[ISSUE alibaba#12060] fix too large ttl when auth disabled

fix issue alibaba#12060 1. fix too large ttl when auth disabled 2. generate a valid token when key is valid even if auth disabled
DemonHugo · May 12, 2024 · 4184147 · 4184147
1 parent b047a90
commit 4184147
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java b/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
@@ -103,10 +103,13 @@ public String createToken(Authentication authentication) {
  * @return token
  */
  public String createToken(String userName) {
- if (!authConfigs.isAuthEnabled()) {
+ // create a token when auth enabled or nacos.core.auth.plugin.nacos.token.secret.key is configured
+ if (!authConfigs.isAuthEnabled() && null == jwtParser) {
  return AUTH_DISABLED_TOKEN;
+ } else if (authConfigs.isAuthEnabled()) {
+ // check nacos.core.auth.plugin.nacos.token.secret.key only if auth enabled
+ checkJwtParser();
  }
- checkJwtParser();
  return jwtParser.jwtBuilder().setUserName(userName).setExpiredTime(this.tokenValidityInSeconds).compact();
  }
 
@@ -147,7 +150,7 @@ public long getTokenValidityInSeconds() {
  @Override
  public long getTokenTtlInSeconds(String token) throws AccessException {
  if (!authConfigs.isAuthEnabled()) {
- return TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + tokenValidityInSeconds;
+ return tokenValidityInSeconds;
  }
  return jwtParser.getExpireTimeInSeconds(token) - TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
  }