Resolves#13824
This commit adds support for authentication of AI-related gRPC requests
(AbstractMcpRequest and AbstractAgentRequest) in the Nacos auth module.
Key changes:
- Implement AiGrpcResourceParser to extract namespace, group and resource name
from AI protocol requests.
- Register AiGrpcResourceParser under SignType.AI in GrpcProtocolAuthService.
- Add comprehensive unit tests using parameterized testing to cover both
MCP and Agent request types, including edge cases (null/empty fields).
- Fix missing security token refresh in AiGrpcClient by initializing
SecurityProxy with scheduled login task.
Ensures that all incoming AI gRPC requests are properly authenticated
when security is enabled, closing a previous authorization gap.
* Add AI MCP console api.
* Add AI MCP resource parser.
* Add mcp server console api inner implementation without tool operation.
* Add endpoint Specification for mcp api.
* Abstract some remote relative server spec into McpServerRemoteServiceConfig.
* Support handle mcp server tool.
* Support handle mcp server endpoint and fix some tools bug.
* Change auth plugin return boolean to AuthResult.
* set AuthContext result as AuthResult.
* Refactor to remove using AuthConfigs, replaced with NacosAuthConfig.
* Refactor to remove using AuthConfigs, replaced with NacosAuthConfig.
* Move AuthConfigs to default auth plugin impl module.
* Fix nacos client and relative depend ut.
* Fix nacos config ut.
* Fix nacos console ut.
* Fix nacos core ut.
* Fix nacos naming ut.
* Fix nacos default-auth-plugin-impl ut.
* Fix nacos prometheus ut.
* Fix cluster mode deployment can't change the server port problem.
* Fix cluster mode can't get service subscribers in console.
* Fix cluster mode can't get config listener in console.
* Support start up with console only mode: step1 - basic start up.
* Support start up with console only mode: step2 - solve server state to fix console ui loading.
* Add old API Compatibility annotation logic and control namespace api.
* Add Compatibility annotation for old console module API.
* Add Compatibility annotation for old core module API.
* Add Compatibility annotation for old naming module API.
* Add Compatibility annotation for old config module API.
* Add Compatibility annotation for old default auth plugin module API.
* Add api compatibility configuration to application.properties.
* Add unit test for compatibility.
* [ISSUE #12017] Git Test
* Git Test
* [ISSUE #12017] Fix Git Test
* Fix Git Test
* [ISSUE #12017] Splitting server and console authentication
* Add ApiType annotations
* Update configuration file to add fields
* Update console authentication status fetch
* Update `application.properties` - Reuse `nacos.core.auth.enabled` and add `nacos.core.auth.console.enabled`
* Update `AuthConfigs` - Modify `isAuthEnabled()` to manage plugin initialization
* Update `AbstractProtocolAuthService` - Implement `isAuthEnabled()` method for `Secured` annotation and configuration-based authentication
* Update `RemoteRequestAuthFilter` - Use `authConfigs.isAuthEnabled()` for initialization and `protocolAuthService.authEnabled(secured)` for authentication checks
* [ISSUE #12017] Update the location of the authentication judgment
* Update the location of the authentication judgment
* 提交测试
* [ISSUE #12017] Add console backend configuration handling with proxy and handler layers
* Add ConfigHandler interface for defining configuration operations
* Add ConfigInnerHandler to handle internal configuration logic
* Add ConfigProxy to delegate configuration tasks based on deployment type
* Add ConfigController to utilize ConfigProxy for configuration operations
* Update ConsoleConfig to get development type
* [ISSUE #12017] Fix checkstyle format
* Fix checkstyle format
* Add configuration file fields
* [ISSUE #12017] Update ConsoleConfigController route
* Update ConsoleConfigController route
* [ISSUE #12017] Fix CI PMD violation
* Delete unnecessary comments
* [ISSUE #12017] Update ConsoleConfigController return format
* Update ConsoleConfigController return format
* [ISSUE #12017] Update ConsoleConfigController publishConfig
* Update ConsoleConfigController publishConfig
* [ISSUE #12017] Updated the backend of the console's config section
* Added parameter validation and return value encapsulation to the Controller section
* Put business operations into the handler layer
* A total of 9 APIs are involved in the config section.
* [ISSUE #12017] Updating the config section backend methods
* Updating the config section backend methods
* [ISSUE #12017] Add unit tests for the config section
* Add unit tests for the config section
* Update uri of query method
* [ISSUE #12017] Delete redundant error codes
* Delete redundant error codes
---------
Co-authored-by: rickonzhang <2239164929@qq.com>
* For #10734,Refactor the AbstractConfigRequest ,move common properties from its subclasses to the parent class,to reduce the number of corresponding parameter extractors by .
* For #10734,add ParamCheckRules,ParamCheckUtils, add ParamExtractor interface and the abstract classes HttpParamExtractor and RpcParamExtractor, implement the corresponding Manager.
* For #10734,fix codestyle
* For #10734,fix codestyle , move extractor and extractorManager to core directory
* For #10734,fix codestyle
* For #10734,fix dependency of common module
* For #10734,fix codestyle and copyright
* For #10734,fix pom codestyle and copyright
* For #10734,fix pom codestyle and copyright
* For #10734,fix copyright
* For #10734,fix copyright
* For #10734,fix bug caused by refactor of AbstractConfigRequest ,add ut test of ParamExtractorManager
* For #10734,fix bug caused by refactor of AbstractConfigRequest
---------
Co-authored-by: zhuoguang <sunrisea@B-Q6UQMD6R-0222.local>
* Keep original resource parse result rathar than use any replace when resource is empty.
* Identity Builder for http will be case-insensitive.
* For checkstyle.
hongye
杨翊 SionYang
icarus
Moritz Arena
张煜坤
blake.qiu
hth
shalk(xiao kun)
zhanghong
阿魁
Sunrisea
WangLiang/王良
gongzhongqiang
陈浩 Nineteen
Karson