This is an automated email from the ASF dual-hosted git repository.
benjobs pushed a commit to branch dev-2.1.3
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git
The following commit(s) were added to refs/heads/dev-2.1.3 by this push:
new bdcc5ba66 [Improve] shiro authentication improvements
bdcc5ba66 is described below
commit bdcc5ba660360fa4a429a732b238fd143a1ef17b
Author: benjobs <[email protected]>
AuthorDate: Sat Mar 16 22:30:52 2024 +0800
[Improve] shiro authentication improvements
---
.../base/exception/IllegalFileTypeException.java | 28 -----------------
.../base/handler/GlobalExceptionHandler.java | 35 +++++++++++-----------
.../console/core/service/ServiceHelper.java | 4 +++
.../console/system/authentication/JWTUtil.java | 15 +++-------
.../console/system/authentication/ShiroRealm.java | 14 ++++-----
.../system/controller/PassportController.java | 2 --
.../src/views/base/login/LoginForm.vue | 1 -
7 files changed, 31 insertions(+), 68 deletions(-)
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/exception/IllegalFileTypeException.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/exception/IllegalFileTypeException.java
deleted file mode 100644
index 531d3f1e1..000000000
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/exception/IllegalFileTypeException.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.base.exception;
-
-public class IllegalFileTypeException extends ApiAlertException {
- public IllegalFileTypeException(String message) {
- super(message);
- }
-
- public IllegalFileTypeException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/handler/GlobalExceptionHandler.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/handler/GlobalExceptionHandler.java
index 5862ed355..238010975 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/handler/GlobalExceptionHandler.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/handler/GlobalExceptionHandler.java
@@ -22,8 +22,8 @@ import org.apache.streampark.console.base.domain.RestResponse;
import org.apache.streampark.console.base.exception.AbstractApiException;
import org.apache.commons.lang3.StringUtils;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authz.UnauthenticatedException;
import com.baomidou.mybatisplus.core.toolkit.StringPool;
import lombok.extern.slf4j.Slf4j;
@@ -48,24 +48,18 @@ import java.util.Set;
@Order(value = Ordered.HIGHEST_PRECEDENCE)
public class GlobalExceptionHandler {
- @ExceptionHandler(value = Exception.class)
- @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
- public RestResponse handleException(Exception e) {
- log.info("Internal server error:", e);
- return RestResponse.fail("internal server error: " + e.getMessage(),
ResponseCode.CODE_FAIL);
- }
-
- @ExceptionHandler(value = AuthorizationException.class)
+ @ExceptionHandler(value = UnauthenticatedException.class)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
- public RestResponse handleException(AuthorizationException e) {
- return RestResponse.fail("Unauthenticated",
ResponseCode.CODE_UNAUTHORIZED);
+ public RestResponse handelUnauthenticatedException(UnauthenticatedException
e) {
+ log.info("Unauthenticated: {}", e.getMessage());
+ return RestResponse.fail("Unauthenticated.",
ResponseCode.CODE_UNAUTHORIZED);
}
- @ExceptionHandler(value = UnauthorizedException.class)
- @ResponseStatus(HttpStatus.FORBIDDEN)
- public RestResponse handleUnauthorizedException(Exception e) {
- log.info("Permission denied,{}", e.getMessage());
- return RestResponse.fail("Unauthenticated", ResponseCode.CODE_FORBIDDEN);
+ @ExceptionHandler(value = AuthenticationException.class)
+ @ResponseStatus(HttpStatus.UNAUTHORIZED)
+ public RestResponse handelUnauthenticatedException(AuthenticationException
e) {
+ log.info("Permission denied: {}", e.getMessage());
+ return RestResponse.fail("Permission denied.",
ResponseCode.CODE_UNAUTHORIZED);
}
@ExceptionHandler(value = AbstractApiException.class)
@@ -75,6 +69,13 @@ public class GlobalExceptionHandler {
return RestResponse.fail(e.getMessage(), e.getResponseCode());
}
+ @ExceptionHandler(value = Exception.class)
+ @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+ @Order(value = Ordered.HIGHEST_PRECEDENCE)
+ public RestResponse handleException(Exception e) {
+ return RestResponse.fail("internal server error: " + e.getMessage(),
ResponseCode.CODE_FAIL);
+ }
+
/**
* Unified processing of request parameter verification (entity object
parameter transfer)
*
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ServiceHelper.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ServiceHelper.java
index 7f0e4af3e..61bae924f 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ServiceHelper.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ServiceHelper.java
@@ -28,6 +28,7 @@ import
org.apache.streampark.flink.kubernetes.ingress.IngressController;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
import io.fabric8.kubernetes.client.KubernetesClientException;
import org.springframework.beans.factory.annotation.Autowired;
@@ -54,6 +55,9 @@ public class ServiceHelper {
public User getLoginUser() {
String token = (String) SecurityUtils.getSubject().getPrincipal();
Long userId = JWTUtil.getUserId(token);
+ if (userId == null) {
+ throw new AuthenticationException("Unauthorized");
+ }
return userService.getById(userId);
}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
index cda382e9e..bafcf171f 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
@@ -22,12 +22,10 @@ import
org.apache.streampark.console.base.util.SpringContextUtils;
import org.apache.streampark.console.core.enums.AuthenticationType;
import org.apache.commons.lang3.RandomStringUtils;
-import org.apache.shiro.authc.AuthenticationException;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import lombok.extern.slf4j.Slf4j;
@@ -53,9 +51,7 @@ public class JWTUtil {
JWTVerifier verifier = JWT.require(algorithm).withClaim("userName",
username).build();
verifier.verify(token);
return true;
- } catch (TokenExpiredException e) {
- throw new AuthenticationException(e.getMessage());
- } catch (Exception e) {
+ } catch (Exception ignored) {
return false;
}
}
@@ -65,19 +61,16 @@ public class JWTUtil {
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("userName").asString();
- } catch (Exception e) {
+ } catch (Exception ignored) {
return null;
}
}
public static Long getUserId(String token) {
- if (token == null) {
- throw new AuthenticationException("Unauthorized");
- }
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("userId").asLong();
- } catch (Exception e) {
+ } catch (Exception ignored) {
return null;
}
}
@@ -87,7 +80,7 @@ public class JWTUtil {
DecodedJWT jwt = JWT.decode(token);
int type = jwt.getClaim("type").asInt();
return AuthenticationType.of(type);
- } catch (Exception e) {
+ } catch (Exception ignored) {
return null;
}
}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
index 2dfea0b0c..9c4e07639 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
@@ -84,17 +84,13 @@ public class ShiroRealm extends AuthorizingRealm {
String username = JWTUtil.getUserName(credential);
if (StringUtils.isBlank(username)) {
- throw new AuthenticationException("Token verification failed");
+ throw new AuthenticationException("the authorization token is invalid");
}
// Query user information by username
User user = userService.findByName(username);
- if (user == null) {
- throw new AuthenticationException("ERROR Incorrect username or
password!");
- }
-
- if (!JWTUtil.verify(credential, username)) {
- throw new AuthenticationException("Authentication fained.");
+ if (user == null || !JWTUtil.verify(credential, username)) {
+ throw new AuthenticationException("the authorization token verification
failed.");
}
AuthenticationType authType = JWTUtil.getAuthType(credential);
@@ -103,11 +99,11 @@ public class ShiroRealm extends AuthorizingRealm {
AccessToken accessToken =
accessTokenService.getByUserId(user.getUserId());
if (accessToken == null
||
!accessToken.getToken().equals(WebUtils.encryptToken(credential))) {
- throw new AuthenticationException("the openapi token is invalid");
+ throw new AuthenticationException("the openapi authorization token is
invalid");
}
if (AccessToken.STATUS_DISABLE.equals(accessToken.getFinalStatus())) {
throw new AuthenticationException(
- "the openapi token has been disabled, please contact the
administrator");
+ "the openapi authorization token has been disabled, please contact
the administrator");
}
SecurityUtils.getSubject().getSession().setAttribute(AccessToken.IS_API_TOKEN,
true);
}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
index 680c4ee21..4a7f1ab94 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
@@ -54,8 +54,6 @@ import java.util.Map;
@RequestMapping("passport")
public class PassportController {
- private static final String TOKEN = "Authorization";
-
@Autowired private UserService userService;
@Autowired private ShiroProperties properties;
diff --git
a/streampark-console/streampark-console-webapp/src/views/base/login/LoginForm.vue
b/streampark-console/streampark-console-webapp/src/views/base/login/LoginForm.vue
index 571b862ee..eb0282414 100644
---
a/streampark-console/streampark-console-webapp/src/views/base/login/LoginForm.vue
+++
b/streampark-console/streampark-console-webapp/src/views/base/login/LoginForm.vue
@@ -185,7 +185,6 @@
localStorage.setItem(APP_TEAMID_KEY_, userStore.teamId);
if (nickName) successText += `: ${nickName}`;
}
-
const loginSuccess = await userStore.afterLoginAction(true);
if (loginSuccess) {
createMessage.success(`${t('sys.login.loginSuccessTitle')}
${successText}`);
