[servicecomb-java-chassis] branch master updated: [SCB-2262]RSA token would be invalid if service is called before registration (#2368)

liubao Fri, 07 May 2021 23:37:43 -0700

This is an automated email from the ASF dual-hosted git repository.

liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git



The following commit(s) were added to refs/heads/master by this push:
     new 78595b3  [SCB-2262]RSA token would be invalid if service is called 
before registration (#2368)
78595b3 is described below

commit 78595b3a15c3f0a0be95311216ac5f103a9ffbf5
Author: bao liu <bi...@qq.com>
AuthorDate: Sat May 8 14:37:30 2021 +0800

    [SCB-2262]RSA token would be invalid if service is called before 
registration (#2368)
---
 .../pojo-client/src/main/resources/microservice.yaml   |  2 +-
 .../pojo-server/src/main/resources/microservice.yaml   |  2 +-
 demo/demo-pojo/pom.xml                                 |  4 ++++
 .../authentication/consumer/ConsumerAuthHandler.java   | 11 +++++++----
 .../consumer/RSAConsumerTokenManager.java              | 18 ++++++++++--------
 5 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml 
b/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml
index 0b561ff..9fd500d 100644
--- a/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml
+++ b/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml
@@ -33,7 +33,7 @@ servicecomb:
   handler:
     chain:
       Consumer:
-        default: qps-flowcontrol-consumer,bizkeeper-consumer,loadbalance
+        default: 
qps-flowcontrol-consumer,auth-consumer,bizkeeper-consumer,loadbalance
   isolation:
     Consumer:
       enabled: false
diff --git a/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml 
b/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml
index b38218e..a3d73dc 100644
--- a/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml
+++ b/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml
@@ -33,7 +33,7 @@ servicecomb:
   handler:
     chain:
       Provider:
-        default: qps-flowcontrol-provider
+        default: qps-flowcontrol-provider,auth-provider
   flowcontrol:
     Provider:
       qps:
diff --git a/demo/demo-pojo/pom.xml b/demo/demo-pojo/pom.xml
index 3927f75..4349f14 100644
--- a/demo/demo-pojo/pom.xml
+++ b/demo/demo-pojo/pom.xml
@@ -37,6 +37,10 @@
       <artifactId>registry-service-center</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.apache.servicecomb</groupId>
+      <artifactId>handler-publickey-auth</artifactId>
+    </dependency>
+    <dependency>
       <groupId>log4j</groupId>
       <artifactId>log4j</artifactId>
     </dependency>
diff --git 
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java
 
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java
index 715b043..ef5e60a 100644
--- 
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java
+++ 
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java
@@ -18,10 +18,13 @@ package org.apache.servicecomb.authentication.consumer;
 
 import java.util.Optional;
 
+import javax.ws.rs.core.Response.Status;
+
 import org.apache.servicecomb.core.Const;
 import org.apache.servicecomb.core.Handler;
 import org.apache.servicecomb.core.Invocation;
 import org.apache.servicecomb.swagger.invocation.AsyncResponse;
+import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
 
 /**
  *
@@ -31,15 +34,15 @@ import 
org.apache.servicecomb.swagger.invocation.AsyncResponse;
  */
 public class ConsumerAuthHandler implements Handler {
 
-  private RSAConsumerTokenManager athenticationTokenManager = new 
RSAConsumerTokenManager();
+  private RSAConsumerTokenManager authenticationTokenManager = new 
RSAConsumerTokenManager();
 
   @Override
   public void handle(Invocation invocation, AsyncResponse asyncResp) throws 
Exception {
 
-    Optional<String> token = 
Optional.ofNullable(athenticationTokenManager.getToken());
+    Optional<String> token = 
Optional.ofNullable(authenticationTokenManager.getToken());
     if (!token.isPresent()) {
       asyncResp.consumerFail(
-          new IllegalStateException("rejected by consumer authentication 
handler"));
+          new InvocationException(Status.SERVICE_UNAVAILABLE, "auth token is 
not properly configured yet."));
       return;
     }
     invocation.addContext(Const.AUTH_TOKEN, token.get());
@@ -47,6 +50,6 @@ public class ConsumerAuthHandler implements Handler {
   }
 
   public void setAuthenticationTokenManager(RSAConsumerTokenManager 
authenticationTokenManager) {
-    this.athenticationTokenManager = authenticationTokenManager;
+    this.authenticationTokenManager = authenticationTokenManager;
   }
 }
diff --git 
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java
 
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java
index e1f1cd7..b824c0b 100644
--- 
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java
+++ 
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java
@@ -16,11 +16,7 @@
  */
 package org.apache.servicecomb.authentication.consumer;
 
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
-import java.security.SignatureException;
-import java.security.spec.InvalidKeySpecException;
 
 import org.apache.servicecomb.authentication.RSAAuthenticationToken;
 import org.apache.servicecomb.foundation.common.utils.RSAUtils;
@@ -31,7 +27,7 @@ import org.slf4j.LoggerFactory;
 
 public class RSAConsumerTokenManager {
 
-  private static final Logger logger = 
LoggerFactory.getLogger(RSAConsumerTokenManager.class);
+  private static final Logger LOGGER = 
LoggerFactory.getLogger(RSAConsumerTokenManager.class);
 
   private Object lock = new Object();
 
@@ -53,6 +49,12 @@ public class RSAConsumerTokenManager {
     PrivateKey privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey();
     String instanceId = 
RegistrationManager.INSTANCE.getMicroserviceInstance().getInstanceId();
     String serviceId = 
RegistrationManager.INSTANCE.getMicroservice().getServiceId();
+
+    if (instanceId == null || serviceId == null) {
+      LOGGER.error("service not ready when create token.");
+      return null;
+    }
+
     @SuppressWarnings("deprecation")
     String randomCode = 
org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(128);
     long generateTime = System.currentTimeMillis();
@@ -60,9 +62,9 @@ public class RSAConsumerTokenManager {
       String plain = String.format("%s@%s@%s@%s", instanceId, serviceId, 
generateTime, randomCode);
       String sign = RSAUtils.sign(plain, privateKey);
       token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, 
sign));
-    } catch (InvalidKeyException | NoSuchAlgorithmException | 
InvalidKeySpecException | SignatureException e) {
-      logger.error("create token error", e);
-      throw new IllegalStateException("create token error");
+    } catch (Exception e) {
+      LOGGER.error("create token error", e);
+      return null;
     }
     return token.format();
   }

[servicecomb-java-chassis] branch master updated: [SCB-2262]RSA token would be invalid if service is called before registration (#2368)

Reply via email to