Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nacos 2.3.2 开启鉴权后控制台无论使用什么密码登录都显示账户密码错误 #12097

Open
xialanpu opened this issue May 14, 2024 · 21 comments
Labels
contribution welcome kind/enhancement Category issues or prs related to enhancement.

Comments

@xialanpu
Copy link

真的快崩溃了,想问下开启鉴权后的控制台密码到底是什么呀?

@xialanpu
Copy link
Author

是新版本的BUG吗 我部署过很多老的版本都没遇到过类似的问题 默认密码都是nacos/nacos可以正常登陆

@KomachiSion
Copy link
Collaborator

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

没有改过 数据库里就是nacos/nacos 然后我update重置了几次也还是不行

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

我完全按照官网步骤部署的,没有任何额外操作,之前的版本都没问题,最近的版本不行了

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

2.3.1 不开启鉴权还能使用 2.3.2 不开启鉴权好像无法使用了 但是由于安全原因我们也必须开启鉴权才行

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 31682
Server version: 5.7.41-44-log QingCloud MySQL Plus build 202308

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]> use nacos;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MySQL [nacos]> select * from users;
+----------+--------------------------------------------------------------+---------+
| username | password | enabled |
+----------+--------------------------------------------------------------+---------+
| nacos | $2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu | 1 |
+----------+--------------------------------------------------------------+---------+
1 row in set (0.00 sec)

MySQL [nacos]>

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

The auth system to use, currently only 'nacos' and 'ldap' is supported:

nacos.core.auth.system.type=nacos

If turn on auth system:

nacos.core.auth.enabled=true

Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.

nacos.core.auth.caching.enabled=true

Since 1.4.1, Turn on/off white auth for user-agent: nacos-server, only for upgrade from old version.

nacos.core.auth.enable.userAgentAuthWhite=false

Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.

The two properties is the white list for auth and used by identity the request from other server.

nacos.core.auth.server.identity.key=nacos
nacos.core.auth.server.identity.value=nacos

worked when nacos.core.auth.system.type=nacos

The token expiration in seconds:

nacos.core.auth.plugin.nacos.token.cache.enable=false
nacos.core.auth.plugin.nacos.token.expire.seconds=18000

The default token (Base64 String):

nacos.core.auth.plugin.nacos.token.secret.key=VGhpc0lzTXlDdXN0b21TZWNyZXRLZXkwMTIzNDU2Nzg=

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

caused: Invalid key: javax.crypto.spec.SecretKeySpec@fa7772af;

@xialanpu
Copy link
Author

我自己部署的没有问题,是不是你改过了用户密码? 试着用mysql-schema.sql中的密码重置一下。

openjdk version "1.8.0_402"
OpenJDK Runtime Environment Bisheng (build 1.8.0_402-b06)
OpenJDK 64-Bit Server VM Bisheng (build 25.402-b06, mixed mode)

@Dreamer-SK
Copy link

有过同样问题,把JDK版本改为更换为:
java version "1.8.0_391"
Java(TM) SE Runtime Environment (build 1.8.0_391-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)

@xialanpu
Copy link
Author

有过同样问题,把JDK版本改为更换为: java version "1.8.0_391" Java(TM) SE Runtime Environment (build 1.8.0_391-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)

感谢,随便选了个低版本就解决了

java version "1.8.0_321"
Java(TM) SE Runtime Environment (build 1.8.0_321-b07)
Java HotSpot(TM) 64-Bit Server VM (build 25.321-b07, mixed mode)

@zxz-ai
Copy link

zxz-ai commented May 15, 2024

INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrlovUu', TRUE);

INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN');
看看数据库有没有用户 在数据库插入数据

@xialanpu
Copy link
Author

INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrlovUu', TRUE);

INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN'); 看看数据库有没有用户 在数据库插入数据

数据都没问题 JDK版本的问题

@KomachiSion KomachiSion closed this as not planned Won't fix, can't repro, duplicate, stale May 24, 2024
@KomachiSion KomachiSion reopened this May 24, 2024
@KomachiSion KomachiSion added kind/enhancement Category issues or prs related to enhancement. contribution welcome and removed status/need feedback labels May 24, 2024
@KomachiSion
Copy link
Collaborator

com.alibaba.nacos.plugin.auth.impl.jwt.NacosSignatureAlgorithm

line 201~207

    private Mac getMacInstance(Key key) {
        try {
            Mac instance = Mac.getInstance(jcaName);
            instance.init(key);
            return instance;
        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key: " + key);
        }
    }

Has some one can enhance these codes to show diff hints for these two type exception?

@HMYDK
Copy link
Contributor

HMYDK commented May 29, 2024

Runtime

可能是你用了open jdk的原因

@ascarl2010
Copy link

[root@k8s-master01 conf]# java -version
openjdk version "1.8.0_312"
OpenJDK Runtime Environment Bisheng (build 1.8.0_312-b07)
OpenJDK 64-Bit Server VM Bisheng (build 25.312-b07, mixed mode)
[root@k8s-master01 conf]#

同样是openjdk 也有这样的问题!nacos2.3.2

好像只能使用oracle的jdk

@xiangyanw
Copy link

xiangyanw commented Jun 10, 2024

这是因为最新版本的 mysql-schema.sql 少了下面这两行,手动跑一下就可以:

INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE);

INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN');

@zzzxx
Copy link

zzzxx commented Jun 21, 2024

怎么是怎么解决的, 我的也是同样问题

@VergeDX
Copy link

VergeDX commented Jun 26, 2024

Related: #11957

@obuwreverse
Copy link

怎么是怎么解决的, 我的也是同样问题

感觉就是jdk的问题,我换了台服务器不同版本的就正常了

有问题的:
openjdk version "1.8.0_412"
OpenJDK Runtime Environment (build 1.8.0_412-b08)
OpenJDK 64-Bit Server VM (build 25.412-b08, mixed mode)

没问题的:
java version "1.8.0_251"
Java(TM) SE Runtime Environment (build 1.8.0_251-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.251-b08, mixed mode)

@shengbinxu
Copy link
Contributor

怎么是怎么解决的, 我的也是同样问题

感觉就是jdk的问题,我换了台服务器不同版本的就正常了

有问题的: openjdk version "1.8.0_412" OpenJDK Runtime Environment (build 1.8.0_412-b08) OpenJDK 64-Bit Server VM (build 25.412-b08, mixed mode)

没问题的: java version "1.8.0_251" Java(TM) SE Runtime Environment (build 1.8.0_251-b08) Java HotSpot(TM) 64-Bit Server VM (build 25.251-b08, mixed mode)

我遇到的问题可能一样。

我最开始使用的是Openjdk,然后错误日志提示有个加密相关的抱错。

然后安装了下面的版本就正常了。

参考: https://developer.aliyun.com/ask/608937

jdk8安装:
https://www.oracle.com/java/technologies/downloads/?er=221886#java8
sudo yum localinstall jdk-8u421-linux-x64.rpm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution welcome kind/enhancement Category issues or prs related to enhancement.
Projects
None yet
Development

No branches or pull requests