConfig.getTokenValidityInSeconds());
        result.put(Constants.GLOBAL_ADMIN, user.isGlobalAdmin());
        result.put(Constants.USERNAME, user.getUserName());
        return result;
    }
    // create Authentication class through username and password, the implement class is UsernamePasswordAuthenticationToken
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
    try {
        // use the method authenticate of AuthenticationManager(default implement is ProviderManager) to valid Authentication
        Authentication authentication = authenticationManager.authenticate(authenticationToken);
        // bind SecurityContext to Authentication
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // generate Token
        String token = jwtTokenManager.createToken(authentication);
        // write Token to Http header
        response.addHeader(AuthConstants.AUTHORIZATION_HEADER, "Bearer " + token);
        return RestResultUtils.success("Bearer " + token);
    } catch (BadCredentialsException authentication) {
        return RestResultUtils.failed(HttpStatus.UNAUTHORIZED.value(), null, "Login failed");
    }
}
Also used : NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 5 with NacosUser

use of com.alibaba.nacos.plugin.auth.impl.users.NacosUser in project nacos by alibaba.

the class NacosAuthManager method getNacosUser.

private NacosUser getNacosUser(String token) {
    Authentication authentication = tokenManager.getAuthentication(token);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    String username = authentication.getName();
    NacosUser user = new NacosUser();
    user.setUserName(username);
    user.setToken(token);
    List<RoleInfo> roleInfoList = roleService.getRoles(username);
    if (roleInfoList != null) {
        for (RoleInfo roleInfo : roleInfoList) {
            if (roleInfo.getRole().equals(AuthConstants.GLOBAL_ADMIN_ROLE)) {
                user.setGlobalAdmin(true);
                break;
            }
        }
    }
    return user;
}
Also used : NacosUser(com.alibaba.nacos.plugin.auth.impl.users.NacosUser) RoleInfo(com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo) Authentication(org.springframework.security.core.Authentication)

Aggregations

NacosUser (com.alibaba.nacos.plugin.auth.impl.users.NacosUser)5 Authentication (org.springframework.security.core.Authentication)2 RoleInfo (com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo)1 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Before (org.junit.Before)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1