[ISSUE alibaba#12060] fix too large ttl when auth disabled

fix issue alibaba#12060 1. fix too large ttl when auth disabled 2. generate a valid token when key is valid even if auth disabled
DemonHugo · May 12, 2024 · 4184147 · 4184147
1 parent b047a90
commit 4184147
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java b/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
@@ -103,10 +103,13 @@ public String createToken(Authentication authentication) {
      * @return token
      */
     public String createToken(String userName) {
-        if (!authConfigs.isAuthEnabled()) {
+        // create a token when auth enabled or nacos.core.auth.plugin.nacos.token.secret.key is configured
+        if (!authConfigs.isAuthEnabled() && null == jwtParser) {
             return AUTH_DISABLED_TOKEN;
+        } else if (authConfigs.isAuthEnabled()) {
+            // check nacos.core.auth.plugin.nacos.token.secret.key only if auth enabled
+            checkJwtParser();
         }
-        checkJwtParser();
         return jwtParser.jwtBuilder().setUserName(userName).setExpiredTime(this.tokenValidityInSeconds).compact();
     }
 
@@ -147,7 +150,7 @@ public long getTokenValidityInSeconds() {
     @Override
     public long getTokenTtlInSeconds(String token) throws AccessException {
         if (!authConfigs.isAuthEnabled()) {
-            return TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + tokenValidityInSeconds;
+            return tokenValidityInSeconds;
         }
         return jwtParser.getExpireTimeInSeconds(token) - TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
     }