Nacos permission Bug #4262
Comments
|
Hi, did you bind user |
|
@horizonzy of course i bind user |
|
@horizonzy ,As i mentioned above ,this bug only appear with user not have |
|
I will have a try to reproduce it. |
binbin0325
added
contribution welcome
kind/bug
|
when public resource permissions are set, the permissionResource should be |
|
@sanxun0325 I have tried to modify the resource record of the database |
nacos server version can be tried with 1.4.0, which fixes the console problem |
ok,I will try it again with 1.4.0 |
maybe this situation need more thought. If config module, if publishConfig without namespace, it will cause problem. |
Yes, more testing is needed |
@horizonzy @sanxun0325 That's right ,I have retry this scene with 1.4.0,and the problem remains. |
|
Since the public namespace resources stored in the table permissions in the existing database are Similarly, the configuration center is handled in the same way. I have tested and verified that this problem has been resolved in my local environment. |
|
I think we should compatible it in |
|
maybe duplicate with #3524 |
KomachiSion
added
status/duplicate
* [ISSUE-#4262] Fix public namespace permission problem (#4273) * fix public namespace permission problem * move NamespaceUtilTest to common module * [ISSUE-#4232] Use EnvUtil to replace ApplicationUtils about env operation (#4281) * use EnvUtil to replace ApplicationUtils about env operation * remove unuse import * remove unuse import * remove profile usage * [ISSUE-#4294] Use EnvUtils.setEnvironment to replace ApplicationUtils.injectEnvironment (#4295) * use EnvUtils.setEnvironment to replace ApplicationUtils.injectEnvironment. * remove unuseful import * remove unuseful import * refactor: refactor issue #4291 (#4292) * remove env operation code in ApplicationUtils (#4298) * refactor issue #4275 (#4299) * when auth open, use resource parser cache, not use reflect newInstance every time. (#4287) * [ISSUE-#4256] Just inject environment in StartingSpringApplicationRunListener (#4257) * just inject environment in StartingSpringApplicationRunListener * make nacosStartingListener is decoupling with springApplicationRunListener. * add api doc * refactor. transfer nacos listeners to SpringApplicationRunListener. * remove unuseful import * add doc info * [ISSUE #4311] Fix Derby data source related SQL LIMIT exception (#4313) * for #4311,Fixed Derby data source related SQL LIMIT exception. * fix code style. * code format. * [ISSUE-#4310] Delete the main function only for testing (#4312) * [ISSUE #4320] Fixing the Naming consistency module could not start in cluster mode (#4321) * refactor: refactor issue #4291 * fix: fixing the Naming consistency module could not start in cluster mode * fix service list can not search by groupName only (#4308) * fix service list can not search by groupName only * fix service list can not search by groupName only * fix checkStyle * add ut for NamingUtils * [ISSUE-#4258] Fix wrong path when -Dspring.config.location not set (#4259) * fix spring.config.location is nullapplication.properties when -Dspring.config.location is not set in env * fix wrong path when -Dspring.config.location not set * modify default file resource method name * fix "/" magic value * change the way of get file * not judge pathSplit by self, use Paths.get(a, b); * when spring.config.location is not set, use {nacos.home}/conf/application.properties to cover it. * refactor code * code quality enhance * just use two level to load conf. {spring.config.location}/application.properties -> classpath:/application.properties * code clean * Upgrade jraft to 1.3.5 (#4339) * 升级jraft到1.3.5以支持IPv6, 调整 NamingUtilsTest 代码格式以解决checkstyle问题 * 删除测试类的类注释 * [ISSUE-#4342] Fix nacos.core.protocol.raft.data.read_index_type isn't effect (#4343) * fix nacos.core.protocol.raft.data.read_index_type=ReadOnlyLeaseBased isn't effect and enhance log hint * define ReadOnlyOption param name just by self * [ISSUE-#4333]Add MapRowMapper to RowMapperManager (#4334) * for #4311,Fixed Derby data source related SQL LIMIT exception. * Revert "for #4311,Fixed Derby data source related SQL LIMIT exception." This reverts commit 49188f1 * fix #4333. * Remove case conversion. * [ISSUE-#4181] Normalize ContextPath value in client-side (#4326) * [ISSUE-#4181] Just use ContextPathUtil normalize ContextPath value * [ISSUE-#4181] add some test cases * fix styles at the button '新建命名空间' (#4362) * [ISSUE-#4346] Fix import code (#4347) * remove import.* * transfer first_pre to final static variable * use NamingBase.Xxx to replace constant * reuse cliClientService (#4375) * Sync code from upstream/develop Co-authored-by: 赵延 <1060026287@qq.com> Co-authored-by: liaochuntao <liaochuntao@live.com> Co-authored-by: zhuhao <yczhuhaogg@gmail.com> Co-authored-by: mai.jh <maijh97@gmail.com> Co-authored-by: 孙继峰 <sun.jifeng@outlook.com> Co-authored-by: Mark4z <36187602+mark4z@users.noreply.github.com> Co-authored-by: 邪影oO <213539@qq.com> Co-authored-by: Gagharv <wwfortunate@gmail.com> Co-authored-by: iochenlei <iochenlei@gmail.com>
turn on auth system, create new role ROLE_TEST,then add public resource to ROLE_TEST with rw,the data in table permissions is:
com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl.hasPermission()
if i use spring.cloud.nacos.username=test register my service to nacos with public namespace,my resource is "public:DEFAULT_GROUP:naming/my-service",but the parttern is
:.*:.*, Pattern.matches(permissionResource, permission.getResource()) shoud be true but falsecom.alibaba.nacos.api.exception.NacosException: failed to req API:/nacos/v1/ns/instance after all servers([x.x.x.x:8848]) tried: ErrCode:403, ErrMsg: authorization failed!
The text was updated successfully, but these errors were encountered: