From c7a20bd13217bb795e5848293ebece1f196a6f62 Mon Sep 17 00:00:00 2001
From: Sunrisea <49605583+Sunrisea@users.noreply.github.com>
Date: Tue, 11 Jul 2023 17:52:54 +0800
Subject: [PATCH 01/29] [ISSUE #10734] Implement http request param check
filter and http param extractors (#10758)
* For #10734,Implement grpc server interceptor and grpc param extractors
* For #10734,add unit test for grpc server interceptor and grpc param extractors
* For #10734,alter the test case
* For #10734,delete the ConnectionSetupRequestParamExtractor
* For #10734,add the naming http request param check filter and implement the naming http request param extractors
* For #10734,add unit test for naming http request param extractors
* For #10734,Implement grpc server interceptor and grpc param extractors
* For #10734,add unit test for grpc server interceptor and grpc param extractors
* For #10734,delete the ConnectionSetupRequestParamExtractor
* For #10734,add the naming http request param check filter and implement the naming http request param extractors
* For #10734,add unit test for naming http request param extractors
* For #10734,add the config http request param check filter and implement the config http request param extractors and unit test
* For #10734,add the console http request param check filter and implement the console http request param extractors and unit test
* For #10734,fix code style
* For #10734,alter the logic of exception handle in filter
* For #10734,fix code style
---
.../NacosConfigConfiguration.java | 20 +++-
.../server/filter/ConfigParamCheckFilter.java | 66 +++++++++++
.../ConfigDefaultHttpParamExtractor.java | 73 +++++++++++++
.../ConfigListenerHttpParamExtractor.java | 70 ++++++++++++
...core.paramcheck.AbstractHttpParamExtractor | 18 +++
.../ConfigDefaultHttpParamExtractorTest.java | 46 ++++++++
.../ConfigListenerHttpParamExtractorTest.java | 44 ++++++++
.../console/config/ConsoleFilterConfig.java | 47 ++++++++
.../filter/ConsoleParamCheckFilter.java | 66 +++++++++++
.../ConsoleDefaultHttpParamExtractor.java | 58 ++++++++++
...core.paramcheck.AbstractHttpParamExtractor | 17 +++
.../ConsoleDefaultHttpParamExtractorTest.java | 43 ++++++++
.../NamingDefaultHttpParamExtractor.java | 103 ++++++++++++++++++
.../NamingInstanceBeatHttpParamExtractor.java | 73 +++++++++++++
.../NamingInstanceListHttpParamExtractor.java | 65 +++++++++++
...stanceMetadataBatchHttpParamExtractor.java | 82 ++++++++++++++
.../nacos/naming/web/NamingConfig.java | 22 +++-
.../naming/web/NamingParamCheckFilter.java | 67 ++++++++++++
...core.paramcheck.AbstractHttpParamExtractor | 20 ++++
.../NamingDefaultHttpParamExtractorTest.java | 43 ++++++++
...ingInstanceBeatHttpParamExtractorTest.java | 45 ++++++++
...ingInstanceListHttpParamExtractorTest.java | 44 ++++++++
...ceMetadataBatchHttpParamExtractorTest.java | 44 ++++++++
.../AbstractInstanceOperate_ITCase.java | 2 +-
24 files changed, 1174 insertions(+), 4 deletions(-)
create mode 100644 config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java
create mode 100644 config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java
create mode 100644 config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java
create mode 100644 config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
create mode 100644 config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractorTest.java
create mode 100644 config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractorTest.java
create mode 100644 console/src/main/java/com/alibaba/nacos/console/config/ConsoleFilterConfig.java
create mode 100644 console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java
create mode 100644 console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java
create mode 100644 console/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
create mode 100644 console/src/test/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractorTest.java
create mode 100644 naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java
create mode 100644 naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java
create mode 100644 naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java
create mode 100644 naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java
create mode 100644 naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java
create mode 100644 naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
create mode 100644 naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractorTest.java
create mode 100644 naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractorTest.java
create mode 100644 naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractorTest.java
create mode 100644 naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractorTest.java
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/configuration/NacosConfigConfiguration.java b/config/src/main/java/com/alibaba/nacos/config/server/configuration/NacosConfigConfiguration.java
index 3fa606b3358..85369d3bb55 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/configuration/NacosConfigConfiguration.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/configuration/NacosConfigConfiguration.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,8 +16,9 @@
package com.alibaba.nacos.config.server.configuration;
-import com.alibaba.nacos.config.server.filter.NacosWebFilter;
import com.alibaba.nacos.config.server.filter.CircuitFilter;
+import com.alibaba.nacos.config.server.filter.ConfigParamCheckFilter;
+import com.alibaba.nacos.config.server.filter.NacosWebFilter;
import com.alibaba.nacos.persistence.configuration.condition.ConditionDistributedEmbedStorage;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
@@ -65,4 +66,19 @@ public CircuitFilter transferToLeader() {
return new CircuitFilter();
}
+ @Bean
+ public FilterRegistrationBean configParamCheckFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean<>();
+ registration.setFilter(configParamCheckFilter());
+ registration.addUrlPatterns("/v1/cs/*");
+ registration.addUrlPatterns("/v2/cs/*");
+ registration.setName("configparamcheckfilter");
+ registration.setOrder(8);
+ return registration;
+ }
+
+ @Bean
+ public ConfigParamCheckFilter configParamCheckFilter() {
+ return new ConfigParamCheckFilter();
+ }
}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java b/config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java
new file mode 100644
index 00000000000..08422525367
--- /dev/null
+++ b/config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.filter;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * Config param check filter.
+ *
+ * @author zhuoguang
+ */
+public class ConfigParamCheckFilter implements Filter {
+
+ private static final String MODULE = "config";
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+ if (!ifParamCheck) {
+ chain.doFilter(request, response);
+ return;
+ }
+ HttpServletRequest req = (HttpServletRequest) request;
+ HttpServletResponse resp = (HttpServletResponse) response;
+ try {
+ String uri = req.getRequestURI();
+ String method = req.getMethod();
+ HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+ paramExtractor.extractParamAndCheck(req);
+ chain.doFilter(req, resp);
+ } catch (Exception e) {
+ resp.setStatus(400);
+ PrintWriter writer = resp.getWriter();
+ writer.print(e.getMessage());
+ writer.flush();
+ }
+ }
+}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java b/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java
new file mode 100644
index 00000000000..e85762aecc5
--- /dev/null
+++ b/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Config default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConfigDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addDefaultTargetRequest("config");
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) {
+ ParamInfo paramInfo = new ParamInfo();
+ paramInfo.setNamespaceId(getAliasNamespaceId(request));
+ paramInfo.setDataId(getAliasDataId(request));
+ paramInfo.setGroup(getAliasGroup(request));
+ paramInfo.setIp(getAliasIp(request));
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ }
+
+ private String getAliasNamespaceId(HttpServletRequest request) {
+ String namespaceid = request.getParameter("namespaceId");
+ if (StringUtils.isBlank(namespaceid)) {
+ namespaceid = request.getParameter("tenant");
+ }
+ if (StringUtils.isBlank(namespaceid)) {
+ namespaceid = request.getParameter("namespace");
+ }
+ return namespaceid;
+ }
+
+ private String getAliasDataId(HttpServletRequest request) {
+ String dataid = request.getParameter("dataId");
+ return dataid;
+ }
+
+ private String getAliasGroup(HttpServletRequest request) {
+ String group = request.getParameter("group");
+ return group;
+ }
+
+ private String getAliasIp(HttpServletRequest request) {
+ String ip = request.getParameter("ip");
+ return ip;
+ }
+}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java b/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java
new file mode 100644
index 00000000000..2c6a9b60e8d
--- /dev/null
+++ b/config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.config.server.constant.Constants;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+import java.net.URLDecoder;
+
+/**
+ * ConfigListener http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConfigListenerHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ static final char WORD_SEPARATOR_CHAR = (char) 2;
+
+ static final char LINE_SEPARATOR_CHAR = (char) 1;
+
+ @Override
+ public void init() {
+ addTargetRequest(Constants.CONFIG_CONTROLLER_PATH + "/listener", HttpMethod.POST);
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+ String listenConfigs = request.getParameter("Listening-Configs");
+ if (StringUtils.isBlank(listenConfigs)) {
+ return;
+ }
+ listenConfigs = URLDecoder.decode(listenConfigs, Constants.ENCODE);
+ if (StringUtils.isBlank(listenConfigs)) {
+ return;
+ }
+ String[] lines = listenConfigs.split(Character.toString(LINE_SEPARATOR_CHAR));
+ for (String line : lines) {
+ ParamInfo paramInfo = new ParamInfo();
+ String[] words = line.split(Character.toString(WORD_SEPARATOR_CHAR));
+ if (words.length < 3 || words.length > 4) {
+ throw new IllegalArgumentException("invalid probeModify");
+ }
+ paramInfo.setDataId(words[0]);
+ paramInfo.setGroup(words[1]);
+ if (words.length == 4) {
+ paramInfo.setNamespaceId(words[3]);
+ }
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ }
+ }
+}
diff --git a/config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor b/config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
new file mode 100644
index 00000000000..0e04de6d2b8
--- /dev/null
+++ b/config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
@@ -0,0 +1,18 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.config.server.paramcheck.ConfigDefaultHttpParamExtractor
+com.alibaba.nacos.config.server.paramcheck.ConfigListenerHttpParamExtractor
\ No newline at end of file
diff --git a/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractorTest.java b/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractorTest.java
new file mode 100644
index 00000000000..bf234f9b18d
--- /dev/null
+++ b/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractorTest.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Config default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConfigDefaultHttpParamExtractorTest {
+
+ /**
+ * Extract param and check.
+ */
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos/v1/cs/testst");
+ request.setMethod(HttpMethod.PUT);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "config");
+ assertEquals(ConfigDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractorTest.java b/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractorTest.java
new file mode 100644
index 00000000000..6cc32bbc41a
--- /dev/null
+++ b/config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractorTest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.config.server.constant.Constants;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Config listener http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConfigListenerHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos" + Constants.CONFIG_CONTROLLER_PATH + "/listener");
+ request.setMethod(HttpMethod.POST);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "config");
+ assertEquals(ConfigListenerHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/console/src/main/java/com/alibaba/nacos/console/config/ConsoleFilterConfig.java b/console/src/main/java/com/alibaba/nacos/console/config/ConsoleFilterConfig.java
new file mode 100644
index 00000000000..0d2942d40d1
--- /dev/null
+++ b/console/src/main/java/com/alibaba/nacos/console/config/ConsoleFilterConfig.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.config;
+
+import com.alibaba.nacos.console.filter.ConsoleParamCheckFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Console filter config.
+ *
+ * @author zhuoguang
+ */
+@Configuration
+public class ConsoleFilterConfig {
+
+ @Bean
+ public FilterRegistrationBean consoleParamCheckFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean<>();
+ registration.setFilter(consoleParamCheckFilter());
+ registration.addUrlPatterns("/v1/console/*");
+ registration.addUrlPatterns("/v2/console/*");
+ registration.setName("consoleparamcheckfilter");
+ registration.setOrder(8);
+ return registration;
+ }
+
+ @Bean
+ public ConsoleParamCheckFilter consoleParamCheckFilter() {
+ return new ConsoleParamCheckFilter();
+ }
+}
diff --git a/console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java b/console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java
new file mode 100644
index 00000000000..78e74cb8a82
--- /dev/null
+++ b/console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.filter;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * console param check filter.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleParamCheckFilter implements Filter {
+
+ private static final String MODULE = "console";
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+ if (!ifParamCheck) {
+ chain.doFilter(request, response);
+ return;
+ }
+ HttpServletRequest req = (HttpServletRequest) request;
+ HttpServletResponse resp = (HttpServletResponse) response;
+ try {
+ String uri = req.getRequestURI();
+ String method = req.getMethod();
+ HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+ paramExtractor.extractParamAndCheck(req);
+ chain.doFilter(request, resp);
+ } catch (Exception e) {
+ resp.setStatus(400);
+ PrintWriter writer = resp.getWriter();
+ writer.print(e.getMessage());
+ writer.flush();
+ }
+ }
+}
diff --git a/console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java b/console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java
new file mode 100644
index 00000000000..f495cf4c045
--- /dev/null
+++ b/console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Console default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addDefaultTargetRequest("console");
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+ ParamInfo paramInfo = new ParamInfo();
+ paramInfo.setNamespaceId(getAliasNamespaceId(request));
+ paramInfo.setNamespaceShowName(getAliasNamespaceShowName(request));
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ }
+
+ private String getAliasNamespaceId(HttpServletRequest request) {
+ String namespaceId = request.getParameter("namespaceId");
+ if (StringUtils.isBlank(namespaceId)) {
+ namespaceId = request.getParameter("customNamespaceId");
+ }
+ return namespaceId;
+ }
+
+ private String getAliasNamespaceShowName(HttpServletRequest request) {
+ String namespaceShowName = request.getParameter("namespaceName");
+ return namespaceShowName;
+ }
+}
diff --git a/console/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor b/console/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
new file mode 100644
index 00000000000..d0f95df4807
--- /dev/null
+++ b/console/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
@@ -0,0 +1,17 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.console.paramcheck.ConsoleDefaultHttpParamExtractor
\ No newline at end of file
diff --git a/console/src/test/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractorTest.java b/console/src/test/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractorTest.java
new file mode 100644
index 00000000000..f6e4dffca43
--- /dev/null
+++ b/console/src/test/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractorTest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Console default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleDefaultHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setMethod(HttpMethod.POST);
+ request.setRequestURI("/nacos/v2/console/namespace");
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "console");
+ assertEquals(ConsoleDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java
new file mode 100644
index 00000000000..2357416b532
--- /dev/null
+++ b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addDefaultTargetRequest("naming");
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws NacosException {
+ ParamInfo paramInfo = new ParamInfo();
+ paramInfo.setIp(getAliasIp(request));
+ paramInfo.setPort(getAliasPort(request));
+ paramInfo.setNamespaceId(getAliasNamespaceId(request));
+ paramInfo.setCluster(getAliasClusterName(request));
+ String serviceName = getAliasServiceName(request);
+ String groupName = getAliasGroupName(request);
+ String groupServiceName = serviceName;
+ if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+ String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+ groupName = splits[0];
+ serviceName = splits[1];
+ }
+ paramInfo.setServiceName(serviceName);
+ paramInfo.setGroup(groupName);
+ paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ }
+
+ private String getAliasNamespaceId(HttpServletRequest request) {
+ String namespaceid = request.getParameter("namespaceId");
+ return namespaceid;
+ }
+
+ private String getAliasIp(HttpServletRequest request) {
+ String ip = request.getParameter("ip");
+ return ip;
+ }
+
+ private String getAliasPort(HttpServletRequest request) {
+ String port = request.getParameter("port");
+ if (StringUtils.isBlank(port)) {
+ port = request.getParameter("checkPort");
+ }
+ return port;
+ }
+
+ private String getAliasServiceName(HttpServletRequest request) {
+ String serviceName = request.getParameter("serviceName");
+ if (StringUtils.isBlank(serviceName)) {
+ serviceName = request.getParameter("serviceNameParam");
+ }
+ return serviceName;
+ }
+
+ private String getAliasGroupName(HttpServletRequest request) {
+ String groupName = request.getParameter("groupName");
+ if (StringUtils.isBlank(groupName)) {
+ groupName = request.getParameter("groupNameParam");
+ }
+ return groupName;
+ }
+
+ private String getAliasClusterName(HttpServletRequest request) {
+ String clusterName = request.getParameter("clusterName");
+ if (StringUtils.isBlank(clusterName)) {
+ clusterName = request.getParameter("cluster");
+ }
+ return clusterName;
+ }
+}
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java
new file mode 100644
index 00000000000..17b0cb9f2dc
--- /dev/null
+++ b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.healthcheck.RsInfo;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming instance beat http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceBeatHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/beat",
+ HttpMethod.PUT);
+ addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT
+ + "/beat", HttpMethod.PUT);
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+ ParamInfo paramInfo = new ParamInfo();
+ String serviceName = request.getParameter("serviceName");
+ String groupName = request.getParameter("groupName");
+ String groupServiceName = serviceName;
+ if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+ String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+ groupName = splits[0];
+ serviceName = splits[1];
+ }
+ paramInfo.setServiceName(serviceName);
+ paramInfo.setGroup(groupName);
+ paramInfo.setIp(request.getParameter("ip"));
+ paramInfo.setPort(request.getParameter("port"));
+ paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ String beatString = request.getParameter("beat");
+ if (StringUtils.isNotBlank(beatString)) {
+ RsInfo clientBeat = JacksonUtils.toObj(beatString, RsInfo.class);
+ ParamInfo beatParamInfo = new ParamInfo();
+ beatParamInfo.setIp(clientBeat.getIp());
+ beatParamInfo.setPort(String.valueOf(clientBeat.getPort()));
+ beatParamInfo.setCluster(clientBeat.getCluster());
+ ParamCheckUtils.checkParamInfoFormat(beatParamInfo);
+ }
+ }
+}
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java
new file mode 100644
index 00000000000..f5eafa38daa
--- /dev/null
+++ b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming instance list http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceListHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/list",
+ HttpMethod.GET);
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+ ParamInfo paramInfo = new ParamInfo();
+ String serviceName = request.getParameter("serviceName");
+ String groupName = request.getParameter("groupName");
+ String groupServiceName = serviceName;
+ if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+ String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+ groupName = splits[0];
+ serviceName = splits[1];
+ }
+ paramInfo.setServiceName(serviceName);
+ paramInfo.setGroup(groupName);
+ paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+ String clusters = request.getParameter(request.getParameter("clusters"));
+ if (StringUtils.isNotBlank(clusters)) {
+ String[] cluster = clusters.split(",");
+ for (String clusterName : cluster) {
+ ParamCheckUtils.checkClusterFormat(clusterName);
+ }
+ }
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+ }
+}
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java
new file mode 100644
index 00000000000..3575d7f8dca
--- /dev/null
+++ b/naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.api.naming.pojo.Instance;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import com.fasterxml.jackson.core.type.TypeReference;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+
+/**
+ * Naming instance metadata batch http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceMetadataBatchHttpParamExtractor extends AbstractHttpParamExtractor {
+
+ @Override
+ public void init() {
+ addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+ HttpMethod.PUT);
+ addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+ HttpMethod.DELETE);
+ addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+ HttpMethod.PUT);
+ addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+ HttpMethod.DELETE);
+ }
+
+ @Override
+ public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+ ParamInfo paramInfo = new ParamInfo();
+ String serviceName = request.getParameter("serviceName");
+ String groupName = request.getParameter("groupName");
+ String groupServiceName = serviceName;
+ if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+ String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+ groupName = splits[0];
+ serviceName = splits[1];
+ }
+ paramInfo.setServiceName(serviceName);
+ paramInfo.setGroup(groupName);
+ paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+ paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
+ ParamCheckUtils.checkParamInfoFormat(paramInfo);
+
+ String instances = request.getParameter("instances");
+ if (StringUtils.isNotBlank(instances)) {
+ List targetInstances = JacksonUtils.toObj(instances, new TypeReference>() {
+ });
+ for (Instance instance : targetInstances) {
+ ParamInfo instanceParamInfo = new ParamInfo();
+ instanceParamInfo.setIp(instance.getIp());
+ instanceParamInfo.setPort(String.valueOf(instance.getPort()));
+ instanceParamInfo.setCluster(instance.getClusterName());
+ ParamCheckUtils.checkParamInfoFormat(instanceParamInfo);
+ }
+ }
+ }
+}
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingConfig.java b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingConfig.java
index 9e172bd6842..32ab276b5db 100644
--- a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingConfig.java
+++ b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingConfig.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -30,6 +30,8 @@ public class NamingConfig {
private static final String UTL_PATTERNS = "/v1/ns/*";
+ private static final String UTL_PATTERNS_V2 = "/v2/ns/*";
+
private static final String DISTRO_FILTER = "distroFilter";
private static final String SERVICE_NAME_FILTER = "serviceNameFilter";
@@ -38,6 +40,8 @@ public class NamingConfig {
private static final String CLIENT_ATTRIBUTES_FILTER = "clientAttributes_filter";
+ private static final String NAMING_PARAM_CHECK_FILTER = "namingparamCheckFilter";
+
@Bean
public FilterRegistrationBean distroFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean<>();
@@ -78,6 +82,17 @@ public FilterRegistrationBean clientAttributesFilterRegi
return registration;
}
+ @Bean
+ public FilterRegistrationBean paramCheckFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean<>();
+ registration.setFilter(namingParamCheckFilter());
+ registration.addUrlPatterns(UTL_PATTERNS);
+ registration.addUrlPatterns(UTL_PATTERNS_V2);
+ registration.setName(NAMING_PARAM_CHECK_FILTER);
+ registration.setOrder(10);
+ return registration;
+ }
+
@Bean
public DistroFilter distroFilter() {
return new DistroFilter();
@@ -97,4 +112,9 @@ public ServiceNameFilter serviceNameFilter() {
public ClientAttributesFilter clientAttributesFilter() {
return new ClientAttributesFilter();
}
+
+ @Bean
+ public NamingParamCheckFilter namingParamCheckFilter() {
+ return new NamingParamCheckFilter();
+ }
}
diff --git a/naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java
new file mode 100644
index 00000000000..37c81ca55bb
--- /dev/null
+++ b/naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.web;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * Naming param check filter.
+ *
+ * @author zhuoguang
+ */
+public class NamingParamCheckFilter implements Filter {
+
+ private static final String MODULE = "naming";
+
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+ throws IOException, ServletException {
+ boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+ if (!ifParamCheck) {
+ filterChain.doFilter(servletRequest, servletResponse);
+ return;
+ }
+ HttpServletRequest request = (HttpServletRequest) servletRequest;
+ HttpServletResponse resp = (HttpServletResponse) servletResponse;
+ try {
+ String uri = request.getRequestURI();
+ String method = request.getMethod();
+ HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+ paramExtractor.extractParamAndCheck(request);
+ filterChain.doFilter(request, resp);
+ } catch (Exception e) {
+ resp.setStatus(400);
+ PrintWriter writer = resp.getWriter();
+ writer.print(e.getMessage());
+ writer.flush();
+ }
+
+ }
+}
diff --git a/naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor b/naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
new file mode 100644
index 00000000000..08f0a470428
--- /dev/null
+++ b/naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
@@ -0,0 +1,20 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.naming.paramcheck.NamingDefaultHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceBeatHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceListHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceMetadataBatchHttpParamExtractor
\ No newline at end of file
diff --git a/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractorTest.java b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractorTest.java
new file mode 100644
index 00000000000..23f07c7b8c6
--- /dev/null
+++ b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractorTest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingDefaultHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos/v1/ns/instance/lalala");
+ request.setMethod(HttpMethod.DELETE);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+ assertEquals(NamingDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractorTest.java b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractorTest.java
new file mode 100644
index 00000000000..247a50b4206
--- /dev/null
+++ b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractorTest.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance beat http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceBeatHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos" + UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT
+ + "/beat");
+ request.setMethod(HttpMethod.PUT);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+ assertEquals(NamingInstanceBeatHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractorTest.java b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractorTest.java
new file mode 100644
index 00000000000..5befac1e893
--- /dev/null
+++ b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractorTest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance list http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceListHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos" + UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/list");
+ request.setMethod(HttpMethod.GET);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+ assertEquals(NamingInstanceListHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractorTest.java b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractorTest.java
new file mode 100644
index 00000000000..308806a45bd
--- /dev/null
+++ b/naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractorTest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance metadata batch http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceMetadataBatchHttpParamExtractorTest {
+
+ @Test
+ public void extractParamAndCheck() {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRequestURI("/nacos" + UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch");
+ request.setMethod(HttpMethod.PUT);
+ HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+ AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+ assertEquals(NamingInstanceMetadataBatchHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+ }
+}
\ No newline at end of file
diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java
index 1a539c68116..bf5f848120e 100644
--- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java
+++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java
@@ -376,7 +376,7 @@ public void registerEphemeralInstanceWithInvalidClusterName() throws Exception {
public void registerPersistentInstanceWithInvalidClusterName() throws Exception {
expectedException.expect(NacosException.class);
expectedException.expectMessage(
- "Instance 'clusterName' should be characters with only 0-9a-zA-Z-. (current: cluster1,cluster2)");
+ "Param 'cluster' is illegal, Chinese characters and ',' should not appear in the param");
String serviceName = NamingBase.randomDomainName();
Instance instance = new Instance();
From a83e2cc5425641177c804a6a4ab61d931e932d31 Mon Sep 17 00:00:00 2001
From: "nov.lzf"
Date: Tue, 11 Jul 2023 19:00:23 +0800
Subject: [PATCH 02/29] dump change check task submit (#10755)
* dump change check task submit
* delete config nid convert error fix
* fix test case
* checkstyle
---
.../config/server/service/AggrWhitelist.java | 2 +-
.../server/service/ConfigCacheService.java | 31 ++--
.../config/server/service/SwitchService.java | 2 +-
.../service/dump/DumpChangeConfigWorker.java | 123 ++++++++++++++++
.../server/service/dump/DumpService.java | 92 +++---------
.../dump/processor/DumpChangeProcessor.java | 109 ---------------
.../service/dump/processor/DumpProcessor.java | 52 ++++---
.../service/dump/task/DumpChangeTask.java | 34 -----
.../repository/ConfigInfoPersistService.java | 7 +-
.../HistoryConfigInfoPersistService.java | 8 +-
.../EmbeddedConfigInfoPersistServiceImpl.java | 6 +-
...edHistoryConfigInfoPersistServiceImpl.java | 17 ++-
.../ExternalConfigInfoPersistServiceImpl.java | 15 +-
...alHistoryConfigInfoPersistServiceImpl.java | 19 ++-
.../datasource/mapper/ConfigInfoMapper.java | 132 +++++++-----------
.../mapper/HistoryConfigInfoMapper.java | 40 +++---
.../derby/ConfigInfoMapperByDerbyTest.java | 22 +--
.../HistoryConfigInfoMapperByDerbyTest.java | 10 +-
.../mysql/ConfigInfoMapperByMySqlTest.java | 10 +-
.../HistoryConfigInfoMapperByMySqlTest.java | 11 +-
20 files changed, 335 insertions(+), 407 deletions(-)
create mode 100644 config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpChangeConfigWorker.java
delete mode 100644 config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpChangeProcessor.java
delete mode 100644 config/src/main/java/com/alibaba/nacos/config/server/service/dump/task/DumpChangeTask.java
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/AggrWhitelist.java b/config/src/main/java/com/alibaba/nacos/config/server/service/AggrWhitelist.java
index 250352c6fc6..c80bd149555 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/AggrWhitelist.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/AggrWhitelist.java
@@ -67,7 +67,7 @@ public static boolean isAggrDataId(String dataId) {
*/
public static void load(String content) {
if (StringUtils.isBlank(content)) {
- FATAL_LOG.error("aggr dataId whitelist is blank.");
+ FATAL_LOG.warn("aggr dataId whitelist is blank.");
return;
}
DEFAULT_LOG.warn("[aggr-dataIds] {}", content);
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/ConfigCacheService.java b/config/src/main/java/com/alibaba/nacos/config/server/service/ConfigCacheService.java
index 965f3651ceb..171a3b1a4fe 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/ConfigCacheService.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/ConfigCacheService.java
@@ -44,8 +44,6 @@
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
-import static com.alibaba.nacos.config.server.constant.Constants.ENCODE;
-import static com.alibaba.nacos.config.server.constant.Constants.ENCODE_GBK;
import static com.alibaba.nacos.config.server.constant.Constants.ENCODE_UTF8;
import static com.alibaba.nacos.config.server.utils.LogUtil.DEFAULT_LOG;
import static com.alibaba.nacos.config.server.utils.LogUtil.DUMP_LOG;
@@ -120,7 +118,7 @@ public static boolean dumpWithMd5(String dataId, String group, String tenant, St
boolean newLastModified = lastModifiedTs > ConfigCacheService.getLastModifiedTs(groupKey);
if (md5 == null) {
- md5 = MD5Utils.md5Hex(content, ENCODE);
+ md5 = MD5Utils.md5Hex(content, ENCODE_UTF8);
}
//check md5 & update local disk cache.
@@ -314,7 +312,7 @@ public static boolean dumpTag(String dataId, String group, String tenant, String
boolean timestampChanged = lastModifiedTs > localTagLastModifiedTs;
- final String md5 = MD5Utils.md5Hex(content, ENCODE_GBK);
+ final String md5 = MD5Utils.md5Hex(content, ENCODE_UTF8);
String localContentTagMd5 = ConfigCacheService.getContentTagMd5(groupKey, tag);
boolean md5Changed = !md5.equals(localContentTagMd5);
@@ -328,11 +326,10 @@ public static boolean dumpTag(String dataId, String group, String tenant, String
}
if (md5Changed) {
- String md5Utf8 = MD5Utils.md5Hex(content, ENCODE_UTF8);
DUMP_LOG.warn(
- "[dump-tag] md5 changed, update local jvm cache, groupKey={},tag={}, md5UTF8={},oldMd5={},lastModifiedTs={}",
- new Object[] {groupKey, tag, md5Utf8, localContentTagMd5, lastModifiedTs});
- updateTagMd5(groupKey, tag, md5Utf8, lastModifiedTs, encryptedDataKey4Tag);
+ "[dump-tag] md5 changed, update local jvm cache, groupKey={},tag={}, newMd5={},oldMd5={},lastModifiedTs={}",
+ new Object[] {groupKey, tag, md5, localContentTagMd5, lastModifiedTs});
+ updateTagMd5(groupKey, tag, md5, lastModifiedTs, encryptedDataKey4Tag);
} else if (timestampChanged) {
DUMP_LOG.warn(
"[dump-tag] timestamp changed, update last modified in local jvm cache, groupKey={},tag={},"
@@ -379,35 +376,33 @@ public static boolean dumpChange(String dataId, String group, String tenant, Str
boolean newLastModified = lastModifiedTs > ConfigCacheService.getLastModifiedTs(groupKey);
- String md5Gbk = MD5Utils.md5Hex(content, ENCODE_GBK);
- String md5Utf8 = MD5Utils.md5Hex(content, ENCODE_UTF8);
+ String md5 = MD5Utils.md5Hex(content, ENCODE_UTF8);
//check md5 & update local disk cache.
String localContentMd5 = ConfigCacheService.getContentMd5(groupKey);
- boolean md5Changed = !md5Gbk.equals(localContentMd5);
+ boolean md5Changed = !md5.equals(localContentMd5);
if (md5Changed) {
if (!PropertyUtil.isDirectRead()) {
- DUMP_LOG.info("[dump-change] md5 changed, save to disk cache ,groupKey={}, md5={}", groupKey,
- md5Gbk);
+ DUMP_LOG.info("[dump-change] md5 changed, save to disk cache ,groupKey={}, md5={}", groupKey, md5);
ConfigDiskServiceFactory.getInstance().saveToDisk(dataId, group, tenant, content);
} else {
//ignore to save disk cache in direct model
}
} else {
DUMP_LOG.warn("[dump-change-ignore] ignore to save to disk cache. md5 consistent,groupKey={}, md5={}",
- groupKey, md5Gbk);
+ groupKey, md5);
}
//check md5 and timestamp & update local jvm cache.
if (md5Changed) {
DUMP_LOG.info(
- "[dump-change] md5 changed, update md5 and timestamp in jvm cache ,groupKey={},newMd5UTF8={},oldMd5={},lastModifiedTs={}",
- groupKey, md5Utf8, localContentMd5, lastModifiedTs);
- updateMd5(groupKey, md5Utf8, lastModifiedTs, encryptedDataKey);
+ "[dump-change] md5 changed, update md5 and timestamp in jvm cache ,groupKey={},newMd5={},oldMd5={},lastModifiedTs={}",
+ groupKey, md5, localContentMd5, lastModifiedTs);
+ updateMd5(groupKey, md5, lastModifiedTs, encryptedDataKey);
} else if (newLastModified) {
DUMP_LOG.info(
"[dump-change] md5 consistent ,timestamp changed, update timestamp only in jvm cache ,groupKey={}, md5={},lastModifiedTs={}",
- groupKey, md5Utf8, lastModifiedTs);
+ groupKey, md5, lastModifiedTs);
updateTimeStamp(groupKey, lastModifiedTs, encryptedDataKey);
} else {
DUMP_LOG.warn(
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/SwitchService.java b/config/src/main/java/com/alibaba/nacos/config/server/service/SwitchService.java
index 337718e1538..1d1aace7cf5 100755
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/SwitchService.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/SwitchService.java
@@ -85,7 +85,7 @@ public static String getSwitchString(String key, String defaultValue) {
*/
public static void load(String config) {
if (StringUtils.isBlank(config)) {
- FATAL_LOG.error("switch config is blank.");
+ FATAL_LOG.warn("switch config is blank.");
return;
}
FATAL_LOG.warn("[switch-config] {}", config);
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpChangeConfigWorker.java b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpChangeConfigWorker.java
new file mode 100644
index 00000000000..8ca8e952821
--- /dev/null
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpChangeConfigWorker.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.service.dump;
+
+import com.alibaba.nacos.common.utils.MD5Utils;
+import com.alibaba.nacos.config.server.constant.Constants;
+import com.alibaba.nacos.config.server.model.ConfigInfo;
+import com.alibaba.nacos.config.server.model.ConfigInfoWrapper;
+import com.alibaba.nacos.config.server.service.ConfigCacheService;
+import com.alibaba.nacos.config.server.service.repository.ConfigInfoPersistService;
+import com.alibaba.nacos.config.server.service.repository.HistoryConfigInfoPersistService;
+import com.alibaba.nacos.config.server.utils.GroupKey2;
+import com.alibaba.nacos.config.server.utils.LogUtil;
+
+import java.sql.Timestamp;
+import java.util.List;
+
+/**
+ * Dump change processor.
+ *
+ * @author Nacos
+ * @date 2020/7/5 12:19 PM
+ */
+public class DumpChangeConfigWorker implements Runnable {
+
+ private ConfigInfoPersistService configInfoPersistService;
+
+ private HistoryConfigInfoPersistService historyConfigInfoPersistService;
+
+ Timestamp startTime;
+
+ public DumpChangeConfigWorker(DumpService dumpService, Timestamp startTime) {
+ this.configInfoPersistService = dumpService.getConfigInfoPersistService();
+ this.historyConfigInfoPersistService = dumpService.getHistoryConfigInfoPersistService();
+ this.startTime = startTime;
+ }
+
+ /**
+ * do check change.
+ */
+ public void run() {
+
+ try {
+ Timestamp currentTime = new Timestamp(System.currentTimeMillis());
+ LogUtil.DEFAULT_LOG.info("DumpChange start ,from time {},current time {}", startTime, currentTime);
+
+ LogUtil.DEFAULT_LOG.info("Start to check delete configs from time {}", startTime);
+
+ int pageSize = 100;
+ long startDeletedConfigTime = System.currentTimeMillis();
+ LogUtil.DEFAULT_LOG.info("Check delete configs from time {}", startTime);
+
+ long deleteCursorId = 0L;
+
+ while (true) {
+ List configDeleted = historyConfigInfoPersistService.findDeletedConfig(startTime,
+ deleteCursorId, pageSize);
+ for (ConfigInfo configInfo : configDeleted) {
+ if (configInfoPersistService.findConfigInfo(configInfo.getDataId(), configInfo.getGroup(),
+ configInfo.getTenant()) == null) {
+ ConfigCacheService.remove(configInfo.getDataId(), configInfo.getGroup(),
+ configInfo.getTenant());
+ LogUtil.DEFAULT_LOG.info("[dump-delete-ok] {}",
+ new Object[] {GroupKey2.getKey(configInfo.getDataId(), configInfo.getGroup())});
+ }
+ }
+ if (configDeleted.size() < pageSize) {
+ break;
+ }
+ deleteCursorId = configDeleted.get(configDeleted.size() - 1).getId();
+
+ }
+ LogUtil.DEFAULT_LOG.info("Check delete configs finished,cost:{}",
+ System.currentTimeMillis() - startDeletedConfigTime);
+
+ LogUtil.DEFAULT_LOG.info("Check changeConfig start");
+ long startChangeConfigTime = System.currentTimeMillis();
+
+ long changeCursorId = 0L;
+ while (true) {
+ LogUtil.DEFAULT_LOG.info("Check changed configs from time {},lastMaxId={}", startTime, changeCursorId);
+ List changeConfigs = configInfoPersistService.findChangeConfig(startTime,
+ changeCursorId, pageSize);
+ for (ConfigInfoWrapper cf : changeConfigs) {
+ ConfigCacheService.dumpChange(cf.getDataId(), cf.getGroup(), cf.getTenant(), cf.getContent(),
+ cf.getLastModified(), cf.getEncryptedDataKey());
+ final String content = cf.getContent();
+ final String md5 = MD5Utils.md5Hex(content, Constants.ENCODE_UTF8);
+
+ LogUtil.DEFAULT_LOG.info("[dump-change-check-ok] {}, {}, length={}, md5={}",
+ new Object[] {GroupKey2.getKey(cf.getDataId(), cf.getGroup()), cf.getLastModified(),
+ content.length(), md5});
+ }
+ if (changeConfigs.size() < pageSize) {
+ break;
+ }
+ changeCursorId = changeConfigs.get(changeConfigs.size() - 1).getId();
+ }
+
+ ConfigCacheService.reloadConfig();
+ long endChangeConfigTime = System.currentTimeMillis();
+ LogUtil.DEFAULT_LOG.info("Check changed configs finished,cost:{},set next start time to {}",
+ endChangeConfigTime - startChangeConfigTime, currentTime);
+ startTime = currentTime;
+ } catch (Throwable e) {
+ LogUtil.DEFAULT_LOG.error("Check changed configs error", e);
+ }
+ }
+}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpService.java b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpService.java
index 312e566544e..75ad824dc52 100755
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpService.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/DumpService.java
@@ -17,7 +17,6 @@
package com.alibaba.nacos.config.server.service.dump;
import com.alibaba.nacos.api.exception.NacosException;
-import com.alibaba.nacos.common.utils.IoUtils;
import com.alibaba.nacos.common.utils.MD5Utils;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.config.server.constant.Constants;
@@ -25,20 +24,14 @@
import com.alibaba.nacos.config.server.model.ConfigInfo;
import com.alibaba.nacos.config.server.model.ConfigInfoAggr;
import com.alibaba.nacos.config.server.model.ConfigInfoChanged;
-import com.alibaba.nacos.config.server.model.ConfigInfoWrapper;
-import com.alibaba.nacos.core.namespace.repository.NamespacePersistService;
-import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.config.server.service.ConfigCacheService;
-import com.alibaba.nacos.persistence.datasource.DynamicDataSource;
import com.alibaba.nacos.config.server.service.dump.processor.DumpAllBetaProcessor;
import com.alibaba.nacos.config.server.service.dump.processor.DumpAllProcessor;
import com.alibaba.nacos.config.server.service.dump.processor.DumpAllTagProcessor;
-import com.alibaba.nacos.config.server.service.dump.processor.DumpChangeProcessor;
import com.alibaba.nacos.config.server.service.dump.processor.DumpProcessor;
import com.alibaba.nacos.config.server.service.dump.task.DumpAllBetaTask;
import com.alibaba.nacos.config.server.service.dump.task.DumpAllTagTask;
import com.alibaba.nacos.config.server.service.dump.task.DumpAllTask;
-import com.alibaba.nacos.config.server.service.dump.task.DumpChangeTask;
import com.alibaba.nacos.config.server.service.dump.task.DumpTask;
import com.alibaba.nacos.config.server.service.merge.MergeTaskProcessor;
import com.alibaba.nacos.config.server.service.repository.ConfigInfoAggrPersistService;
@@ -54,14 +47,15 @@
import com.alibaba.nacos.config.server.utils.LogUtil;
import com.alibaba.nacos.config.server.utils.TimeUtils;
import com.alibaba.nacos.core.cluster.ServerMemberManager;
+import com.alibaba.nacos.core.namespace.repository.NamespacePersistService;
+import com.alibaba.nacos.persistence.datasource.DynamicDataSource;
+import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.sys.utils.InetUtils;
import com.alibaba.nacos.sys.utils.TimerContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
@@ -112,6 +106,11 @@ public abstract class DumpService {
*/
static final int DUMP_ALL_INTERVAL_IN_MINUTE = 6 * 60;
+ /**
+ * full dump interval.
+ */
+ static final int DUMP_CHANGE_INTERVAL_IN_SECONDS = 15;
+
/**
* full dump delay.
*/
@@ -227,6 +226,8 @@ protected void dumpOperate(DumpProcessor processor, DumpAllProcessor dumpAllProc
}
};
+ Timestamp currentTime = new Timestamp(System.currentTimeMillis());
+
try {
dumpConfigInfo(dumpAllProcessor);
@@ -284,6 +285,9 @@ protected void dumpOperate(DumpProcessor processor, DumpAllProcessor dumpAllProc
ConfigExecutor.scheduleConfigTask(dumpAllTag, initialDelay, DUMP_ALL_INTERVAL_IN_MINUTE,
TimeUnit.MINUTES);
+ ConfigExecutor.scheduleConfigTask(new DumpChangeConfigWorker(this, currentTime), 0,
+ DUMP_CHANGE_INTERVAL_IN_SECONDS, TimeUnit.SECONDS);
+
}
ConfigExecutor.scheduleConfigTask(clearConfigHistory, 10, 10, TimeUnit.MINUTES);
@@ -294,60 +298,14 @@ protected void dumpOperate(DumpProcessor processor, DumpAllProcessor dumpAllProc
}
private void dumpConfigInfo(DumpAllProcessor dumpAllProcessor) throws IOException {
- int timeStep = 6;
- boolean isAllDump = true;
- // initial dump all
- FileInputStream fis = null;
- Timestamp heartheatLastStamp = null;
+
try {
- if (isQuickStart()) {
- File heartbeatFile = DiskUtil.heartBeatFile();
- if (heartbeatFile.exists()) {
- fis = new FileInputStream(heartbeatFile);
- String heartheatTempLast = IoUtils.toString(fis, Constants.ENCODE);
- heartheatLastStamp = Timestamp.valueOf(heartheatTempLast);
- if (TimeUtils.getCurrentTime().getTime() - heartheatLastStamp.getTime()
- < timeStep * 60 * 60 * 1000) {
- isAllDump = false;
- }
- }
- }
- if (isAllDump) {
- LogUtil.DEFAULT_LOG.info("start clear all config-info.");
- DiskUtil.clearAll();
- dumpAllProcessor.process(new DumpAllTask());
- } else {
- Timestamp beforeTimeStamp = getBeforeStamp(heartheatLastStamp, timeStep);
- DumpChangeProcessor dumpChangeProcessor = new DumpChangeProcessor(this, beforeTimeStamp,
- TimeUtils.getCurrentTime());
- dumpChangeProcessor.process(new DumpChangeTask());
- Runnable checkMd5Task = () -> {
- LogUtil.DEFAULT_LOG.error("start checkMd5Task");
- List diffList = ConfigCacheService.checkMd5();
- for (String groupKey : diffList) {
- String[] dg = GroupKey.parseKey(groupKey);
- String dataId = dg[0];
- String group = dg[1];
- String tenant = dg[2];
- ConfigInfoWrapper configInfo = configInfoPersistService.queryConfigInfo(dataId, group, tenant);
- ConfigCacheService.dumpChange(dataId, group, tenant, configInfo.getContent(),
- configInfo.getLastModified(), configInfo.getEncryptedDataKey());
- }
- LogUtil.DEFAULT_LOG.error("end checkMd5Task");
- };
- ConfigExecutor.scheduleConfigTask(checkMd5Task, 0, 12, TimeUnit.HOURS);
- }
- } catch (IOException e) {
+ LogUtil.DEFAULT_LOG.info("start clear all config-info.");
+ DiskUtil.clearAll();
+ dumpAllProcessor.process(new DumpAllTask());
+ } catch (Exception e) {
LogUtil.FATAL_LOG.error("dump config fail" + e.getMessage());
throw e;
- } finally {
- if (null != fis) {
- try {
- fis.close();
- } catch (IOException e) {
- LogUtil.DEFAULT_LOG.warn("close file failed");
- }
- }
}
}
@@ -360,20 +318,6 @@ private Timestamp getBeforeStamp(Timestamp date, int step) {
return Timestamp.valueOf(format.format(cal.getTime()));
}
- private Boolean isQuickStart() {
- try {
- String val;
- val = EnvUtil.getProperty("isQuickStart");
- if (TRUE_STR.equals(val)) {
- isQuickStart = true;
- }
- FATAL_LOG.warn("isQuickStart:{}", isQuickStart);
- } catch (Exception e) {
- FATAL_LOG.error("read application.properties wrong", e);
- }
- return isQuickStart;
- }
-
private int getRetentionDays() {
String val = EnvUtil.getProperty("nacos.config.retention.days");
if (null == val) {
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpChangeProcessor.java b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpChangeProcessor.java
deleted file mode 100644
index 0de63f03b99..00000000000
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpChangeProcessor.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.alibaba.nacos.config.server.service.dump.processor;
-
-import com.alibaba.nacos.common.task.NacosTask;
-import com.alibaba.nacos.common.task.NacosTaskProcessor;
-import com.alibaba.nacos.common.utils.MD5Utils;
-import com.alibaba.nacos.config.server.constant.Constants;
-import com.alibaba.nacos.config.server.model.ConfigInfo;
-import com.alibaba.nacos.config.server.model.ConfigInfoWrapper;
-import com.alibaba.nacos.config.server.service.ConfigCacheService;
-import com.alibaba.nacos.config.server.service.dump.DumpService;
-import com.alibaba.nacos.config.server.service.repository.ConfigInfoPersistService;
-import com.alibaba.nacos.config.server.service.repository.HistoryConfigInfoPersistService;
-import com.alibaba.nacos.config.server.utils.GroupKey2;
-import com.alibaba.nacos.config.server.utils.LogUtil;
-
-import java.sql.Timestamp;
-import java.util.List;
-
-/**
- * Dump change processor.
- *
- * @author Nacos
- * @date 2020/7/5 12:19 PM
- */
-public class DumpChangeProcessor implements NacosTaskProcessor {
-
- final DumpService dumpService;
-
- final ConfigInfoPersistService configInfoPersistService;
-
- final HistoryConfigInfoPersistService historyConfigInfoPersistService;
-
- final Timestamp startTime;
-
- final Timestamp endTime;
-
- public DumpChangeProcessor(DumpService dumpService, Timestamp startTime, Timestamp endTime) {
- this.dumpService = dumpService;
- this.configInfoPersistService = dumpService.getConfigInfoPersistService();
- this.historyConfigInfoPersistService = dumpService.getHistoryConfigInfoPersistService();
- this.startTime = startTime;
- this.endTime = endTime;
- }
-
- @Override
- public boolean process(NacosTask task) {
- LogUtil.DEFAULT_LOG.warn("quick start; startTime:{},endTime:{}", startTime, endTime);
- LogUtil.DEFAULT_LOG.warn("updateMd5 start");
- long startUpdateMd5 = System.currentTimeMillis();
- List updateMd5List = configInfoPersistService.listAllGroupKeyMd5();
- LogUtil.DEFAULT_LOG.warn("updateMd5 count:{}", updateMd5List.size());
- for (ConfigInfoWrapper config : updateMd5List) {
- final String groupKey = GroupKey2.getKey(config.getDataId(), config.getGroup());
- ConfigCacheService
- .updateMd5(groupKey, config.getMd5(), config.getLastModified(), config.getEncryptedDataKey());
- }
- long endUpdateMd5 = System.currentTimeMillis();
- LogUtil.DEFAULT_LOG.warn("updateMd5 done,cost:{}", endUpdateMd5 - startUpdateMd5);
-
- LogUtil.DEFAULT_LOG.warn("deletedConfig start");
- long startDeletedConfigTime = System.currentTimeMillis();
- List configDeleted = historyConfigInfoPersistService.findDeletedConfig(startTime, endTime);
- LogUtil.DEFAULT_LOG.warn("deletedConfig count:{}", configDeleted.size());
- for (ConfigInfo configInfo : configDeleted) {
- if (configInfoPersistService.findConfigInfo(configInfo.getDataId(), configInfo.getGroup(), configInfo.getTenant())
- == null) {
- ConfigCacheService.remove(configInfo.getDataId(), configInfo.getGroup(), configInfo.getTenant());
- }
- }
- long endDeletedConfigTime = System.currentTimeMillis();
- LogUtil.DEFAULT_LOG.warn("deletedConfig done,cost:{}", endDeletedConfigTime - startDeletedConfigTime);
-
- LogUtil.DEFAULT_LOG.warn("changeConfig start");
- final long startChangeConfigTime = System.currentTimeMillis();
- List changeConfigs = configInfoPersistService.findChangeConfig(startTime, endTime);
- LogUtil.DEFAULT_LOG.warn("changeConfig count:{}", changeConfigs.size());
- for (ConfigInfoWrapper cf : changeConfigs) {
-
- ConfigCacheService.dumpChange(cf.getDataId(), cf.getGroup(), cf.getTenant(), cf.getContent(),
- cf.getLastModified(), cf.getEncryptedDataKey());
-
- final String content = cf.getContent();
- final String md5 = MD5Utils.md5Hex(content, Constants.ENCODE);
- LogUtil.DEFAULT_LOG
- .info("[dump-change-ok] {}, {}, length={}, md5={}", GroupKey2.getKey(cf.getDataId(), cf.getGroup()),
- cf.getLastModified(), content.length(), md5);
- }
- ConfigCacheService.reloadConfig();
- long endChangeConfigTime = System.currentTimeMillis();
- LogUtil.DEFAULT_LOG.warn("changeConfig done,cost:{}", endChangeConfigTime - startChangeConfigTime);
- return true;
- }
-}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpProcessor.java b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpProcessor.java
index d0640e9274a..9215bcdb2d3 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpProcessor.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/processor/DumpProcessor.java
@@ -18,9 +18,10 @@
import com.alibaba.nacos.common.task.NacosTask;
import com.alibaba.nacos.common.task.NacosTaskProcessor;
-import com.alibaba.nacos.config.server.model.ConfigInfo;
-import com.alibaba.nacos.config.server.model.ConfigInfo4Beta;
-import com.alibaba.nacos.config.server.model.ConfigInfo4Tag;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.config.server.model.ConfigInfoBetaWrapper;
+import com.alibaba.nacos.config.server.model.ConfigInfoTagWrapper;
+import com.alibaba.nacos.config.server.model.ConfigInfoWrapper;
import com.alibaba.nacos.config.server.model.event.ConfigDumpEvent;
import com.alibaba.nacos.config.server.service.dump.DumpConfigHandler;
import com.alibaba.nacos.config.server.service.dump.DumpService;
@@ -29,7 +30,7 @@
import com.alibaba.nacos.config.server.service.repository.ConfigInfoPersistService;
import com.alibaba.nacos.config.server.service.repository.ConfigInfoTagPersistService;
import com.alibaba.nacos.config.server.utils.GroupKey2;
-import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.config.server.utils.LogUtil;
import java.util.Objects;
@@ -63,39 +64,50 @@ public boolean process(NacosTask task) {
String dataId = pair[0];
String group = pair[1];
String tenant = pair[2];
- long lastModified = dumpTask.getLastModified();
+ long lastModifiedOut = dumpTask.getLastModified();
String handleIp = dumpTask.getHandleIp();
boolean isBeta = dumpTask.isBeta();
String tag = dumpTask.getTag();
-
+ boolean isBatch = dumpTask.isBatch();
ConfigDumpEvent.ConfigDumpEventBuilder build = ConfigDumpEvent.builder().namespaceId(tenant).dataId(dataId)
- .group(group).isBeta(isBeta).tag(tag).lastModifiedTs(lastModified).handleIp(handleIp);
-
+ .group(group).isBatch(isBatch).isBeta(isBeta).tag(tag).handleIp(handleIp);
+ String type = "formal";
+ if (isBeta) {
+ type = "beta";
+ } else if (StringUtils.isNotBlank(tag)) {
+ type = "tag-" + tag;
+ }
+ LogUtil.DUMP_LOG.info("[dump] process {} task. groupKey={}", type, dumpTask.getGroupKey());
+
if (isBeta) {
// if publish beta, then dump config, update beta cache
- ConfigInfo4Beta cf = configInfoBetaPersistService.findConfigInfo4Beta(dataId, group, tenant);
-
+ ConfigInfoBetaWrapper cf = configInfoBetaPersistService.findConfigInfo4Beta(dataId, group, tenant);
build.remove(Objects.isNull(cf));
build.betaIps(Objects.isNull(cf) ? null : cf.getBetaIps());
build.content(Objects.isNull(cf) ? null : cf.getContent());
+ build.type(Objects.isNull(cf) ? null : cf.getType());
build.encryptedDataKey(Objects.isNull(cf) ? null : cf.getEncryptedDataKey());
-
+ build.lastModifiedTs(Objects.isNull(cf) ? lastModifiedOut : cf.getLastModified());
return DumpConfigHandler.configDump(build.build());
}
- if (StringUtils.isBlank(tag)) {
- ConfigInfo cf = configInfoPersistService.findConfigInfo(dataId, group, tenant);
-
+
+ if (StringUtils.isNotBlank(tag)) {
+ ConfigInfoTagWrapper cf = configInfoTagPersistService.findConfigInfo4Tag(dataId, group, tenant, tag);
build.remove(Objects.isNull(cf));
build.content(Objects.isNull(cf) ? null : cf.getContent());
build.type(Objects.isNull(cf) ? null : cf.getType());
build.encryptedDataKey(Objects.isNull(cf) ? null : cf.getEncryptedDataKey());
- } else {
- ConfigInfo4Tag cf = configInfoTagPersistService.findConfigInfo4Tag(dataId, group, tenant, tag);
-
- build.remove(Objects.isNull(cf));
- build.content(Objects.isNull(cf) ? null : cf.getContent());
-
+ build.lastModifiedTs(Objects.isNull(cf) ? lastModifiedOut : cf.getLastModified());
+ return DumpConfigHandler.configDump(build.build());
}
+
+ ConfigInfoWrapper cf = configInfoPersistService.findConfigInfo(dataId, group, tenant);
+ build.remove(Objects.isNull(cf));
+ build.content(Objects.isNull(cf) ? null : cf.getContent());
+ build.type(Objects.isNull(cf) ? null : cf.getType());
+ build.encryptedDataKey(Objects.isNull(cf) ? null : cf.getEncryptedDataKey());
+ build.lastModifiedTs(Objects.isNull(cf) ? lastModifiedOut : cf.getLastModified());
return DumpConfigHandler.configDump(build.build());
+
}
}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/task/DumpChangeTask.java b/config/src/main/java/com/alibaba/nacos/config/server/service/dump/task/DumpChangeTask.java
deleted file mode 100644
index a8e524d38f1..00000000000
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/dump/task/DumpChangeTask.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.alibaba.nacos.config.server.service.dump.task;
-
-import com.alibaba.nacos.common.task.AbstractDelayTask;
-
-/**
- * Dump change task.
- *
- * @author Nacos
- * @date 2020/7/5 12:19 PM
- */
-public class DumpChangeTask extends AbstractDelayTask {
-
- @Override
- public void merge(AbstractDelayTask task) {
- }
-
- public static final String TASK_ID = "dumpChangeConfigTask";
-}
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/repository/ConfigInfoPersistService.java b/config/src/main/java/com/alibaba/nacos/config/server/service/repository/ConfigInfoPersistService.java
index 21c5af4cd21..aa760709d6a 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/repository/ConfigInfoPersistService.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/repository/ConfigInfoPersistService.java
@@ -433,13 +433,14 @@ Page findConfigInfoBaseLike(final int pageNo, final int pageSize
final String group, final String content) throws IOException;
/**
- * Query change config.
+ * Query change config.order by id asc.
*
* @param startTime start time
- * @param endTime end time
+ * @param lastMaxId lastMaxId
+ * @param pageSize pageSize
* @return {@link ConfigInfoWrapper} list
*/
- List findChangeConfig(final Timestamp startTime, final Timestamp endTime);
+ List findChangeConfig(final Timestamp startTime, long lastMaxId, final int pageSize);
/**
* According to the time period and configuration conditions to query the eligible configuration.
diff --git a/config/src/main/java/com/alibaba/nacos/config/server/service/repository/HistoryConfigInfoPersistService.java b/config/src/main/java/com/alibaba/nacos/config/server/service/repository/HistoryConfigInfoPersistService.java
index 29c238942dd..f680028ef84 100644
--- a/config/src/main/java/com/alibaba/nacos/config/server/service/repository/HistoryConfigInfoPersistService.java
+++ b/config/src/main/java/com/alibaba/nacos/config/server/service/repository/HistoryConfigInfoPersistService.java
@@ -18,6 +18,7 @@
import com.alibaba.nacos.config.server.model.ConfigHistoryInfo;
import com.alibaba.nacos.config.server.model.ConfigInfo;
+import com.alibaba.nacos.config.server.model.ConfigInfoWrapper;
import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.persistence.repository.PaginationHelper;
@@ -46,7 +47,7 @@ public interface HistoryConfigInfoPersistService {
* @param list origin data
* @return {@link ConfigInfo} list
*/
- List convertDeletedConfig(List
*/
- public abstract void reloadSslContext();
+ public abstract void reloadProtocolContext();
/**
* Start sever.
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java
index 983fe041524..da193160957 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java
@@ -17,14 +17,7 @@
package com.alibaba.nacos.core.remote.grpc;
import com.alibaba.nacos.api.grpc.auto.Payload;
-import com.alibaba.nacos.common.packagescan.resource.DefaultResourceLoader;
-import com.alibaba.nacos.common.packagescan.resource.Resource;
-import com.alibaba.nacos.common.packagescan.resource.ResourceLoader;
import com.alibaba.nacos.common.remote.ConnectionType;
-
-import com.alibaba.nacos.common.utils.JacksonUtils;
-import com.alibaba.nacos.common.utils.StringUtils;
-import com.alibaba.nacos.common.utils.TlsTypeResolve;
import com.alibaba.nacos.core.remote.BaseRpcServer;
import com.alibaba.nacos.core.remote.ConnectionManager;
import com.alibaba.nacos.core.utils.Loggers;
@@ -37,22 +30,14 @@
import io.grpc.ServerInterceptor;
import io.grpc.ServerInterceptors;
import io.grpc.ServerServiceDefinition;
-import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
+import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import io.grpc.netty.shaded.io.grpc.netty.NettyServerBuilder;
-import io.grpc.netty.shaded.io.netty.handler.ssl.ClientAuth;
-import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
-
-import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
-import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.grpc.protobuf.ProtoUtils;
import io.grpc.stub.ServerCalls;
import io.grpc.util.MutableHandlerRegistry;
import org.springframework.beans.factory.annotation.Autowired;
-import javax.net.ssl.SSLException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Arrays;
+import java.util.Optional;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
@@ -66,8 +51,6 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
private Server server;
- private final ResourceLoader resourceLoader = new DefaultResourceLoader();
-
@Autowired
private GrpcRequestAcceptor grpcCommonRequestAcceptor;
@@ -77,8 +60,6 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
@Autowired
private ConnectionManager connectionManager;
- private OptionalTlsProtocolNegotiator optionalTlsProtocolNegotiator;
-
@Override
public ConnectionType getConnectionType() {
return ConnectionType.GRPC;
@@ -90,10 +71,11 @@ public void startServer() throws Exception {
addServices(handlerRegistry, new GrpcConnectionInterceptor(), new GrpcServerParamCheckInterceptor());
NettyServerBuilder builder = NettyServerBuilder.forPort(getServicePort()).executor(getRpcExecutor());
- if (rpcServerTlsConfig.getEnableTls()) {
- builder.protocolNegotiator(
- new OptionalTlsProtocolNegotiator(getSslContextBuilder(), rpcServerTlsConfig.getCompatibility()));
-
+ Optional negotiator = newProtocolNegotiator();
+ if (negotiator.isPresent()) {
+ InternalProtocolNegotiator.ProtocolNegotiator actual = negotiator.get();
+ Loggers.REMOTE.info("Add protocol negotiator {}", actual.getClass().getCanonicalName());
+ builder.protocolNegotiator(actual);
}
server = builder.maxInboundMessageSize(getMaxInboundMessageSize()).fallbackHandlerRegistry(handlerRegistry)
@@ -107,20 +89,26 @@ public void startServer() throws Exception {
server.start();
}
+ @Override
+ public void reloadProtocolContext() {
+ reloadProtocolNegotiator();
+ }
+
/**
- * reload ssl context.
+ * Build new one protocol negotiator.
+ *
+ * Such as support tls, proxy protocol and so on
+ *
+ * @return ProtocolNegotiator
*/
- public void reloadSslContext() {
- if (optionalTlsProtocolNegotiator != null) {
- try {
- optionalTlsProtocolNegotiator.setSslContext(getSslContextBuilder());
- } catch (Throwable throwable) {
- Loggers.REMOTE.info("Nacos {} Rpc server reload ssl context fail at port {} and tls config:{}",
- this.getClass().getSimpleName(), getServicePort(),
- JacksonUtils.toJson(super.rpcServerTlsConfig));
- throw throwable;
- }
- }
+ protected Optional newProtocolNegotiator() {
+ return Optional.empty();
+ }
+
+ /**
+ * reload protocol negotiator If necessary.
+ */
+ public void reloadProtocolNegotiator() {
}
protected long getPermitKeepAliveTime() {
@@ -136,8 +124,8 @@ protected long getKeepAliveTimeout() {
}
protected int getMaxInboundMessageSize() {
- Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY,
- Integer.class);
+ Integer property = EnvUtil
+ .getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
if (property != null) {
return property;
}
@@ -148,8 +136,8 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept
// unary common call register.
final MethodDescriptor unaryPayloadMethod = MethodDescriptor.newBuilder()
- .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(
- MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME,
+ .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(MethodDescriptor
+ .generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME,
GrpcServerConstants.REQUEST_METHOD_NAME))
.setRequestMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance()))
.setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build();
@@ -157,8 +145,9 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept
final ServerCallHandler payloadHandler = ServerCalls.asyncUnaryCall(
(request, responseObserver) -> grpcCommonRequestAcceptor.request(request, responseObserver));
- final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition.builder(
- GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler).build();
+ final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition
+ .builder(GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler)
+ .build();
handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfUnaryPayload, serverInterceptor));
// bi stream register.
@@ -166,14 +155,15 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept
(responseObserver) -> grpcBiStreamRequestAcceptor.requestBiStream(responseObserver));
final MethodDescriptor biStreamMethod = MethodDescriptor.newBuilder()
- .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(
- MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME,
+ .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(MethodDescriptor
+ .generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME,
GrpcServerConstants.REQUEST_BI_STREAM_METHOD_NAME))
.setRequestMarshaller(ProtoUtils.marshaller(Payload.newBuilder().build()))
.setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build();
- final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition.builder(
- GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler).build();
+ final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition
+ .builder(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler)
+ .build();
handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfBiStream, serverInterceptor));
}
@@ -185,57 +175,6 @@ public void shutdownServer() {
}
}
- private SslContext getSslContextBuilder() {
- try {
- if (StringUtils.isBlank(rpcServerTlsConfig.getCertChainFile()) || StringUtils.isBlank(
- rpcServerTlsConfig.getCertPrivateKey())) {
- throw new IllegalArgumentException("Server certChainFile or certPrivateKey must be not null");
- }
- InputStream certificateChainFile = getInputStream(rpcServerTlsConfig.getCertChainFile(), "certChainFile");
- InputStream privateKeyFile = getInputStream(rpcServerTlsConfig.getCertPrivateKey(), "certPrivateKey");
- SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(certificateChainFile,
- privateKeyFile, rpcServerTlsConfig.getCertPrivateKeyPassword());
-
- if (StringUtils.isNotBlank(rpcServerTlsConfig.getProtocols())) {
- sslClientContextBuilder.protocols(rpcServerTlsConfig.getProtocols().split(","));
- }
-
- if (StringUtils.isNotBlank(rpcServerTlsConfig.getCiphers())) {
- sslClientContextBuilder.ciphers(Arrays.asList(rpcServerTlsConfig.getCiphers().split(",")));
- }
- if (rpcServerTlsConfig.getMutualAuthEnable()) {
- // trust all certificate
- if (rpcServerTlsConfig.getTrustAll()) {
- sslClientContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
- } else {
- if (StringUtils.isBlank(rpcServerTlsConfig.getTrustCollectionCertFile())) {
- throw new IllegalArgumentException(
- "enable mutual auth,trustCollectionCertFile must be not null");
- }
-
- InputStream clientCert = getInputStream(rpcServerTlsConfig.getTrustCollectionCertFile(),
- "trustCollectionCertFile");
- sslClientContextBuilder.trustManager(clientCert);
- }
- sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
- }
- SslContextBuilder configure = GrpcSslContexts.configure(sslClientContextBuilder,
- TlsTypeResolve.getSslProvider(rpcServerTlsConfig.getSslProvider()));
- return configure.build();
- } catch (SSLException e) {
- throw new RuntimeException(e);
- }
- }
-
- private InputStream getInputStream(String path, String config) {
- try {
- Resource resource = resourceLoader.getResource(path);
- return resource.getInputStream();
- } catch (IOException e) {
- throw new RuntimeException(config + " load fail", e);
- }
- }
-
/**
* get rpc executor.
*
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java
index ed8fa6fd9e1..9b070cb861d 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java
@@ -48,8 +48,8 @@ public ThreadPoolExecutor getRpcExecutor() {
@Override
protected long getKeepAliveTime() {
- Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY,
- Long.class);
+ Long property = EnvUtil
+ .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, Long.class);
if (property != null) {
return property;
}
@@ -58,8 +58,8 @@ protected long getKeepAliveTime() {
@Override
protected long getKeepAliveTimeout() {
- Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY,
- Long.class);
+ Long property = EnvUtil
+ .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, Long.class);
if (property != null) {
return property;
}
@@ -68,8 +68,7 @@ protected long getKeepAliveTimeout() {
@Override
protected long getPermitKeepAliveTime() {
- Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_PERMIT_KEEP_ALIVE_TIME,
- Long.class);
+ Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_PERMIT_KEEP_ALIVE_TIME, Long.class);
if (property != null) {
return property;
}
@@ -78,8 +77,8 @@ protected long getPermitKeepAliveTime() {
@Override
protected int getMaxInboundMessageSize() {
- Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY,
- Integer.class);
+ Integer property = EnvUtil
+ .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
if (property != null) {
return property;
}
@@ -92,5 +91,4 @@ protected int getMaxInboundMessageSize() {
}
return size;
}
-
}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java
index c4f05c8d904..47674b6b8ce 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java
@@ -17,11 +17,15 @@
package com.alibaba.nacos.core.remote.grpc;
import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
+import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilderSingleton;
import com.alibaba.nacos.core.utils.GlobalExecutor;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
+import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import org.springframework.stereotype.Service;
+import java.util.Optional;
import java.util.concurrent.ThreadPoolExecutor;
/**
@@ -33,6 +37,8 @@
@Service
public class GrpcSdkServer extends BaseGrpcServer {
+ private NacosGrpcProtocolNegotiator protocolNegotiator;
+
@Override
public int rpcPortOffset() {
return Constants.SDK_GRPC_PORT_DEFAULT_OFFSET;
@@ -64,8 +70,8 @@ protected long getKeepAliveTimeout() {
@Override
protected int getMaxInboundMessageSize() {
- Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY,
- Integer.class);
+ Integer property = EnvUtil
+ .getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
if (property != null) {
return property;
}
@@ -89,4 +95,26 @@ protected long getPermitKeepAliveTime() {
}
return super.getPermitKeepAliveTime();
}
+
+ @Override
+ protected Optional newProtocolNegotiator() {
+ protocolNegotiator = ProtocolNegotiatorBuilderSingleton.getSingleton().build();
+ return Optional.ofNullable(protocolNegotiator);
+ }
+
+ /**
+ * reload ssl context.
+ */
+ public void reloadProtocolNegotiator() {
+ if (protocolNegotiator != null) {
+ try {
+ protocolNegotiator.reloadNegotiator();
+ } catch (Throwable throwable) {
+ Loggers.REMOTE
+ .info("Nacos {} Rpc server reload negotiator fail at port {}.", this.getClass().getSimpleName(),
+ getServicePort());
+ throw throwable;
+ }
+ }
+ }
}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/NacosGrpcProtocolNegotiator.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/NacosGrpcProtocolNegotiator.java
new file mode 100644
index 00000000000..ed7bca722e6
--- /dev/null
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/NacosGrpcProtocolNegotiator.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator;
+
+import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
+
+/**
+ * Nacos Grpc protocol negotiator.
+ *
+ * @author xiweng.yy
+ */
+public interface NacosGrpcProtocolNegotiator extends InternalProtocolNegotiator.ProtocolNegotiator {
+
+ /**
+ * Reload this negotiator, such as config, tls context and so on if necessary.
+ */
+ void reloadNegotiator();
+}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilder.java
new file mode 100644
index 00000000000..1225e60b882
--- /dev/null
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilder.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator;
+
+/**
+ * Protocol negotiator builder.
+ *
+ * @author xiweng.yy
+ */
+public interface ProtocolNegotiatorBuilder {
+
+ /**
+ * Build new ProtocolNegotiator.
+ *
+ * @return ProtocolNegotiator, Nullable.
+ */
+ NacosGrpcProtocolNegotiator build();
+
+ /**
+ * Builder type of ProtocolNegotiator.
+ *
+ * @return type
+ */
+ String type();
+}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java
new file mode 100644
index 00000000000..9d30d3676ca
--- /dev/null
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator;
+
+import com.alibaba.nacos.common.spi.NacosServiceLoader;
+import com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder;
+import com.alibaba.nacos.core.utils.Loggers;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder.TYPE_DEFAULT_TLS;
+
+/**
+ * Protocol Negotiator Builder Singleton.
+ *
+ * @author xiweng.yy
+ */
+public class ProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder {
+
+ private static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type";
+
+ private static final ProtocolNegotiatorBuilderSingleton SINGLETON = new ProtocolNegotiatorBuilderSingleton();
+
+ private final Map builderMap;
+
+ private String actualType;
+
+ private ProtocolNegotiatorBuilderSingleton() {
+ actualType = EnvUtil.getProperty(TYPE_PROPERTY_KEY, TYPE_DEFAULT_TLS);
+ builderMap = new ConcurrentHashMap<>();
+ loadAllBuilders();
+ }
+
+ private void loadAllBuilders() {
+ try {
+ for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) {
+ builderMap.put(each.type(), each);
+ Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(),
+ each.type());
+ }
+ } catch (Exception e) {
+ Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed, use default ProtocolNegotiatorBuilder", e);
+ builderMap.put(TYPE_DEFAULT_TLS, new DefaultTlsProtocolNegotiatorBuilder());
+ actualType = TYPE_DEFAULT_TLS;
+ }
+ }
+
+ public static ProtocolNegotiatorBuilderSingleton getSingleton() {
+ return SINGLETON;
+ }
+
+ @Override
+ public NacosGrpcProtocolNegotiator build() {
+ ProtocolNegotiatorBuilder actualBuilder = builderMap.get(actualType);
+ if (null == actualBuilder) {
+ Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default", actualType);
+ return builderMap.get(TYPE_DEFAULT_TLS).build();
+ }
+ return actualBuilder.build();
+ }
+
+ @Override
+ public String type() {
+ return actualType;
+ }
+}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilder.java
new file mode 100644
index 00000000000..19093ff3b27
--- /dev/null
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilder.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
+
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
+import com.alibaba.nacos.common.packagescan.resource.DefaultResourceLoader;
+import com.alibaba.nacos.common.packagescan.resource.Resource;
+import com.alibaba.nacos.common.packagescan.resource.ResourceLoader;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.common.utils.TlsTypeResolve;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
+import com.alibaba.nacos.core.utils.Loggers;
+import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
+import io.grpc.netty.shaded.io.netty.handler.ssl.ClientAuth;
+import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
+import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
+import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+
+import javax.net.ssl.SSLException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+
+/**
+ * Ssl context builder.
+ *
+ * @author xiweng.yy
+ */
+public class DefaultTlsContextBuilder {
+
+ private static final ResourceLoader RESOURCE_LOADER = new DefaultResourceLoader();
+
+ static SslContext getSslContext(RpcServerTlsConfig rpcServerTlsConfig) {
+ try {
+ if (StringUtils.isBlank(rpcServerTlsConfig.getCertChainFile()) || StringUtils
+ .isBlank(rpcServerTlsConfig.getCertPrivateKey())) {
+ throw new IllegalArgumentException("Server certChainFile or certPrivateKey must be not null");
+ }
+ InputStream certificateChainFile = getInputStream(rpcServerTlsConfig.getCertChainFile(), "certChainFile");
+ InputStream privateKeyFile = getInputStream(rpcServerTlsConfig.getCertPrivateKey(), "certPrivateKey");
+ SslContextBuilder sslClientContextBuilder = SslContextBuilder
+ .forServer(certificateChainFile, privateKeyFile, rpcServerTlsConfig.getCertPrivateKeyPassword());
+
+ if (StringUtils.isNotBlank(rpcServerTlsConfig.getProtocols())) {
+ sslClientContextBuilder.protocols(rpcServerTlsConfig.getProtocols().split(","));
+ }
+
+ if (StringUtils.isNotBlank(rpcServerTlsConfig.getCiphers())) {
+ sslClientContextBuilder.ciphers(Arrays.asList(rpcServerTlsConfig.getCiphers().split(",")));
+ }
+ if (rpcServerTlsConfig.getMutualAuthEnable()) {
+ // trust all certificate
+ if (rpcServerTlsConfig.getTrustAll()) {
+ sslClientContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+ } else {
+ if (StringUtils.isBlank(rpcServerTlsConfig.getTrustCollectionCertFile())) {
+ throw new IllegalArgumentException(
+ "enable mutual auth,trustCollectionCertFile must be not null");
+ }
+
+ InputStream clientCert = getInputStream(rpcServerTlsConfig.getTrustCollectionCertFile(),
+ "trustCollectionCertFile");
+ sslClientContextBuilder.trustManager(clientCert);
+ }
+ sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
+ }
+ SslContextBuilder configure = GrpcSslContexts.configure(sslClientContextBuilder,
+ TlsTypeResolve.getSslProvider(rpcServerTlsConfig.getSslProvider()));
+ return configure.build();
+ } catch (SSLException e) {
+ Loggers.REMOTE.info("Nacos Rpc server reload ssl context fail tls config:{}",
+ JacksonUtils.toJson(rpcServerTlsConfig));
+ throw new NacosRuntimeException(NacosException.SERVER_ERROR, e);
+ }
+ }
+
+ private static InputStream getInputStream(String path, String config) {
+ try {
+ Resource resource = RESOURCE_LOADER.getResource(path);
+ return resource.getInputStream();
+ } catch (IOException e) {
+ throw new NacosRuntimeException(NacosException.SERVER_ERROR, config + " load fail", e);
+ }
+ }
+}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java
new file mode 100644
index 00000000000..aa64cf91d04
--- /dev/null
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
+
+import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
+import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
+import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
+
+/**
+ * Default optional tls protocol negotiator builder.
+ *
+ * @author xiweng.yy
+ */
+public class DefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder {
+
+ public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS";
+
+ @Override
+ public NacosGrpcProtocolNegotiator build() {
+ RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
+ if (rpcServerTlsConfig.getEnableTls()) {
+ SslContext sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
+ return new OptionalTlsProtocolNegotiator(sslContext, rpcServerTlsConfig.getCompatibility());
+ }
+ return null;
+ }
+
+ @Override
+ public String type() {
+ return TYPE_DEFAULT_TLS;
+ }
+}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/OptionalTlsProtocolNegotiator.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java
similarity index 85%
rename from core/src/main/java/com/alibaba/nacos/core/remote/grpc/OptionalTlsProtocolNegotiator.java
rename to core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java
index 50cefc9314a..c73f51250dc 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/OptionalTlsProtocolNegotiator.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2022 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,10 +14,11 @@
* limitations under the License.
*/
-package com.alibaba.nacos.core.remote.grpc;
+package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
+import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import io.grpc.netty.shaded.io.grpc.netty.GrpcHttp2ConnectionHandler;
-import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiationEvent;
import io.grpc.netty.shaded.io.netty.buffer.ByteBuf;
@@ -36,11 +37,11 @@
*
* @author githubcheng2978.
*/
-public class OptionalTlsProtocolNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {
+public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiator {
private static final int MAGIC_VALUE = 5;
- private boolean supportPlainText;
+ private final boolean supportPlainText;
private SslContext sslContext;
@@ -71,6 +72,14 @@ public void close() {
}
+ @Override
+ public void reloadNegotiator() {
+ RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
+ if (rpcServerTlsConfig.getEnableTls()) {
+ sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
+ }
+ }
+
private ProtocolNegotiationEvent getDefPne() {
ProtocolNegotiationEvent protocolNegotiationEvent = null;
try {
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresher.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresher.java
similarity index 88%
rename from core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresher.java
rename to core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresher.java
index 06ad43afa33..c68f93eea7a 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresher.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresher.java
@@ -1,13 +1,5 @@
-package com.alibaba.nacos.core.remote;
-
-/**
- * ssl context refresher spi holder.
- *
- * @author liuzunfei
- * @version $Id: RequestFilters.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $
- */
/*
- * Copyright 1999-2020 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +14,16 @@
* limitations under the License.
*/
+package com.alibaba.nacos.core.remote.tls;
+
+import com.alibaba.nacos.core.remote.BaseRpcServer;
+
+/**
+ * ssl context refresher spi holder.
+ *
+ * @author liuzunfei
+ * @version $Id: RequestFilters.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $
+ */
public interface RpcServerSslContextRefresher {
/**
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresherHolder.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java
similarity index 83%
rename from core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresherHolder.java
rename to core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java
index 6b910cd868d..b423442319c 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerSslContextRefresherHolder.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,12 +14,11 @@
* limitations under the License.
*/
-package com.alibaba.nacos.core.remote;
+package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.utils.Loggers;
-import com.alibaba.nacos.sys.utils.ApplicationUtils;
import java.util.Collection;
@@ -43,11 +42,11 @@ public static RpcServerSslContextRefresher getInstance() {
if (init) {
return instance;
}
- RpcServerTlsConfig rpcServerTlsConfig = ApplicationUtils.getBean(RpcServerTlsConfig.class);
+ RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
String sslContextRefresher = rpcServerTlsConfig.getSslContextRefresher();
if (StringUtils.isNotBlank(sslContextRefresher)) {
- Collection load = NacosServiceLoader.load(
- RpcServerSslContextRefresher.class);
+ Collection load = NacosServiceLoader
+ .load(RpcServerSslContextRefresher.class);
for (RpcServerSslContextRefresher contextRefresher : load) {
if (sslContextRefresher.equals(contextRefresher.getName())) {
instance = contextRefresher;
@@ -61,8 +60,8 @@ public static RpcServerSslContextRefresher getInstance() {
}
} else {
- Loggers.REMOTE.info(
- "No RpcServerSslContextRefresher specified,Ssl Context auto refresh not supported.");
+ Loggers.REMOTE
+ .info("No RpcServerSslContextRefresher specified,Ssl Context auto refresh not supported.");
}
Loggers.REMOTE.info("RpcServerSslContextRefresher init end");
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerTlsConfig.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java
similarity index 51%
rename from core/src/main/java/com/alibaba/nacos/core/remote/RpcServerTlsConfig.java
rename to core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java
index 528d2f1c5cd..8548879db79 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/RpcServerTlsConfig.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2022 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,32 +14,49 @@
* limitations under the License.
*/
-package com.alibaba.nacos.core.remote;
+package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.common.remote.TlsConfig;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.core.utils.Loggers;
+import com.alibaba.nacos.sys.env.EnvUtil;
+import com.alibaba.nacos.sys.utils.PropertiesUtil;
+
+import java.lang.reflect.InvocationTargetException;
/**
* Grpc config.
*
* @author githubcheng2978.
*/
-
-@ConfigurationProperties(prefix = RpcServerTlsConfig.PREFIX)
-@Component
public class RpcServerTlsConfig extends TlsConfig {
-
- public static final String PREFIX = "nacos.remote.server.rpc.tls";
+
+ public static final String PREFIX = "nacos.remote.server.rpc.tls";
+
+ private static RpcServerTlsConfig instance;
private String sslContextRefresher = "";
private Boolean compatibility = true;
-
+
+ public static synchronized RpcServerTlsConfig getInstance() {
+ if (null == instance) {
+ try {
+ instance = PropertiesUtil
+ .handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, RpcServerTlsConfig.class);
+ } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | ClassNotFoundException e) {
+ Loggers.REMOTE.warn("TLS config bind failed, use default value", e);
+ instance = new RpcServerTlsConfig();
+ }
+ }
+ Loggers.REMOTE.info("Nacos Rpc server tls config:{}", JacksonUtils.toJson(instance));
+ return instance;
+ }
+
public Boolean getCompatibility() {
return compatibility;
}
-
+
public void setCompatibility(Boolean compatibility) {
this.compatibility = compatibility;
}
diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/SslContextChangeAware.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/SslContextChangeAware.java
similarity index 88%
rename from core/src/main/java/com/alibaba/nacos/core/remote/SslContextChangeAware.java
rename to core/src/main/java/com/alibaba/nacos/core/remote/tls/SslContextChangeAware.java
index 347de201d1d..c62c3ee6098 100644
--- a/core/src/main/java/com/alibaba/nacos/core/remote/SslContextChangeAware.java
+++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/SslContextChangeAware.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,7 +14,9 @@
* limitations under the License.
*/
-package com.alibaba.nacos.core.remote;
+package com.alibaba.nacos.core.remote.tls;
+
+import com.alibaba.nacos.core.remote.BaseRpcServer;
/**
* ssl context refresher spi holder.
diff --git a/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder
new file mode 100644
index 00000000000..1ea83c1f0b2
--- /dev/null
+++ b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder
@@ -0,0 +1,17 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder
\ No newline at end of file
diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/GrpcServerTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/GrpcServerTest.java
index d0250049a69..2b99a809017 100644
--- a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/GrpcServerTest.java
+++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/GrpcServerTest.java
@@ -18,9 +18,9 @@
package com.alibaba.nacos.core.remote.grpc;
import com.alibaba.nacos.common.remote.ConnectionType;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.sys.utils.ApplicationUtils;
+import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -31,11 +31,6 @@
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.mock.env.MockEnvironment;
-import java.util.concurrent.ThreadPoolExecutor;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
/**
* {@link GrpcSdkServer} and {@link GrpcClusterServer} unit test.
*
@@ -45,12 +40,12 @@
@RunWith(MockitoJUnitRunner.Silent.class)
public class GrpcServerTest {
- private final RpcServerTlsConfig grpcServerConfig = mock(RpcServerTlsConfig.class);
-
static MockedStatic applicationUtilsMockedStatic = null;
+ private BaseGrpcServer grpcSdkServer;
+
@BeforeClass
- public static void setUp() {
+ public static void setUpBeforeClass() {
EnvUtil.setEnvironment(new MockEnvironment());
applicationUtilsMockedStatic = Mockito.mockStatic(ApplicationUtils.class);
}
@@ -60,107 +55,27 @@ public static void after() {
applicationUtilsMockedStatic.close();
}
+ @After
+ public void tearDown() throws Exception {
+ if (null != grpcSdkServer) {
+ grpcSdkServer.stopServer();
+ }
+ }
+
@Test
public void testGrpcSdkServer() throws Exception {
- BaseGrpcServer grpcSdkServer = new GrpcSdkServer();
- grpcSdkServer.setRpcServerTlsConfig(grpcServerConfig);
- when(grpcServerConfig.getEnableTls()).thenReturn(false);
- when(ApplicationUtils.getBean(RpcServerTlsConfig.class)).thenReturn(grpcServerConfig);
+ grpcSdkServer = new GrpcSdkServer();
grpcSdkServer.start();
Assert.assertEquals(grpcSdkServer.getConnectionType(), ConnectionType.GRPC);
Assert.assertEquals(grpcSdkServer.rpcPortOffset(), 1000);
- grpcSdkServer.stopServer();
}
@Test
public void testGrpcClusterServer() throws Exception {
- BaseGrpcServer grpcSdkServer = new GrpcClusterServer();
- grpcSdkServer.setRpcServerTlsConfig(grpcServerConfig);
- when(grpcServerConfig.getEnableTls()).thenReturn(false);
- when(ApplicationUtils.getBean(RpcServerTlsConfig.class)).thenReturn(grpcServerConfig);
+ grpcSdkServer = new GrpcClusterServer();
grpcSdkServer.start();
Assert.assertEquals(grpcSdkServer.getConnectionType(), ConnectionType.GRPC);
Assert.assertEquals(grpcSdkServer.rpcPortOffset(), 1001);
grpcSdkServer.stopServer();
}
-
- @Test
- public void testGrpcEnableTls() throws Exception {
- final BaseGrpcServer grpcSdkServer = new BaseGrpcServer() {
- @Override
- public ThreadPoolExecutor getRpcExecutor() {
- return null;
- }
-
- @Override
- public int rpcPortOffset() {
- return 100;
- }
- };
- when(grpcServerConfig.getEnableTls()).thenReturn(true);
- when(grpcServerConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
- when(grpcServerConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
-
- when(grpcServerConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
- when(grpcServerConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
- when(ApplicationUtils.getBean(RpcServerTlsConfig.class)).thenReturn(grpcServerConfig);
- grpcSdkServer.setRpcServerTlsConfig(grpcServerConfig);
- grpcSdkServer.start();
- grpcSdkServer.shutdownServer();
- }
-
- @Test
- public void testGrpcEnableMutualAuthAndTrustAll() throws Exception {
-
- final BaseGrpcServer grpcSdkServer = new BaseGrpcServer() {
- @Override
- public ThreadPoolExecutor getRpcExecutor() {
- return null;
- }
-
- @Override
- public int rpcPortOffset() {
- return 100;
- }
- };
-
- when(grpcServerConfig.getEnableTls()).thenReturn(true);
- when(grpcServerConfig.getTrustAll()).thenReturn(true);
- when(grpcServerConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
- when(grpcServerConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
- when(grpcServerConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
- when(grpcServerConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
- grpcSdkServer.setRpcServerTlsConfig(grpcServerConfig);
- grpcSdkServer.start();
- grpcSdkServer.shutdownServer();
- }
-
- @Test
- public void testGrpcEnableMutualAuthAndPart() throws Exception {
- final BaseGrpcServer grpcSdkServer = new BaseGrpcServer() {
- @Override
- public ThreadPoolExecutor getRpcExecutor() {
- return null;
- }
-
- @Override
- public int rpcPortOffset() {
- return 100;
- }
- };
- when(grpcServerConfig.getEnableTls()).thenReturn(true);
- when(grpcServerConfig.getMutualAuthEnable()).thenReturn(true);
- when(grpcServerConfig.getEnableTls()).thenReturn(true);
- when(grpcServerConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
- when(grpcServerConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
-
- when(grpcServerConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
- when(grpcServerConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
- when(grpcServerConfig.getTrustCollectionCertFile()).thenReturn("test-ca-cert.pem");
-
- grpcSdkServer.setRpcServerTlsConfig(grpcServerConfig);
-
- grpcSdkServer.start();
- grpcSdkServer.shutdownServer();
- }
}
diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java
new file mode 100644
index 00000000000..7a8224bb779
--- /dev/null
+++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
+
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class DefaultTlsContextBuilderTest {
+
+ @Before
+ public void setUp() throws Exception {
+ RpcServerTlsConfig.getInstance().setEnableTls(true);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ RpcServerTlsConfig.getInstance().setEnableTls(false);
+ RpcServerTlsConfig.getInstance().setTrustAll(false);
+ RpcServerTlsConfig.getInstance().setMutualAuthEnable(false);
+ RpcServerTlsConfig.getInstance().setCertChainFile(null);
+ RpcServerTlsConfig.getInstance().setCertPrivateKey(null);
+ RpcServerTlsConfig.getInstance().setCiphers(null);
+ RpcServerTlsConfig.getInstance().setProtocols(null);
+ RpcServerTlsConfig.getInstance().setTrustCollectionCertFile(null);
+ RpcServerTlsConfig.getInstance().setSslProvider("");
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testGetSslContextIllegal() {
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+
+ @Test
+ public void testGetSslContextWithoutMutual() {
+ RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
+ grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
+ grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
+ grpcServerConfig.setCertPrivateKey("test-server-key.pem");
+ grpcServerConfig.setCertChainFile("test-server-cert.pem");
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+
+ @Test
+ public void testGetSslContextWithMutual() {
+ RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
+ grpcServerConfig.setTrustAll(true);
+ grpcServerConfig.setMutualAuthEnable(true);
+ grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
+ grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
+ grpcServerConfig.setCertPrivateKey("test-server-key.pem");
+ grpcServerConfig.setCertChainFile("test-server-cert.pem");
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+
+ @Test
+ public void testGetSslContextWithMutualAndPart() {
+ RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
+ grpcServerConfig.setMutualAuthEnable(true);
+ grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
+ grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
+ grpcServerConfig.setCertPrivateKey("test-server-key.pem");
+ grpcServerConfig.setCertChainFile("test-server-cert.pem");
+ grpcServerConfig.setTrustCollectionCertFile("test-ca-cert.pem");
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testGetSslContextWithMutualAndPartIllegal() {
+ RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
+ grpcServerConfig.setMutualAuthEnable(true);
+ grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
+ grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
+ grpcServerConfig.setCertPrivateKey("test-server-key.pem");
+ grpcServerConfig.setCertChainFile("test-server-cert.pem");
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+
+ @Test(expected = NacosRuntimeException.class)
+ public void testGetSslContextForNonExistFile() {
+ RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
+ grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
+ grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
+ grpcServerConfig.setCertPrivateKey("non-exist-server-key.pem");
+ grpcServerConfig.setCertChainFile("non-exist-cert.pem");
+ DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
+ }
+}
\ No newline at end of file
diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java
new file mode 100644
index 00000000000..ac8be81b618
--- /dev/null
+++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
+
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+public class DefaultTlsProtocolNegotiatorBuilderTest {
+
+ private DefaultTlsProtocolNegotiatorBuilder builder;
+
+ @Before
+ public void setUp() throws Exception {
+ builder = new DefaultTlsProtocolNegotiatorBuilder();
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ RpcServerTlsConfig.getInstance().setEnableTls(false);
+ RpcServerTlsConfig.getInstance().setCertChainFile(null);
+ RpcServerTlsConfig.getInstance().setCertPrivateKey(null);
+ }
+
+ @Test
+ public void testBuildDisabled() {
+ assertNull(builder.build());
+ }
+
+ @Test
+ public void testBuildEnabled() {
+ RpcServerTlsConfig.getInstance().setEnableTls(true);
+ RpcServerTlsConfig.getInstance().setCertPrivateKey("test-server-key.pem");
+ RpcServerTlsConfig.getInstance().setCertChainFile("test-server-cert.pem");
+ assertNotNull(builder.build());
+ }
+}
\ No newline at end of file
diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java
index a5dac11f20a..b15c1e05f22 100644
--- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java
+++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java
@@ -23,7 +23,7 @@
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.*;
import org.junit.runner.RunWith;
diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java
index 1edc752fe14..da5ee0a6b05 100644
--- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java
+++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java
@@ -23,7 +23,7 @@
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.AfterClass;
import org.junit.Assert;
diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java
index 07eee10d307..b06c6d62095 100644
--- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java
+++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java
@@ -24,7 +24,7 @@
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.After;
import org.junit.Assert;
diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java
index 1b895884148..74a4d18b423 100644
--- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java
+++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java
@@ -25,7 +25,7 @@
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.AfterClass;
import org.junit.Assert;
diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java
index 1d9b97630c6..2d28d0621e5 100644
--- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java
+++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java
@@ -25,7 +25,7 @@
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.*;
import org.junit.runner.RunWith;
diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java
index adabe7f0d77..17e93a6e560 100644
--- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java
+++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java
@@ -25,7 +25,7 @@
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.*;
diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java
index 786f5187a59..1379445f621 100644
--- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java
+++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java
@@ -27,7 +27,7 @@
import com.alibaba.nacos.api.naming.pojo.Service;
import com.alibaba.nacos.api.selector.ExpressionSelector;
import com.alibaba.nacos.api.selector.NoneSelector;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java
index 83faa6c8767..2b598cdd294 100644
--- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java
+++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java
@@ -23,7 +23,7 @@
import com.alibaba.nacos.api.naming.NamingService;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.common.remote.client.RpcConstants;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import org.junit.After;
import org.junit.Assert;
import org.junit.FixMethodOrder;
diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java
index c6aa94450e9..8597a1aad2b 100644
--- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java
+++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java
@@ -23,7 +23,7 @@
import com.alibaba.nacos.api.naming.NamingService;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.common.remote.client.RpcConstants;
-import com.alibaba.nacos.core.remote.RpcServerTlsConfig;
+import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Ignore;
From 8fa83cec37e59f79085d7730ac0ae2f16b82a2b2 Mon Sep 17 00:00:00 2001
From: ZhangShenao <15201440436@163.com>
Date: Thu, 13 Jul 2023 11:08:38 +0800
Subject: [PATCH 04/29] fix word spelling in `AuthenticationManagerDelegator`
(#10777)
---
.../nacos/plugin/auth/impl/NacosAuthConfig.java | 4 ++--
...ator.java => AuthenticationManagerDelegator.java} | 12 ++++++------
2 files changed, 8 insertions(+), 8 deletions(-)
rename plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/{AuthenticationNamagerDelegator.java => AuthenticationManagerDelegator.java} (87%)
diff --git a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java
index 2b8819e3596..d3b096ad5b4 100644
--- a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java
+++ b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java
@@ -19,7 +19,7 @@
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.code.ControllerMethodsCache;
-import com.alibaba.nacos.plugin.auth.impl.authenticate.AuthenticationNamagerDelegator;
+import com.alibaba.nacos.plugin.auth.impl.authenticate.AuthenticationManagerDelegator;
import com.alibaba.nacos.plugin.auth.impl.authenticate.DefaultAuthenticationManager;
import com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager;
import com.alibaba.nacos.plugin.auth.impl.authenticate.LdapAuthenticationManager;
@@ -161,7 +161,7 @@ public PasswordEncoder passwordEncoder() {
public IAuthenticationManager authenticationManager(
ObjectProvider ldapAuthenticatoinManagerObjectProvider,
ObjectProvider defaultAuthenticationManagers, AuthConfigs authConfigs) {
- return new AuthenticationNamagerDelegator(defaultAuthenticationManagers,
+ return new AuthenticationManagerDelegator(defaultAuthenticationManagers,
ldapAuthenticatoinManagerObjectProvider, authConfigs);
}
diff --git a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationNamagerDelegator.java b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationManagerDelegator.java
similarity index 87%
rename from plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationNamagerDelegator.java
rename to plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationManagerDelegator.java
index 51b158cf13c..ab48d962c66 100644
--- a/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationNamagerDelegator.java
+++ b/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AuthenticationManagerDelegator.java
@@ -31,18 +31,18 @@
* @author Weizhan▪Yun
* @date 2023/1/12 23:31
*/
-public class AuthenticationNamagerDelegator implements IAuthenticationManager {
+public class AuthenticationManagerDelegator implements IAuthenticationManager {
private ObjectProvider defaultAuthenticationManager;
- private ObjectProvider ldapAuthenticatoinManager;
+ private ObjectProvider ldapAuthenticationManager;
private AuthConfigs authConfigs;
- public AuthenticationNamagerDelegator(ObjectProvider nacosAuthManager,
- ObjectProvider ldapAuthenticationProvider, AuthConfigs authConfigs) {
+ public AuthenticationManagerDelegator(ObjectProvider nacosAuthManager,
+ ObjectProvider ldapAuthenticationProvider, AuthConfigs authConfigs) {
this.defaultAuthenticationManager = nacosAuthManager;
- this.ldapAuthenticatoinManager = ldapAuthenticationProvider;
+ this.ldapAuthenticationManager = ldapAuthenticationProvider;
this.authConfigs = authConfigs;
}
@@ -78,7 +78,7 @@ public boolean hasGlobalAdminRole(NacosUser nacosUser) {
private IAuthenticationManager getManager() {
if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
- return ldapAuthenticatoinManager.getIfAvailable();
+ return ldapAuthenticationManager.getIfAvailable();
}
return defaultAuthenticationManager.getIfAvailable();
From 156cd6226170212d28bb70f61ae5d3354a6c6a11 Mon Sep 17 00:00:00 2001
From: "blake.qiu" <46370663+Bo-Qiu@users.noreply.github.com>
Date: Thu, 13 Jul 2023 11:11:05 +0800
Subject: [PATCH 05/29] fix(#10427): When the execution of
handleServerRequest() encounters an exception, record the log and throw an
exception, then quickly response to the server errResponse (#10770)
---
.../nacos/common/remote/client/RpcClient.java | 1 +
.../nacos/common/remote/client/RpcClientTest.java | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClient.java
index 885728e9a08..08639ffb1a2 100644
--- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClient.java
+++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClient.java
@@ -832,6 +832,7 @@ protected Response handleServerRequest(final Request request) {
} catch (Exception e) {
LoggerUtils.printIfInfoEnabled(LOGGER, "[{}] HandleServerRequest:{}, errorMessage = {}",
rpcClientConfig.name(), serverRequestHandler.getClass().getName(), e.getMessage());
+ throw e;
}
}
diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTest.java
index 5c8b75d3d9f..b3d6da077a4 100644
--- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTest.java
+++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTest.java
@@ -635,4 +635,19 @@ public ServerInfo nextRpcServer() {
}
};
}
+
+ @Test(expected = RuntimeException.class)
+ public void testHandleServerRequestWhenExceptionThenThrowException() throws RuntimeException {
+ RpcClient rpcClient = buildTestNextRpcServerClient();
+ Request request = new Request() {
+ @Override
+ public String getModule() {
+ return null;
+ }
+ };
+ rpcClient.serverRequestHandlers.add(req -> {
+ throw new RuntimeException();
+ });
+ rpcClient.handleServerRequest(request);
+ }
}
From 556e4ccd58b1fbc10c590adc603bdd9f2cedaf05 Mon Sep 17 00:00:00 2001
From: "blake.qiu" <46370663+Bo-Qiu@users.noreply.github.com>
Date: Mon, 17 Jul 2023 10:55:54 +0800
Subject: [PATCH 06/29] fix(#10585): selectInstances and
selectOneHealthyInstance methods, if the parameter subscribe is true.
Subscription is required when clientProxy.isSubscribe() is false. (#10805)
---
.../com/alibaba/nacos/client/naming/NacosNamingService.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/client/src/main/java/com/alibaba/nacos/client/naming/NacosNamingService.java b/client/src/main/java/com/alibaba/nacos/client/naming/NacosNamingService.java
index a03e35559e3..dbe0654c7f1 100644
--- a/client/src/main/java/com/alibaba/nacos/client/naming/NacosNamingService.java
+++ b/client/src/main/java/com/alibaba/nacos/client/naming/NacosNamingService.java
@@ -298,7 +298,7 @@ public List selectInstances(String serviceName, String groupName, List
String clusterString = StringUtils.join(clusters, ",");
if (subscribe) {
serviceInfo = serviceInfoHolder.getServiceInfo(serviceName, groupName, clusterString);
- if (null == serviceInfo) {
+ if (null == serviceInfo || !clientProxy.isSubscribed(serviceName, groupName, clusterString)) {
serviceInfo = clientProxy.subscribe(serviceName, groupName, clusterString);
}
} else {
@@ -368,7 +368,7 @@ public Instance selectOneHealthyInstance(String serviceName, String groupName, L
String clusterString = StringUtils.join(clusters, ",");
if (subscribe) {
ServiceInfo serviceInfo = serviceInfoHolder.getServiceInfo(serviceName, groupName, clusterString);
- if (null == serviceInfo) {
+ if (null == serviceInfo || !clientProxy.isSubscribed(serviceName, groupName, clusterString)) {
serviceInfo = clientProxy.subscribe(serviceName, groupName, clusterString);
}
return Balancer.RandomByWeight.selectHost(serviceInfo);
From 3374cf46101b4324a6aa7813ad002d021f0e18f4 Mon Sep 17 00:00:00 2001
From: Joey777210 <53630996+Joey777210@users.noreply.github.com>
Date: Mon, 17 Jul 2023 10:58:59 +0800
Subject: [PATCH 07/29] disable check port input when use registered port
(#10799)
---
.../ServiceManagement/ServiceDetail/EditClusterDialog.js | 5 ++++-
console/src/main/resources/static/index.html | 4 ++--
console/src/main/resources/static/js/main.js | 6 +++---
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/console-ui/src/pages/ServiceManagement/ServiceDetail/EditClusterDialog.js b/console-ui/src/pages/ServiceManagement/ServiceDetail/EditClusterDialog.js
index 83fae95847a..be8d0e15253 100644
--- a/console-ui/src/pages/ServiceManagement/ServiceDetail/EditClusterDialog.js
+++ b/console-ui/src/pages/ServiceManagement/ServiceDetail/EditClusterDialog.js
@@ -141,12 +141,15 @@ class EditClusterDialog extends React.Component {
className="in-text"
value={defaultCheckPort}
onChange={defaultCheckPort => this.onChangeCluster({ defaultCheckPort })}
+ disabled={useIPPort4Check}
/>
this.onChangeCluster({ useIPPort4Check })}
+ onChange={useIPPort4Check => {
+ this.onChangeCluster({ useIPPort4Check });
+ }}
/>
{type === 'HTTP' && [
diff --git a/console/src/main/resources/static/index.html b/console/src/main/resources/static/index.html
index 7489e142d31..9ef89b4224d 100644
--- a/console/src/main/resources/static/index.html
+++ b/console/src/main/resources/static/index.html
@@ -35,7 +35,7 @@
-
+
@@ -56,6 +56,6 @@
-
+