This is an automated email from the ASF dual-hosted git repository. liubao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push: new 78595b3 [SCB-2262]RSA token would be invalid if service is called before registration (#2368) 78595b3 is described below commit 78595b3a15c3f0a0be95311216ac5f103a9ffbf5 Author: bao liu <bi...@qq.com> AuthorDate: Sat May 8 14:37:30 2021 +0800 [SCB-2262]RSA token would be invalid if service is called before registration (#2368) --- .../pojo-client/src/main/resources/microservice.yaml | 2 +- .../pojo-server/src/main/resources/microservice.yaml | 2 +- demo/demo-pojo/pom.xml | 4 ++++ .../authentication/consumer/ConsumerAuthHandler.java | 11 +++++++---- .../consumer/RSAConsumerTokenManager.java | 18 ++++++++++-------- 5 files changed, 23 insertions(+), 14 deletions(-) diff --git a/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml b/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml index 0b561ff..9fd500d 100644 --- a/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml +++ b/demo/demo-pojo/pojo-client/src/main/resources/microservice.yaml @@ -33,7 +33,7 @@ servicecomb: handler: chain: Consumer: - default: qps-flowcontrol-consumer,bizkeeper-consumer,loadbalance + default: qps-flowcontrol-consumer,auth-consumer,bizkeeper-consumer,loadbalance isolation: Consumer: enabled: false diff --git a/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml b/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml index b38218e..a3d73dc 100644 --- a/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml +++ b/demo/demo-pojo/pojo-server/src/main/resources/microservice.yaml @@ -33,7 +33,7 @@ servicecomb: handler: chain: Provider: - default: qps-flowcontrol-provider + default: qps-flowcontrol-provider,auth-provider flowcontrol: Provider: qps: diff --git a/demo/demo-pojo/pom.xml b/demo/demo-pojo/pom.xml index 3927f75..4349f14 100644 --- a/demo/demo-pojo/pom.xml +++ b/demo/demo-pojo/pom.xml @@ -37,6 +37,10 @@ <artifactId>registry-service-center</artifactId> </dependency> <dependency> + <groupId>org.apache.servicecomb</groupId> + <artifactId>handler-publickey-auth</artifactId> + </dependency> + <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </dependency> diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java index 715b043..ef5e60a 100644 --- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -18,10 +18,13 @@ package org.apache.servicecomb.authentication.consumer; import java.util.Optional; +import javax.ws.rs.core.Response.Status; + import org.apache.servicecomb.core.Const; import org.apache.servicecomb.core.Handler; import org.apache.servicecomb.core.Invocation; import org.apache.servicecomb.swagger.invocation.AsyncResponse; +import org.apache.servicecomb.swagger.invocation.exception.InvocationException; /** * @@ -31,15 +34,15 @@ import org.apache.servicecomb.swagger.invocation.AsyncResponse; */ public class ConsumerAuthHandler implements Handler { - private RSAConsumerTokenManager athenticationTokenManager = new RSAConsumerTokenManager(); + private RSAConsumerTokenManager authenticationTokenManager = new RSAConsumerTokenManager(); @Override public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { - Optional<String> token = Optional.ofNullable(athenticationTokenManager.getToken()); + Optional<String> token = Optional.ofNullable(authenticationTokenManager.getToken()); if (!token.isPresent()) { asyncResp.consumerFail( - new IllegalStateException("rejected by consumer authentication handler")); + new InvocationException(Status.SERVICE_UNAVAILABLE, "auth token is not properly configured yet.")); return; } invocation.addContext(Const.AUTH_TOKEN, token.get()); @@ -47,6 +50,6 @@ public class ConsumerAuthHandler implements Handler { } public void setAuthenticationTokenManager(RSAConsumerTokenManager authenticationTokenManager) { - this.athenticationTokenManager = authenticationTokenManager; + this.authenticationTokenManager = authenticationTokenManager; } } diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java index e1f1cd7..b824c0b 100644 --- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/consumer/RSAConsumerTokenManager.java @@ -16,11 +16,7 @@ */ package org.apache.servicecomb.authentication.consumer; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; import org.apache.servicecomb.authentication.RSAAuthenticationToken; import org.apache.servicecomb.foundation.common.utils.RSAUtils; @@ -31,7 +27,7 @@ import org.slf4j.LoggerFactory; public class RSAConsumerTokenManager { - private static final Logger logger = LoggerFactory.getLogger(RSAConsumerTokenManager.class); + private static final Logger LOGGER = LoggerFactory.getLogger(RSAConsumerTokenManager.class); private Object lock = new Object(); @@ -53,6 +49,12 @@ public class RSAConsumerTokenManager { PrivateKey privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); String instanceId = RegistrationManager.INSTANCE.getMicroserviceInstance().getInstanceId(); String serviceId = RegistrationManager.INSTANCE.getMicroservice().getServiceId(); + + if (instanceId == null || serviceId == null) { + LOGGER.error("service not ready when create token."); + return null; + } + @SuppressWarnings("deprecation") String randomCode = org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(128); long generateTime = System.currentTimeMillis(); @@ -60,9 +62,9 @@ public class RSAConsumerTokenManager { String plain = String.format("%s@%s@%s@%s", instanceId, serviceId, generateTime, randomCode); String sign = RSAUtils.sign(plain, privateKey); token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); - } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { - logger.error("create token error", e); - throw new IllegalStateException("create token error"); + } catch (Exception e) { + LOGGER.error("create token error", e); + return null; } return token.format(); }