After open auth, the username and password don't refresh when changing config file.

alibaba / nacos

an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications.

https://nacos.io

Apache License 2.0

30.07k stars 12.81k forks source link

After open auth, the username and password don't refresh when changing config file. #2983

Closed brandonstack closed 4 years ago

brandonstack commented 4 years ago

Issue Description

Type: bug report

Describe what happened (or what feature you want)

Background: opened auth on dev namespace, and start the app-server, changed the password of the user, and publish the change on config file. 6hrs later, all app-server which not restart during that time, cannot connect to the nacos server. The log is: client :403 error page auth server log: unknow user, token expired.

Describe what you expected to happen

Whenever changing the password, the client always can login and get token.

How to reproduce it (as minimally and precisely as possible)

open auth, and start the app-server.
change password on admin page and apply on config file, don't restart app-server.
when token expired(6 hr), app-server cannot connect to server.

Tell us your environment

just standalone. Version: v1.2.1 v1.3.0

Anything else we need to know?

I assume the client init username and password when first start, and don't refresh when config file changing.

chuntaojun commented 4 years ago

You changed the password. Did nacos-Client match the password

brandonstack commented 4 years ago

Yes, of course, and the client can get config. And when restart nacos-client, all is well.

chuntaojun commented 4 years ago

Are you saying that your Nacos-Client reconfigured the password and restarted it, and after six hours, there's 403?

brandonstack commented 4 years ago

We reconfigured the password, not restart it. after the token expired, theres's 403. And after we restart nacos-client, everything's ok. 从nacos控制台修改密码之后, 修改配置文件, 等token失效之后, 所有的服务都连接不上了, core-auth 提示unkown user, token expired. 重启nacos-client(app-server), 之后就好了

brandonstack commented 4 years ago

The username and password in com.alibaba.nacos.client.security.SecurityProxy never change after startup.

brandonstack commented 4 years ago

chuntaojun commented 4 years ago

Are you use spring-cloud-alibaba，and discovery account password store in the nacos-config?

chuntaojun commented 4 years ago

Is it a single embedded storage mode

brandonstack commented 4 years ago

we use mysql, spring-cloud-alibaba and discovery account password store in the nacos-config.

chuntaojun commented 4 years ago

You are not allowed to do this. The password of the discovery account will not be refreshed

chuntaojun commented 4 years ago

The account password will only be initialized when the program starts, because the cloud side maintains the nacOS instance singly

brandonstack commented 4 years ago

Do you mean we can't change account info during app-server running? If we change the password, all app-server halt, the whole system down. And you think it's a feature rather than a bug?

chuntaojun commented 4 years ago

It‘s not bug or fearure, This is not an issue with nacos, but rather with the maintenance of nacOS instances as singletons on the SpringCloud side