Nacos2.3.2开启服务端用户认证的坑
· 阅读需 3 分钟
最近升级Nacos服务端到版本2.3.2。但是在开启服务端用户认证的时候出现了问题。
下载地址:Nacos Server
首先修改配置文件application.properties 开启认证:
nacos.core.auth.system.type=nacos
nacos.core.auth.enabled=true
nacos.core.auth.server.identity.key=nacos
nacos.core.auth.server.identity.value=123456
报错:Unable to start embedded Tomcat
重启迎来第一个报错:
org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat
...
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'basicAuthenticationFilter' defined in class path resource [com/alibaba/nacos/prometheus/filter/PrometheusAuthFilter.class]: Unsatisfied dependency expressed through method 'basicAuthenticationFilter' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'nacosAuthConfig' defined in URL [jar:file:/Users/lichenghao/my/tool/nacos-server-2.3.2/target/nacos-server.jar!/BOOT-INF/lib/default-auth-plugin-2.3.2.jar!/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'tokenManagerDelegate': Unsatisfied dependency expressed through field 'jwtTokenManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtTokenManager' defined in URL [jar:file:/Users/lichenghao/my/tool/nacos-server-2.3.2/target/nacos-server.jar!/BOOT-INF/lib/default-auth-plugin-2.3.2.jar!/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.class]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.alibaba.nacos.plugin.auth.impl.token.impl.JwtTokenManager]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: the length of secret key must great than or equal 32 bytes; And the secret key must be encoded by base64.Please see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html
看着报错好像缺少了一个参数关于token的,查看文档:自定义密钥
修改配置:
随意搜索一个工具生成一个base64编码的字符串,Base64 在线编码解码
nacos.core.auth.system.type=nacos
nacos.core.auth.enabled=true
nacos.core.auth.server.identity.key=nacos
nacos.core.auth.server.identity.value=123456
nacos.core.auth.plugin.nacos.token.secret.key=NjExYmJhY2NjMDU1NGFmNDgxMDgyODZlZTU5MjI2OWM=
报错:用户名或密码错误
再次启动,使用用户名nacos和密码123456登录,迎来第二个错误:用户名或密码错误
看文档提示:
server.identity
集群均需要配置相同的server.identity信息,否则可能导致服务端之间数据不一致或无法删除实例等问题。
也就是说上面配置的server.identity.key和value并不是用来认证用户的。
系统默认的用户名为nacos 密码也是nacos,需要使用该默认的账号登录后,手动修改密码才可以。
修改为自定义密码后,即可在项目中配置使用:
spring:
cloud:
nacos:
server-addr: localhost:8848
username: nacos
password: 123456
config:
file-extension: yaml
namespace: IMP
group: DEV
discovery:
namespace: IMP
group: DEV
sentinel:
transport:
dashboard: 192.168.1.187:8858
eager: true