Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nacos-client, the default value of namespace set for naming and config is inconsistent, resulting in permission authentication failure #3525

Open
Maijh97 opened this issue Aug 5, 2020 · 3 comments
Open

nacos-client, the default value of namespace set for naming and config is inconsistent, resulting in permission authentication failure #3525

Maijh97 opened this issue Aug 5, 2020 · 3 comments
Assignees
@yanlinly
Labels
kind/bug Category issues or prs related to bug. kind/discussion Category issues related to discussion

Comments

@Maijh97
Copy link
Collaborator

Maijh97 commented Aug 5, 2020
edited
Loading

Describe the bug

1)nacos-client
naming进行服务注册,当namespace没有指定,会默认为public,参考代码为: com.alibaba.nacos.client.naming.utils.InitUtils#initNamespaceForNaming
config进行获取配置,当namespace没有指定,会默认为空字符 "", 参考代码为:
com.alibaba.nacos.client.utils.ParamUtil#parseNamespace

2)控制台新建权限
如果分配的资源为public,这时候数据表permissions中的resource字段就会为 :*:* ,如果是分配其它自定义命名空间的资源就会为 07ba088a-4782-468e-80cc-ee758beab327:*:*

3)com.alibaba.nacos.core.auth.AuthFilter权限拦截校验
如果是config请求,组装的权限resource:DEFAULT_GROUP:config/service-gateway
如果是naming请求,组装的权限resourcepublic:DEFAULT_GROUP:naming/service-gateway
导致使用java.util.regex.Pattern#matches方法匹配权限, naming请求权限会不足
伪代码:

a = ":*:*";
b = "public:DEFAULT_GROUP:naming/service-gateway";  // naming
c = ":DEFAULT_GROUP:config/service-gateway";  // config

Pattern.matches(a, b); false
Pattern.matches(a, c); true

Expected behavior

希望能统一nacos-clientnamespace默认值;
比如confignamespace没有指定的情况下应该也默认为public
在新建资源的时候,当选择的资源为public的时候, resource应为: public:*:*

Acutally behavior

How to Reproduce

Desktop (please complete the following information):

  • OS: [e.g. Centos]
  • Version [e.g. nacos-server 1.3.1, nacos-client 1.3.1]
  • Module [e.g. naming/config]
  • SDK [e.g. original, spring-cloud-alibaba-nacos, dubbo]

Additional context
Add any other context about the problem here.
@KomachiSion
Copy link
Collaborator

is related with #3524 ?

@KomachiSion KomachiSion added the kind/bug Category issues or prs related to bug. label Aug 5, 2020
@Maijh97
Copy link
Collaborator Author

Maijh97 commented Aug 5, 2020

is related with #3524 ?

yes

@Maijh97
Copy link
Collaborator Author

Maijh97 commented Aug 5, 2020

Also related to the #2620 issue

This was referenced Aug 7, 2020
Closed
Closed
@KomachiSion KomachiSion mentioned this issue Nov 19, 2020
Closed
@chuntaojun chuntaojun added the kind/discussion Category issues related to discussion label Nov 19, 2020
@KomachiSion KomachiSion mentioned this issue Jan 20, 2021
Closed
This was referenced Sep 23, 2022
Closed
Closed
Closed
@chenhao26-nineteen chenhao26-nineteen mentioned this issue Oct 28, 2022
Closed
@KomachiSion KomachiSion mentioned this issue Dec 13, 2022
Closed
@KomachiSion KomachiSion mentioned this issue Jan 3, 2023
Open
@KomachiSion KomachiSion mentioned this issue Jan 13, 2023
Open
@KomachiSion KomachiSion mentioned this issue Mar 1, 2023
Closed
@KomachiSion KomachiSion mentioned this issue Apr 3, 2023
Closed
@KomachiSion KomachiSion mentioned this issue Aug 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yanlinly yanlinly

Labels
kind/bug Category issues or prs related to bug. kind/discussion Category issues related to discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yanlinly @chuntaojun @KomachiSion @Maijh97