[ISSUE #4701] Fix bypass authentication(identity) problem.

console/src/main/java/com/alibaba/nacos/console/config/ConsoleConfig.java

@@ -50,9 +50,10 @@ public class ConsoleConfig {
      */
     @PostConstruct
     public void init() {
+        methodsCache.initClassMethod("com.alibaba.nacos.core.controller");
         methodsCache.initClassMethod("com.alibaba.nacos.naming.controllers");
-        methodsCache.initClassMethod("com.alibaba.nacos.console.controller");
         methodsCache.initClassMethod("com.alibaba.nacos.config.server.controller");
+        methodsCache.initClassMethod("com.alibaba.nacos.console.controller");
     }
 
     @Bean

console/src/main/resources/application.properties

@@ -126,6 +126,13 @@ nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789
 ### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.
 nacos.core.auth.caching.enabled=true
 
+### Since 1.4.1, Turn on/off white auth for user-agent: nacos-server, only for upgrade from old version.
+nacos.core.auth.enable.userAgentAuthWhite=false
+
+### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
+### The two properties is the white list for auth and used by identity the request from other server.
+nacos.core.auth.server.identity.key=serverIdentity
+nacos.core.auth.server.identity.value=security
 
 #*************** Istio Related Configurations ***************#
 ### If turn on the MCP server:

core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java

@@ -100,7 +100,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             Method method = methodsCache.getMethod(req);
 
             if (method == null) {
-                chain.doFilter(request, response);
+                // For #4701, Only support register API.
+                resp.sendError(HttpServletResponse.SC_NOT_FOUND,
+                        "Not found mehtod for path " + req.getMethod() + " " + req.getRequestURI());
                 return;
             }
 

core/src/main/java/com/alibaba/nacos/core/code/ControllerMethodsCache.java

@@ -16,6 +16,8 @@
 
 package com.alibaba.nacos.core.code;
 
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
 import com.alibaba.nacos.common.utils.CollectionUtils;
 import com.alibaba.nacos.core.auth.RequestMappingInfo;
 import com.alibaba.nacos.core.auth.RequestMappingInfo.RequestMappingInfoComparator;
@@ -65,9 +67,6 @@ public class ControllerMethodsCache {
 
     public Method getMethod(HttpServletRequest request) {
         String path = getPath(request);
-        if (path == null) {
-            return null;
-        }
         String httpMethod = request.getMethod();
         String urlKey = httpMethod + REQUEST_PATH_SEPARATOR + path.replaceFirst(EnvUtil.getContextPath(), "");
         List<RequestMappingInfo> requestMappingInfos = urlLookup.get(urlKey);
@@ -94,13 +93,12 @@ public Method getMethod(HttpServletRequest request) {
     }
 
     private String getPath(HttpServletRequest request) {
-        String path = null;
         try {
-            path = new URI(request.getRequestURI()).getPath();
+            return new URI(request.getRequestURI()).getPath();
         } catch (URISyntaxException e) {
             LOGGER.error("parse request to path error", e);
+            throw new NacosRuntimeException(NacosException.NOT_FOUND, "Invalid URI");
         }
-        return path;
     }
 
     private List<RequestMappingInfo> findMatchedInfo(List<RequestMappingInfo> requestMappingInfos,
@@ -219,6 +217,9 @@ private void addUrlAndMethodRelation(String urlKey, String[] requestParam, Metho
         if (requestMappingInfos == null) {
             urlLookup.putIfAbsent(urlKey, new ArrayList<>());
             requestMappingInfos = urlLookup.get(urlKey);
+            // For issue #4701.
+            String urlKeyBackup = urlKey + "/";
+            urlLookup.putIfAbsent(urlKeyBackup, requestMappingInfos);
         }
         requestMappingInfos.add(requestMappingInfo);
         methods.put(requestMappingInfo, method);