fix console ui accessToken in url

auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java

@@ -58,11 +58,11 @@ public boolean enableAuth(Secured secured) {
     }
 
     @Override
-    public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
+    public boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException {
         Optional<AuthPluginService> authPluginService = AuthPluginManager.getInstance()
                 .findAuthServiceSpiImpl(authConfigs.getNacosAuthSystemType());
         if (authPluginService.isPresent()) {
-            return authPluginService.get().validateIdentity(identityContext, resource);
+            return authPluginService.get().validateIdentityInHeader(identityContext, resource,token);
         }
         return true;
     }

auth/src/main/java/com/alibaba/nacos/auth/ProtocolAuthService.java

@@ -71,10 +71,11 @@ public interface ProtocolAuthService<R> {
      *
      * @param identityContext identity context
      * @param resource        resource
+     * @param token       token in header
      * @return {@code true} if legal, otherwise {@code false}
      * @throws AccessException exception during validating
      */
-    boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException;
+    boolean validateIdentity(IdentityContext identityContext, Resource resource,String token) throws AccessException;
 
     /**
      * Validate identity whether had permission for the resource and action.

auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java

@@ -129,14 +129,14 @@ void testParseIdentity() {
     @Test
     void testValidateIdentityWithoutPlugin() throws AccessException {
         IdentityContext identityContext = new IdentityContext();
-        assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,""));
     }
 
     @Test
     void testValidateIdentityWithPlugin() throws AccessException {
         Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
         IdentityContext identityContext = new IdentityContext();
-        assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,""));
     }
 
     @Test

auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java

@@ -123,14 +123,14 @@ void testParseIdentity() {
     @Test
     void testValidateIdentityWithoutPlugin() throws AccessException {
         IdentityContext identityContext = new IdentityContext();
-        assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,""));
     }
 
     @Test
     void testValidateIdentityWithPlugin() throws AccessException {
         Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
         IdentityContext identityContext = new IdentityContext();
-        assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE,""));
     }
 
     @Test

auth/src/test/java/com/alibaba/nacos/auth/mock/MockAuthPluginService.java

@@ -46,7 +46,12 @@ public boolean enableAuth(ActionTypes action, String type) {
     public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
         return false;
     }
-
+
+    @Override
+    public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException {
+        return false;
+    }
+
     @Override
     public Boolean validateAuthority(IdentityContext identityContext, Permission permission) {
         return false;

console-ui/src/globalLib.js

@@ -525,8 +525,9 @@ const request = (function(_global) {
         console.log('Token Error', localStorage.token, e);
         goLogin();
       }
-      const { accessToken = '' } = token;
-      params.push(`accessToken=${accessToken}`);
+      // fix accessToken in url
+      //const { accessToken = '' } = token;
+      //params.push(`accessToken=${accessToken}`);
     }
 
     return $.ajax(
@@ -540,6 +541,7 @@ const request = (function(_global) {
         },
         headers: {
           Authorization: localStorage.getItem('token'),
+          accessToken: accessToken,
         },
       })
     ).then(

core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java

@@ -40,6 +40,8 @@
 import java.io.IOException;
 import java.lang.reflect.Method;
 
+import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN;
+
 /**
  * Unified filter to handle authentication and authorization.
  *
@@ -117,9 +119,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                     chain.doFilter(request, response);
                     return;
                 }
+                String token = req.getHeader(ACCESS_TOKEN);
                 Resource resource = protocolAuthService.parseResource(req, secured);
                 IdentityContext identityContext = protocolAuthService.parseIdentity(req);
-                boolean result = protocolAuthService.validateIdentity(identityContext, resource);
+                boolean result = protocolAuthService.validateIdentity(identityContext, resource,token);
                 if (!result) {
                     // TODO Get reason of failure
                     throw new AccessException("Validate Identity failed.");

core/src/main/java/com/alibaba/nacos/core/auth/RemoteRequestAuthFilter.java

@@ -35,6 +35,8 @@
 
 import java.lang.reflect.Method;
 
+import static com.alibaba.nacos.api.common.Constants.ACCESS_TOKEN;
+
 /**
  * request auth filter for remote.
  *
@@ -72,9 +74,10 @@ public Response filter(Request request, RequestMeta meta, Class handlerClazz) th
                 }
                 String clientIp = meta.getClientIp();
                 request.putHeader(Constants.Identity.X_REAL_IP, clientIp);
+                String token = request.getHeader(ACCESS_TOKEN);
                 Resource resource = protocolAuthService.parseResource(request, secured);
                 IdentityContext identityContext = protocolAuthService.parseIdentity(request);
-                boolean result = protocolAuthService.validateIdentity(identityContext, resource);
+                boolean result = protocolAuthService.validateIdentity(identityContext, resource,token);
                 if (!result) {
                     // TODO Get reason of failure
                     throw new AccessException("Validate Identity failed.");

plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthManager.java

@@ -103,6 +103,9 @@ private String resolveToken(HttpServletRequest request) throws AccessException {
             return bearerToken.substring(7);
         }
         bearerToken = request.getParameter(Constants.ACCESS_TOKEN);
+        if(StringUtils.isBlank(bearerToken)){
+            bearerToken = request.getHeader(Constants.ACCESS_TOKEN);
+        }
         if (StringUtils.isBlank(bearerToken)) {
             String userName = request.getParameter(AuthConstants.PARAM_USERNAME);
             String password = request.getParameter(AuthConstants.PARAM_PASSWORD);
@@ -118,6 +121,7 @@ private String resolveToken(IdentityContext identityContext) throws AccessExcept
             return bearerToken.substring(7);
         }
         bearerToken = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY);
+
         if (StringUtils.isBlank(bearerToken)) {
             String userName = (String) identityContext.getParameter(AuthConstants.PARAM_USERNAME);
             String password = (String) identityContext.getParameter(AuthConstants.PARAM_PASSWORD);

plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthPluginService.java

@@ -67,11 +67,16 @@ public boolean enableAuth(ActionTypes action, String type) {
         // enable all of action and type
         return true;
     }
-    
+
     @Override
     public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
+        return false;
+    }
+
+    @Override
+    public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInhead) throws AccessException {
         checkNacosAuthManager();
-        String token = resolveToken(identityContext);
+        String token = resolveToken(identityContext,tokenInhead);
         NacosUser nacosUser;
         if (StringUtils.isNotBlank(token)) {
             nacosUser = authenticationManager.authenticate(token);
@@ -86,13 +91,16 @@ public boolean validateIdentity(IdentityContext identityContext, Resource resour
         return true;
     }
 
-    private String resolveToken(IdentityContext identityContext) {
+    private String resolveToken(IdentityContext identityContext,String token) {
         String bearerToken = identityContext.getParameter(AuthConstants.AUTHORIZATION_HEADER, StringUtils.EMPTY);
         if (StringUtils.isNotBlank(bearerToken) && bearerToken.startsWith(AuthConstants.TOKEN_PREFIX)) {
             return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length());
         }
-
-        return identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY);
+        String result = identityContext.getParameter(Constants.ACCESS_TOKEN, StringUtils.EMPTY);
+        if(result.equals(StringUtils.EMPTY)){
+            return token;
+        }
+        return result;
     }
 
     @Override

plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java

@@ -111,7 +111,9 @@ private String resolveToken(HttpServletRequest request) {
             return bearerToken.substring(AuthConstants.TOKEN_PREFIX.length());
         }
         bearerToken = request.getParameter(Constants.ACCESS_TOKEN);
-
+        if(StringUtils.isBlank(bearerToken)){
+            bearerToken = request.getHeader(Constants.ACCESS_TOKEN);
+        }
         return bearerToken;
     }
 

plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/filter/JwtAuthenticationTokenFilter.java

@@ -72,6 +72,9 @@ private String resolveToken(HttpServletRequest request) {
             return bearerToken.substring(TOKEN_PREFIX.length());
         }
         String jwt = request.getParameter(Constants.ACCESS_TOKEN);
+        if(StringUtils.isBlank(jwt)){
+            jwt = request.getHeader(Constants.ACCESS_TOKEN);
+        }
         if (StringUtils.isNotBlank(jwt)) {
             return jwt;
         }

plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/spi/server/AuthPluginService.java

@@ -57,6 +57,17 @@ public interface AuthPluginService {
      * @throws AccessException if authentication is failed
      */
     boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException;
+
+    /**
+     * To validate whether the identity context from request is legal or illegal.
+     *
+     * @param identityContext where we can find the user information
+     * @param resource        resource about this user information
+     * @param tokenInHeader    token in header
+     * @return {@code true} if legal, otherwise {@code false}
+     * @throws AccessException if authentication is failed
+     */
+    boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource,String tokenInHeader) throws AccessException;
 
     /**
      * Validate the identity whether has the resource authority.

plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockAuthPluginService.java

@@ -47,7 +47,12 @@ public boolean enableAuth(ActionTypes action, String type) {
     public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
         return false;
     }
-
+
+    @Override
+    public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException {
+        return false;
+    }
+
     @Override
     public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException {
         return false;

plugin/auth/src/test/java/com/alibaba/nacos/plugin/auth/spi/mock/MockEmptyNameAuthPluginService.java

@@ -46,7 +46,12 @@ public boolean enableAuth(ActionTypes action, String type) {
     public boolean validateIdentity(IdentityContext identityContext, Resource resource) throws AccessException {
         return false;
     }
-
+
+    @Override
+    public boolean validateIdentityInHeader(IdentityContext identityContext, Resource resource, String tokenInHeader) throws AccessException {
+        return false;
+    }
+
     @Override
     public Boolean validateAuthority(IdentityContext identityContext, Permission permission) throws AccessException {
         return false;