search

alibaba / nacos

an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications.
https://nacos.io
Apache License 2.0
30.29k stars 12.84k forks source link

password contain special word will throw unknown user #3992

Closed pangtuzhou closed 4 years ago

pangtuzhou commented 4 years ago

server版本 1.3.2 jar版本

com.alibaba.cloud spring-cloud-alibaba-dependencies 
            <version>2.2.3.RELEASE</version>

我用原生的用户nacos密码nacos是可以正常使用的 我创建一个新的用户,我是可以登录页面操作查看和修改的,但是放代码配置里面启动就报错unknown user! 我看到以前是有这个问题,但是不是修改了吗?为什么又出现,我是下载最新的server1.3.2-release的

horizonzy commented 4 years ago

报错日志的堆栈发一下呢

pangtuzhou commented 4 years ago

com.alibaba.nacos.api.exception.NacosException:

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Thu Oct 15 10:42:32 CST 2020
There was an unexpected error (type=Forbidden, status=403).
unknown user!
at com.alibaba.nacos.client.config.impl.ClientWorker.getServerConfig(ClientWorker.java:330) at com.alibaba.nacos.client.config.NacosConfigService.getConfigInner(NacosConfigService.java:149) at com.alibaba.nacos.client.config.NacosConfigService.getConfig(NacosConfigService.java:97) at com.alibaba.cloud.nacos.client.NacosPropertySourceBuilder.loadNacosData(NacosPropertySourceBuilder.java:85) at com.alibaba.cloud.nacos.client.NacosPropertySourceBuilder.build(NacosPropertySourceBuilder.java:74) at com.alibaba.cloud.nacos.client.NacosPropertySourceLocator.loadNacosPropertySource(NacosPropertySourceLocator.java:204) at com.alibaba.cloud.nacos.client.NacosPropertySourceLocator.loadNacosDataIfPresent(NacosPropertySourceLocator.java:191) at com.alibaba.cloud.nacos.client.NacosPropertySourceLocator.loadApplicationConfiguration(NacosPropertySourceLocator.java:142) at com.alibaba.cloud.nacos.client.NacosPropertySourceLocator.locate(NacosPropertySourceLocator.java:103) at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:52) at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:98) at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:626) at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:370) at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) at org.gz.platform.PlatformApplication.main(PlatformApplication.java:23)

horizonzy commented 4 years ago

看起来是你的请求中携带的用户信息错误。你能本地debug一下吗。看一下最开始初始化NacosConfigService时,这个类com.alibaba.nacos.client.config.http.ServerHttpAgent#ServerHttpAgent(java.util.Properties)的构造方法中,调用securityProxy.login()方法内部,是否获取到了token信息。在调用getConfig时,再看一下com.alibaba.nacos.client.config.http.ServerHttpAgent#httpGet这个方法中执行的injectSecurityInfo()方法,看下注入的认证信息呢

pangtuzhou commented 4 years ago

我突然有一个想法改密码是不是我密码带有特殊字符导致的,果然codeuser@348这个密码不行,123456密码就没有问题,我又改codeuser@348这个,又不行。改回123456有可以了。呵呵 顺带问一个问题,你们对于不想把密码文明配置在配置文件里面,有什么好的策略不,我想到jasypt工具,盐配置环境变量里面,你们有其他好的方案不

KomachiSion commented 4 years ago

The reason is two community contributors modified password encode, I will revert one of this, it will fixed in 1.4.0