From 7379ac5c97ba2be4e44394bdd2d87a4346684a4c Mon Sep 17 00:00:00 2001 From: Cheng YouLing <97039406+chengyouling@users.noreply.github.com> Date: Tue, 5 Dec 2023 15:28:17 +0800 Subject: [PATCH] [#1119] api security check: requests all allow when security policy not set (#1121) --- .../SecurityPolicyAccessController.java | 6 +++++- .../SecurityPolicyAccessControllerTest.java | 13 +++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java index b7f54f2df..c2c612e21 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java @@ -14,7 +14,7 @@ */ package com.huaweicloud.governance.authentication.securityPolicy; -import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -49,6 +49,10 @@ public boolean isAllowed(AuthRequestExtractor extractor) throws Exception { if (StringUtils.isEmpty(currentServiceName)) { currentServiceName = authenticationAdapter.getServiceName(extractor.serviceId()); } + // mode is null, see not set policy, all request allow. + if (StringUtils.isEmpty(securityPolicyProperties.getMode())) { + return true; + } return checkAllowAndDeny(currentServiceName, extractor); } diff --git a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java index cc5d40dc5..f57c25d7f 100644 --- a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java +++ b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java @@ -551,6 +551,19 @@ public void testUriSuffixNotMatch() throws Exception { .isAllowed(extractor)); } + @Test + public void testPolicyIsNull() throws Exception { + AuthRequestExtractor extractor = createAuthRequestExtractor("/checkTokenPer/security/checkTokenSfu"); + Assertions.assertTrue(getNoSettingAccessController() + .isAllowed(extractor)); + } + + private SecurityPolicyAccessController getNoSettingAccessController() { + securityPolicyProperties.setAction(null); + securityPolicyProperties.setMode(null); + return new SecurityPolicyAccessController(authenticationAdapter, securityPolicyProperties); + } + private SecurityPolicyAccessController getAllowAccessController(String mode) { Action action = new Action(); action.setAllow(buildAllow());