This is an automated email from the ASF dual-hosted git repository.
jianbin pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/incubator-seata.git
The following commit(s) were added to refs/heads/2.x by this push:
new c59ca15da6 optimize: intercept non-leader write requests of the
console trx operation (#7215)
c59ca15da6 is described below
commit c59ca15da69ec6877e0fd0ff8ca5889a66247ab4
Author: Jingliu <[email protected]>
AuthorDate: Sat Mar 15 14:26:29 2025 +0800
optimize: intercept non-leader write requests of the console trx operation
(#7215)
---
changes/en-us/2.x.md | 3 +-
changes/zh-cn/2.x.md | 3 +-
.../console-fe/src/service/transactionInfo.ts | 4 +
.../server/config/SeataNamingserverWebConfig.java | 13 ++++
.../console/aop/GlobalExceptionHandlerAdvice.java | 2 +-
.../RaftCondition.java} | 25 +++---
.../seata/server/filter/RaftLeaderWriteFilter.java | 90 ++++++++++++++++++++++
7 files changed, 122 insertions(+), 18 deletions(-)
diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
index aa57ee6732..e01249399f 100644
--- a/changes/en-us/2.x.md
+++ b/changes/en-us/2.x.md
@@ -18,7 +18,6 @@ Add changes here for all PR submitted to the 2.x branch.
- [[#7181](https://github.com/apache/incubator-seata/pull/7181)] raft
implements domain name resolution and selects peerId
-
### bugfix:
- [[#7104](https://github.com/apache/incubator-seata/pull/7104)] fix impl of
supportsSourceType is not defined
@@ -53,8 +52,10 @@ Add changes here for all PR submitted to the 2.x branch.
- [[#7187](https://github.com/apache/incubator-seata/pull/7187)] Add
dependency-check-maven plugin to detect potential vulnerabilities
- [[#7179](https://github.com/apache/incubator-seata/pull/7179)] Use shared
EventLoop for TM and RM clients to reduce thread overhead and improve
performance
- [[#7194](https://github.com/apache/incubator-seata/pull/7194)] automatically
skipping proxy for datasource of type AbstractRoutingDataSource
+- [[#7215](https://github.com/apache/incubator-seata/pull/7215)] intercept
non-leader write requests of the console trx operation
- [[#7214](https://github.com/apache/incubator-seata/pull/7214)] upgrade
jackson to 2.18.3
+
### security:
- [[#6069](https://github.com/apache/incubator-seata/pull/6069)] Upgrade Guava
dependencies to fix security vulnerabilities
- [[#6145](https://github.com/apache/incubator-seata/pull/6145)] upgrade
jettison to 1.5.4
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
index e7299e0f57..7a93afe32c 100644
--- a/changes/zh-cn/2.x.md
+++ b/changes/zh-cn/2.x.md
@@ -17,7 +17,6 @@
- [[#7182](https://github.com/apache/incubator-seata/pull/7182)]
采用peerId的ip作为raft节点的host
- [[#7181](https://github.com/apache/incubator-seata/pull/7181)]
raft实现域名解析并选择peerId
-
### bugfix:
- [[#7104](https://github.com/apache/incubator-seata/pull/7104)]
修复SeataApplicationListener在低版本springboot未实现supportsSourceType方法的问题
@@ -53,8 +52,10 @@
- [[#7187](https://github.com/apache/incubator-seata/pull/7187)]
增加dependency-check-maven 插件来检测潜在的漏洞
- [[#7179](https://github.com/apache/incubator-seata/pull/7179)] 使用共享的
EventLoop 来减少 TM 和 RM 客户端的线程开销并提高性能
- [[#7194](https://github.com/apache/incubator-seata/pull/7194)]
自动跳过对AbstractRoutingDataSource类型数据源的代理
+- [[#7215](https://github.com/apache/incubator-seata/pull/7215)]
拦截控制台写操作的非leader的raft请求
- [[#7214](https://github.com/apache/incubator-seata/pull/7214)] 升级 jackson 至
2.18.3 版本
+
### security:
- [[#6069](https://github.com/apache/incubator-seata/pull/6069)]
升级Guava依赖版本,修复安全漏洞
- [[#6144](https://github.com/apache/incubator-seata/pull/6144)]
升级Nacos依赖版本至1.4.6
diff --git
a/console/src/main/resources/static/console-fe/src/service/transactionInfo.ts
b/console/src/main/resources/static/console-fe/src/service/transactionInfo.ts
index 932ad1bf36..dcf6a53bab 100644
---
a/console/src/main/resources/static/console-fe/src/service/transactionInfo.ts
+++
b/console/src/main/resources/static/console-fe/src/service/transactionInfo.ts
@@ -139,6 +139,10 @@ export async function sendGlobalCommitOrRollback(params:
BranchSessionParam): Pr
xid,
vgroup
},
+ headers: {
+ 'x-seata-namespace': params.namespace,
+ 'x-seata-cluster': params.cluster,
+ },
});
return result;
}
diff --git
a/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
b/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
index 21f045aecd..8a173fd10a 100644
---
a/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
+++
b/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
@@ -16,10 +16,14 @@
*/
package org.apache.seata.server.config;
+import org.apache.seata.server.filter.RaftCondition;
import org.apache.seata.server.filter.RaftGroupFilter;
+import org.apache.seata.server.filter.RaftLeaderWriteFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.DependsOn;
@Configuration
public class SeataNamingserverWebConfig {
@@ -32,4 +36,13 @@ public class SeataNamingserverWebConfig {
return registrationBean;
}
+ @Bean
+ @Conditional(RaftCondition.class)
+ @DependsOn("raftLeaderWriteFilter")
+ public FilterRegistrationBean<RaftLeaderWriteFilter>
raftLeaderWriteServletFilter(RaftLeaderWriteFilter raftLeaderWriteFilter) {
+ FilterRegistrationBean<RaftLeaderWriteFilter> registrationBean = new
FilterRegistrationBean<>();
+ registrationBean.setFilter(raftLeaderWriteFilter);
+ registrationBean.addUrlPatterns("/api/v1/console/*");
+ return registrationBean;
+ }
}
diff --git
a/server/src/main/java/org/apache/seata/server/console/aop/GlobalExceptionHandlerAdvice.java
b/server/src/main/java/org/apache/seata/server/console/aop/GlobalExceptionHandlerAdvice.java
index 4ac21f659c..564447195d 100644
---
a/server/src/main/java/org/apache/seata/server/console/aop/GlobalExceptionHandlerAdvice.java
+++
b/server/src/main/java/org/apache/seata/server/console/aop/GlobalExceptionHandlerAdvice.java
@@ -27,7 +27,7 @@ import
org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
-@ControllerAdvice
+@ControllerAdvice(basePackages = "org.apache.seata.server.console.controller")
@Component
public class GlobalExceptionHandlerAdvice {
private static final Logger LOGGER =
LoggerFactory.getLogger(GlobalExceptionHandlerAdvice.class);
diff --git
a/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
b/server/src/main/java/org/apache/seata/server/filter/RaftCondition.java
similarity index 55%
copy from
server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
copy to server/src/main/java/org/apache/seata/server/filter/RaftCondition.java
index 21f045aecd..c1d3157f81 100644
---
a/server/src/main/java/org/apache/seata/server/config/SeataNamingserverWebConfig.java
+++ b/server/src/main/java/org/apache/seata/server/filter/RaftCondition.java
@@ -14,22 +14,17 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.seata.server.config;
+package org.apache.seata.server.filter;
-import org.apache.seata.server.filter.RaftGroupFilter;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
+import org.apache.seata.common.store.SessionMode;
+import org.apache.seata.server.store.StoreConfig;
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
-@Configuration
-public class SeataNamingserverWebConfig {
-
- @Bean
- public FilterRegistrationBean<RaftGroupFilter> raftGroupFilter() {
- FilterRegistrationBean<RaftGroupFilter> registrationBean = new
FilterRegistrationBean<>();
- registrationBean.setFilter(new RaftGroupFilter());
- registrationBean.addUrlPatterns("/vgroup/v1/*");
- return registrationBean;
+public class RaftCondition implements Condition {
+ @Override
+ public boolean matches(ConditionContext context, AnnotatedTypeMetadata
metadata) {
+ return StoreConfig.getSessionMode() == SessionMode.RAFT;
}
-
}
diff --git
a/server/src/main/java/org/apache/seata/server/filter/RaftLeaderWriteFilter.java
b/server/src/main/java/org/apache/seata/server/filter/RaftLeaderWriteFilter.java
new file mode 100644
index 0000000000..6365468208
--- /dev/null
+++
b/server/src/main/java/org/apache/seata/server/filter/RaftLeaderWriteFilter.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.server.filter;
+
+import org.apache.seata.common.store.SessionMode;
+import org.apache.seata.core.exception.TransactionException;
+import org.apache.seata.core.exception.TransactionExceptionCode;
+import org.apache.seata.server.cluster.listener.ClusterChangeEvent;
+import org.apache.seata.server.cluster.raft.context.SeataClusterContext;
+import org.apache.seata.server.console.exception.ConsoleException;
+import org.apache.seata.server.store.StoreConfig;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * Raft Leader Write Filter
+ */
+@Component
+@Conditional(RaftCondition.class)
+public class RaftLeaderWriteFilter implements Filter,
ApplicationListener<ClusterChangeEvent> {
+
+ private static final Map<String, Boolean> GROUP_PREVENT = new
ConcurrentHashMap<>();
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {}
+
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse,
+ FilterChain filterChain) throws IOException,
ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
+ String method = httpRequest.getMethod();
+ if (!HttpMethod.GET.name().equalsIgnoreCase(method)) {
+ String group = SeataClusterContext.getGroup();
+ if (!isPass(group)) {
+ throw new ConsoleException(new
TransactionException(TransactionExceptionCode.NotRaftLeader,
+ " The current TC is not a leader node, interrupt
processing of transactions!"),
+ " The current TC is not a leader node, interrupt
processing of transactions!");
+ }
+ }
+
+ filterChain.doFilter(servletRequest, servletResponse);
+ }
+
+ @Override
+ public void onApplicationEvent(ClusterChangeEvent event) {
+ setPrevent(event.getGroup(), event.isLeader());
+ }
+
+ @Override
+ public void destroy() {}
+
+ public static void setPrevent(String group, boolean prevent) {
+ if (StoreConfig.getSessionMode() == SessionMode.RAFT) {
+ GROUP_PREVENT.put(group, prevent);
+ }
+ }
+
+ private boolean isPass(String group) {
+ // Non-raft mode always allows requests
+ return Optional.ofNullable(GROUP_PREVENT.get(group)).orElse(false);
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
