[type:refactor] add an authentication on shenyu admin when register by http (#2723)

* fix ShenyuClientRegisterService buildHandle method

* fix  init ratelimiter redis script thread safe

* add accessToken when use http register center

* add accessToken when use http register center

* add accessToken when use http register center

* Long polling with admin token

* merge master

* remove white path

* fix config

Co-authored-by: zhanglei06469 <zhanglei06469@hellobike.com>

Author: SaberSola

shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/bean/StatelessAuthFilter.java

@@ -20,6 +20,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shenyu.admin.model.result.ShenyuAdminResult;
 import org.apache.shenyu.admin.utils.ShenyuResultMessage;
+import org.apache.shenyu.common.constant.Constants;
 import org.apache.shenyu.common.exception.CommonErrorCode;
 import org.apache.shenyu.common.utils.GsonUtils;
 import org.apache.shiro.subject.Subject;
@@ -41,8 +42,6 @@ public class StatelessAuthFilter extends AccessControlFilter {
 
     private static final Logger LOG = LoggerFactory.getLogger(StatelessAuthFilter.class);
 
-    private static final String HEAD_TOKEN = "X-Access-Token";
-
     @Override
     protected boolean isAccessAllowed(final ServletRequest servletRequest,
                                       final ServletResponse servletResponse,
@@ -58,7 +57,7 @@ protected boolean onAccessDenied(final ServletRequest servletRequest,
             return true;
         }
 
-        String tokenValue = httpServletRequest.getHeader(HEAD_TOKEN);
+        String tokenValue = httpServletRequest.getHeader(Constants.X_ACCESS_TOKEN);
         if (StringUtils.isBlank(tokenValue)) {
             LOG.error("token is null.");
             unionFailResponse(servletResponse);

shenyu-admin/src/main/resources/application.yml

@@ -88,8 +88,6 @@ shenyu:
       - /index**
       - /platform/login
       - /websocket
-      - /configs/**
-      - /shenyu-client/**
       - /error
       - /actuator/health
       - /swagger-ui.html

shenyu-client/shenyu-client-core/src/main/java/org/apache/shenyu/client/core/shutdown/ShenyuClientShutdownHook.java

@@ -25,6 +25,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
+
 import org.apache.shenyu.register.client.api.ShenyuClientRegisterRepository;
 import org.apache.shenyu.register.common.config.ShenyuRegisterCenterConfig;
 import org.slf4j.Logger;
@@ -49,10 +50,11 @@ public class ShenyuClientShutdownHook {
 
     private static IdentityHashMap<Thread, Thread> delayedHooks = new IdentityHashMap<>();
 
-    public ShenyuClientShutdownHook() { }
+    public ShenyuClientShutdownHook() {
+    }
 
     public ShenyuClientShutdownHook(final ShenyuClientRegisterRepository repository, final ShenyuRegisterCenterConfig config) {
-        String name = hookNamePrefix + "-" + hookId.incrementAndGet();
+        String name = String.join("-", hookNamePrefix, String.valueOf(hookId.incrementAndGet()));
         Runtime.getRuntime().addShutdownHook(new Thread(repository::close, name));
         LOG.info("Add hook {}", name);
         ShenyuClientShutdownHook.props = config.getProps();
@@ -65,7 +67,7 @@ public ShenyuClientShutdownHook(final ShenyuClientRegisterRepository repository,
      * @param props  Properties
      */
     public static void set(final ShenyuClientRegisterRepository result, final Properties props) {
-        String name = hookNamePrefix + "-" + hookId.incrementAndGet();
+        String name = String.join("-", hookNamePrefix, String.valueOf(hookId.incrementAndGet()));
         Runtime.getRuntime().addShutdownHook(new Thread(result::close, name));
         LOG.info("Add hook {}", name);
         ShenyuClientShutdownHook.props = props;
@@ -113,7 +115,8 @@ public void run() {
                         LOG.info("sleep {}ms", shutdownWaitTime);
                         try {
                             TimeUnit.MILLISECONDS.sleep(shutdownWaitTime);
-                        } catch (InterruptedException ignore) { }
+                        } catch (InterruptedException ignore) {
+                        }
                         hook.run();
                     }, hook.getName());
                     delayHooks.put(delayHook, delayHook);

shenyu-client/shenyu-client-http/shenyu-client-springcloud/src/test/java/org/apache/shenyu/client/springcloud/init/SpringCloudClientBeanPostProcessorTest.java

@@ -37,6 +37,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Optional;
 import java.util.Properties;
 
 import static org.hamcrest.Matchers.equalTo;
@@ -51,9 +52,12 @@
 @RunWith(MockitoJUnitRunner.class)
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public final class SpringCloudClientBeanPostProcessorTest {
+
     @Mock
     private static Environment env;
 
+    private MockedStatic<RegisterUtils> registerUtilsMockedStatic = mockStatic(RegisterUtils.class);
+
     private final SpringCloudClientTestBean springCloudClientTestBean = new SpringCloudClientTestBean();
 
     @Before
@@ -63,27 +67,31 @@ public void init() {
 
     @Test
     public void testShenyuBeanProcess() {
+        registerUtilsMockedStatic.when(() -> RegisterUtils.doLogin(any(), any(), any())).thenReturn(Optional.of("token"));
         // config with full
         SpringCloudClientBeanPostProcessor springCloudClientBeanPostProcessor = buildSpringCloudClientBeanPostProcessor(true);
         assertThat(springCloudClientTestBean, equalTo(springCloudClientBeanPostProcessor.postProcessAfterInitialization(springCloudClientTestBean, "springCloudClientTestBean")));
+        registerUtilsMockedStatic.close();
     }
 
     @Test
     public void testNormalBeanProcess() {
+        registerUtilsMockedStatic.when(() -> RegisterUtils.doLogin(any(), any(), any())).thenReturn(Optional.of("token"));
         SpringCloudClientBeanPostProcessor springCloudClientBeanPostProcessor = buildSpringCloudClientBeanPostProcessor(false);
         Object normalBean = new Object();
 
         assertThat(normalBean, equalTo(springCloudClientBeanPostProcessor.postProcessAfterInitialization(normalBean, "normalBean")));
+        registerUtilsMockedStatic.close();
     }
 
     @Test
     public void testWithShenyuClientAnnotation() {
-        try (MockedStatic mocked = mockStatic(RegisterUtils.class)) {
-            mocked.when(() -> RegisterUtils.doRegister(any(), any(), any()))
-                    .thenAnswer((Answer<Void>) invocation -> null);
-            SpringCloudClientBeanPostProcessor springCloudClientBeanPostProcessor = buildSpringCloudClientBeanPostProcessor(false);
-            assertThat(springCloudClientTestBean, equalTo(springCloudClientBeanPostProcessor.postProcessAfterInitialization(springCloudClientTestBean, "normalBean")));
-        }
+        registerUtilsMockedStatic.when(() -> RegisterUtils.doLogin(any(), any(), any())).thenReturn(Optional.of("token"));
+        registerUtilsMockedStatic.when(() -> RegisterUtils.doRegister(any(), any(), any()))
+                .thenAnswer((Answer<Void>) invocation -> null);
+        SpringCloudClientBeanPostProcessor springCloudClientBeanPostProcessor = buildSpringCloudClientBeanPostProcessor(false);
+        assertThat(springCloudClientTestBean, equalTo(springCloudClientBeanPostProcessor.postProcessAfterInitialization(springCloudClientTestBean, "normalBean")));
+        registerUtilsMockedStatic.close();
     }
 
     private SpringCloudClientBeanPostProcessor buildSpringCloudClientBeanPostProcessor(final boolean full) {
@@ -92,11 +100,14 @@ private SpringCloudClientBeanPostProcessor buildSpringCloudClientBeanPostProcess
         properties.setProperty("isFull", full + "");
         properties.setProperty("ip", "127.0.0.1");
         properties.setProperty("port", "8081");
+        properties.setProperty("username", "admin");
+        properties.setProperty("password", "123456");
         PropertiesConfig config = new PropertiesConfig();
         config.setProps(properties);
         ShenyuRegisterCenterConfig mockRegisterCenter = new ShenyuRegisterCenterConfig();
         mockRegisterCenter.setServerLists("http://127.0.0.1:8080");
         mockRegisterCenter.setRegisterType("http");
+        mockRegisterCenter.setProps(properties);
         return new SpringCloudClientBeanPostProcessor(config, ShenyuClientRegisterRepositoryFactory.newInstance(mockRegisterCenter), env);
     }
 

shenyu-client/shenyu-client-tars/src/test/java/org/apache/shenyu/client/tars/TarsServiceBeanPostProcessorTest.java

@@ -21,17 +21,23 @@
 import org.apache.shenyu.client.core.register.ShenyuClientRegisterRepositoryFactory;
 import org.apache.shenyu.client.tars.common.annotation.ShenyuTarsClient;
 import org.apache.shenyu.client.tars.common.annotation.ShenyuTarsService;
+import org.apache.shenyu.register.client.http.utils.RegisterUtils;
 import org.apache.shenyu.register.common.config.PropertiesConfig;
 import org.apache.shenyu.register.common.config.ShenyuRegisterCenterConfig;
 import org.junit.BeforeClass;
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.MethodSorters;
+import org.mockito.MockedStatic;
 import org.mockito.junit.MockitoJUnitRunner;
 
+import java.util.Optional;
 import java.util.Properties;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mockStatic;
+
 /**
  * Test case for {@link TarsServiceBeanPostProcessor}.
  */
@@ -46,14 +52,20 @@ public static void init() {
         properties.setProperty("contextPath", "/tars");
         properties.setProperty("port", "8080");
         properties.setProperty("host", "localhost");
+        properties.setProperty("username", "admin");
+        properties.setProperty("password", "123456");
 
         PropertiesConfig config = new PropertiesConfig();
         config.setProps(properties);
 
         ShenyuRegisterCenterConfig mockRegisterCenter = new ShenyuRegisterCenterConfig();
         mockRegisterCenter.setServerLists("http://localhost:58080");
         mockRegisterCenter.setRegisterType("http");
+        mockRegisterCenter.setProps(properties);
+        MockedStatic<RegisterUtils> registerUtilsMockedStatic = mockStatic(RegisterUtils.class);
+        registerUtilsMockedStatic.when(() -> RegisterUtils.doLogin(any(), any(), any())).thenReturn(Optional.of("token"));
         tarsServiceBeanPostProcessor = new TarsServiceBeanPostProcessor(config, ShenyuClientRegisterRepositoryFactory.newInstance(mockRegisterCenter));
+        registerUtilsMockedStatic.close();
     }
 
     @Test

shenyu-common/src/main/java/org/apache/shenyu/common/constant/Constants.java

@@ -487,6 +487,81 @@ public interface Constants {
      */
     String TRANSMIT_HEADER_TO_GENERAL_CONTEXT_TYPE = "transmitHeaderToGeneralContext";
 
+    /**
+     * When register by http, the meta register path.
+     */
+    String META_PATH = "/shenyu-client/register-metadata";
+
+    /**
+     * When register by http, the meta type.
+     */
+    String META_TYPE = "metadata";
+
+    /**
+     * When register by http, the uri path.
+     */
+    String URI_PATH = "/shenyu-client/register-uri";
+
+    /**
+     * When register by http, the login path.
+     */
+    String LOGIN_PATH = "/platform/login";
+
+    /**
+     * When register by http, admin username.
+     */
+    String USER_NAME = "username";
+
+    /**
+     * Login name.
+     */
+    String LOGIN_NAME = "userName";
+
+    /**
+     * When register by http, admin password.
+     */
+    String PASS_WORD = "password";
+
+    /**
+     * X-Access-Token.
+     */
+    String X_ACCESS_TOKEN = "X-Access-Token";
+
+    /**
+     * The admin return result code.
+     */
+    String ADMIN_RESULT_CODE = "code";
+
+    /**
+     * The admin return result data.
+     */
+    String ADMIN_RESULT_DATA = "data";
+
+    /**
+     * The admin return result token.
+     */
+    String ADMIN_RESULT_TOKEN = "token";
+
+    /**
+     * The admin userName.
+     */
+    String ADMIN_RESULT_USERNAME = "userName";
+
+    /**
+     * The admin password.
+     */
+    String ADMIN_RESULT_PASSWORD = "password";
+
+    /**
+     * shenyu admin path configs fetch.
+     */
+    String SHENYU_ADMIN_PATH_CONFIGS_FETCH = "/configs/fetch";
+
+    /**
+     * shenyu admin path configs listener.
+     */
+    String SHENYU_ADMIN_PATH_CONFIGS_LISTENER = "/configs/listener";
+
     /**
      * String q.
      */

shenyu-common/src/main/java/org/apache/shenyu/common/utils/FreshBeanHolder.java

@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shenyu.common.utils;
+
+import java.util.function.Function;
+
+public class FreshBeanHolder<E, O> implements Function<E, O> {
+
+    private final Function<E, O> function;
+
+    private volatile O o;
+
+    public FreshBeanHolder(final Function<E, O> function) {
+        this.function = function;
+    }
+
+    /**
+     * Apply.
+     *
+     * @param e e
+     * @return O o
+     */
+    @Override
+    public O apply(final E e) {
+        if (o != null) {
+            return o;
+        }
+        return init(e);
+    }
+
+    /**
+     * Init.
+     *
+     * @return bean
+     */
+    synchronized O init(final E e) {
+        if (o != null) {
+            return o;
+        }
+        O res = function.apply(e);
+        o = res;
+        return res;
+    }
+
+    /**
+     * Fresh.
+     *
+     * @param e e
+     */
+    public void doFresh(final E e) {
+        O fresh = function.apply(e);
+        if (fresh != null) {
+            synchronized (this) {
+                this.o = fresh;
+            }
+        }
+    }
+}

shenyu-examples/shenyu-examples-dubbo/shenyu-examples-alibaba-dubbo-service-annotation/src/main/resources/application.yml

@@ -27,6 +27,8 @@ shenyu:
     registerType: http #zookeeper #etcd #nacos #consul
     serverLists: http://localhost:9095 #localhost:2181 #http://localhost:2379 #localhost:8848
     props:
+      username: admin
+      password: 123456
   client:
     dubbo:
       props:

shenyu-examples/shenyu-examples-dubbo/shenyu-examples-alibaba-dubbo-service/src/main/resources/application.yml

@@ -29,6 +29,8 @@ shenyu:
     registerType: http #zookeeper #etcd #nacos #consul
     serverLists: http://localhost:9095 #localhost:2181 #http://localhost:2379 #localhost:8848
     props:
+      username: admin
+      password: 123456
   client:
     dubbo:
       props:

shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-annotation/src/main/resources/application.yml

@@ -26,6 +26,9 @@ shenyu:
   register:
     registerType: http #zookeeper #etcd #nacos #consul
     serverLists: http://localhost:9095 #localhost:2181 #http://localhost:2379 #localhost:8848
+    props:
+      username: admin
+      password: 123456
   client:
     dubbo:
       props: