Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

在开启认证的情况下能否不通过session验证用户名 #10176

Closed
Accelerator96 opened this issue Mar 23, 2023 · 1 comment
Closed

在开启认证的情况下能否不通过session验证用户名 #10176

Accelerator96 opened this issue Mar 23, 2023 · 1 comment
Labels
contribution welcome kind/enhancement Category issues or prs related to enhancement. plugin

Comments

@Accelerator96
Copy link

Accelerator96 commented Mar 23, 2023
edited

因为Nacos默认鉴权,主要是为防止业务错用的弱鉴权体系,不是防止恶意攻击的强鉴权体系。需要更复杂的也可以自己去通过spi实现

有时候也会有需要通过http请求的方式去调用修改密码的接口

通过accesstoken来验证会简单些,也会少很多因为session引起的问题

并且应用是无状态的情况下对云原生支持会比较好些

发现很多issue都是这个相关的问题
#10169 #9109 #8107
@KomachiSion KomachiSion added kind/enhancement Category issues or prs related to enhancement. plugin contribution welcome labels Mar 24, 2023
MentosL pushed a commit to MentosL/nacos that referenced this issue Mar 27, 2023
Fix -在开启认证的情况下增加token解析认证处理方式
d65077b 
ref : alibaba#10169 alibaba#9109 alibaba#8107 alibaba#10176
@MentosL MentosL mentioned this issue Mar 27, 2023
Closed
5 tasks
@MentosL
Copy link
Contributor

MentosL commented Mar 27, 2023

提交增加 accessToken获取用户信息的方式,来处理当前登录校验 #10200

@MentosL MentosL mentioned this issue Apr 10, 2023
Closed
5 tasks
@MentosL MentosL mentioned this issue May 3, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribution welcome kind/enhancement Category issues or prs related to enhancement. plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Accelerator96 @MentosL @KomachiSion