nacos1.4.1修復鑑權漏洞報longPolling錯誤,動態重新整理失敗解決方法(建議修復到最新版)
阿新 • • 發佈:2021-01-30
技術標籤:javaspring cloud alibabaspring bootdockercloud
名稱 | 版本 |
spring-cloud-alibaba-dependencies | 2.2.4.RELEASE |
spring-cloud-dependencies | 2020.0.0 |
spring-boot-dependencies | 2.4.2 |
nacos-docker | 1.4.1 |
父程式POM
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>XXX</groupId> <artifactId>XXX</artifactId> <version>0.0.1</version> <packaging>pom</packaging> <name>XXX</name> <properties> <java.version>1.8</java.version> <spring-boot.version>2.4.2</spring-boot.version> <spring-cloud.version>2020.0.0</spring-cloud.version> <spring-cloud.alibaba.version>2.2.4.RELEASE</spring-cloud.alibaba.version> <docker.image.prefix>cloud</docker.image.prefix> <docker.repostory>XXX</docker.repostory> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <!--bootstrap 啟動器(不加會找不到bootstrap的配置檔案) --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-bootstrap</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <scope>provided</scope> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-dependencies</artifactId> <version>${spring-boot.version}</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>${spring-cloud.version}</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-alibaba-dependencies</artifactId> <version>${spring-cloud.alibaba.version}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <build> <plugins> <plugin> <inherited>false</inherited> <groupId>com.spotify</groupId> <artifactId>dockerfile-maven-plugin</artifactId> <configuration> <skip>true</skip> </configuration> </plugin> </plugins> </build> <repositories> <repository> <id>spring-milestones</id> <name>Spring Milestones</name> <url>https://repo.spring.io/milestone</url> </repository> </repositories> <profiles> <profile> <id>dev</id> <properties> <!-- 環境標識,需要與配置檔案的名稱相對應 --> <profiles.active>dev</profiles.active> </properties> <activation> <!-- 預設環境 --> <activeByDefault>true</activeByDefault> </activation> </profile> </profiles> <modules> <module>XXX</module> <module>XXX</module> </modules> </project>
子程式POM
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>XXX</groupId> <artifactId>XXX</artifactId> <version>0.0.1</version> </parent> <packaging>jar</packaging> <version>0.0.1</version> <artifactId>XXX</artifactId> <dependencies> <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId> </dependency> <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <!-- 使用Maven外掛直接將應用打包為一個Docker映象 --> <plugin> <groupId>com.spotify</groupId> <!-- 這裡使用新版dockerfile-maven-plugin外掛 --> <artifactId>dockerfile-maven-plugin</artifactId> <version>1.4.13</version> <executions> <execution> <id>default</id> <goals> <!-- 如果package時不想用docker打包,就註釋掉這個goal --> <goal>build</goal> <goal>push</goal> </goals> </execution> </executions> <configuration> <dockerHost>${docker.repostory}</dockerHost> <useMavenSettingsForAuth>true</useMavenSettingsForAuth> <!-- Dockerfile目錄指定 --> <contextDirectory>${project.basedir}</contextDirectory> <!-- 上傳路徑/映象構建名: Harbor地址/Harbor專案名/springboot專案名 --> <repository>${docker.repostory}/${docker.image.prefix}/${project.artifactId}</repository> <!-- 生成映象標籤 如不指定 預設為latest --> <tag>${project.version}</tag> <buildArgs> <!-- 理論上這裡定義的引數可以傳遞到Dockerfile檔案中,目前未實現 --> <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE> </buildArgs> </configuration> </plugin> </plugins> </build> </project>
bootstrap.yml
server:
port: 8001
spring:
cloud:
nacos:
config:
server-addr: XXX:30252,XXX:30252,XXX:30252
file-extension: yml
namespace: 0efa5a84-8cca-4733-b11e-71a2f92139ef
discovery:
server-addr: ${spring.cloud.nacos.config.server-addr}
namespace: ${spring.cloud.nacos.config.namespace}
application:
name: @ [email protected]
以nacos作為註冊配置中心,啟動可以查詢到配置,開啟Auto後修改配置能重新整理一次,但是longPolling提示error,後面修改就不重新整理了。
2021-01-21 18:17:23.179 INFO 42860 --- [on(3)-127.0.0.1] o.s.web.servlet.DispatcherServlet : Completed initialization in 9 ms
2021-01-21 18:20:29.011 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : [fixed-116.62.5.***_8848-5bcb010f-1e57-4aac-97c8-35f99ec0ab25] [polling-resp] config changed. dataId=common-test.yaml, group=DEFAULT_GROUP, tenant=5bcb010f-1e57-4aac-97c8-35f99ec0ab25
2021-01-21 18:20:29.011 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : get changedGroupKeys:[common-test.yaml+DEFAULT_GROUP+5bcb010f-1e57-4aac-97c8-35f99ec0ab25]
2021-01-21 18:20:29.068 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : [fixed-116.62.5.***_8848-5bcb010f-1e57-4aac-97c8-35f99ec0ab25] [data-received] dataId=common-test.yaml, group=DEFAULT_GROUP, tenant=5bcb010f-1e57-4aac-97c8-35f99ec0ab25, md5=53c6527efdd50016dfebc327dde5b0da, content=common_message: hello world!wocao444400087754544, type=yaml
2021-01-21 18:20:29.070 INFO 42860 --- [c8-35f99ec0ab25] c.a.nacos.client.config.impl.CacheData : [fixed-116.62.5.***_8848-5bcb010f-1e57-4aac-97c8-35f99ec0ab25] [notify-context] dataId=common-test.yaml, group=DEFAULT_GROUP, md5=53c6527efdd50016dfebc327dde5b0da
2021-01-21 18:20:29.458 WARN 42860 --- [c8-35f99ec0ab25] c.a.c.n.c.NacosPropertySourceBuilder : Ignore the empty nacos configuration and get it based on dataId[provider] & group[DEFAULT_GROUP]
2021-01-21 18:20:29.483 WARN 42860 --- [c8-35f99ec0ab25] c.a.c.n.c.NacosPropertySourceBuilder : Ignore the empty nacos configuration and get it based on dataId[provider.yaml] & group[DEFAULT_GROUP]
2021-01-21 18:20:29.516 INFO 42860 --- [c8-35f99ec0ab25] b.c.PropertySourceBootstrapConfiguration : Located property source: [BootstrapPropertySource {name='bootstrapProperties-provider-test.yaml,DEFAULT_GROUP'}, BootstrapPropertySource {name='bootstrapProperties-provider.yaml,DEFAULT_GROUP'}, BootstrapPropertySource {name='bootstrapProperties-provider,DEFAULT_GROUP'}, BootstrapPropertySource {name='bootstrapProperties-common-test.yaml,DEFAULT_GROUP'}]
2021-01-21 18:20:29.522 INFO 42860 --- [c8-35f99ec0ab25] o.s.boot.SpringApplication : The following profiles are active: test
2021-01-21 18:20:29.539 INFO 42860 --- [c8-35f99ec0ab25] o.s.boot.SpringApplication : Started application in 0.458 seconds (JVM running for 198.241)
2021-01-21 18:20:29.542 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.c.config.http.ServerHttpAgent : com.alibaba.nacos.client.config.http.ServerHttpAgent do shutdown begin
2021-01-21 18:20:29.542 WARN 42860 --- [c8-35f99ec0ab25] com.alibaba.nacos.client.naming : [ConfigHttpClientManager] Start destroying NacosRestTemplate
2021-01-21 18:20:29.542 WARN 42860 --- [c8-35f99ec0ab25] com.alibaba.nacos.client.naming : [ConfigHttpClientManager] Destruction of the end
2021-01-21 18:20:29.543 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.identify.CredentialWatcher : [null] CredentialWatcher is stopped
2021-01-21 18:20:29.543 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.identify.CredentialService : [null] CredentialService is freed
2021-01-21 18:20:29.543 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.c.config.http.ServerHttpAgent : com.alibaba.nacos.client.config.http.ServerHttpAgent do shutdown stop
2021-01-21 18:20:29.543 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : com.alibaba.nacos.client.config.impl.ClientWorker do shutdown begin
2021-01-21 18:20:29.719 INFO 42860 --- [ing.beat.sender] c.a.n.client.identify.CredentialWatcher : null No credential found
2021-01-21 18:20:32.550 INFO 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : com.alibaba.nacos.client.config.impl.ClientWorker do shutdown stop
2021-01-21 18:20:32.791 INFO 42860 --- [c8-35f99ec0ab25] o.s.c.e.event.RefreshEventListener : Refresh keys changed: [common_message]
2021-01-21 18:20:32.791 INFO 42860 --- [c8-35f99ec0ab25] c.a.nacos.client.config.impl.CacheData : [fixed-116.62.5.***_8848-5bcb010f-1e57-4aac-97c8-35f99ec0ab25] [notify-ok] dataId=common-test.yaml, group=DEFAULT_GROUP, md5=53c6527efdd50016dfebc327dde5b0da, l[email protected]2d2e26fd
2021-01-21 18:20:32.791 INFO 42860 --- [c8-35f99ec0ab25] c.a.nacos.client.config.impl.CacheData : [fixed-116.62.5.***_8848-5bcb010f-1e57-4aac-97c8-35f99ec0ab25] [notify-listener] time cost=3721ms in ClientWorker, dataId=common-test.yaml, group=DEFAULT_GROUP, md5=53c6527efdd50016dfebc327dde5b0da, l[email protected]2d2e26fd
2021-01-21 18:20:32.795 ERROR 42860 --- [c8-35f99ec0ab25] c.a.n.client.config.impl.ClientWorker : longPolling error :
java.util.concurrent.RejectedExecutionException: Task java.[email protected]55441ce8[Not completed, task = [email protected][Wrapped task = com.al[email protected]981daeb]] rejected from [email protected][Shutting down, pool size = 1, active threads = 1, queued tasks = 0, completed tasks = 8]
at java.base/java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(ThreadPoolExecutor.java:2055) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.reject(ThreadPoolExecutor.java:825) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:340) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.schedule(ScheduledThreadPoolExecutor.java:562) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.execute(ScheduledThreadPoolExecutor.java:705) ~[na:na]
at com.alibaba.nacos.client.config.impl.ClientWorker$LongPollingRunnable.run(ClientWorker.java:635) ~[nacos-client-1.4.1.jar:na]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[na:na]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
只知道Nacos 1.4.1修復指定特殊UA 可繞過所有鑑權的安全漏洞後,鑑權重新整理就失敗,正確bootstrap.yml配置
server:
port: 8001
spring:
cloud:
nacos:
username: nacos
password: naocs
config:
# 獲取配置必須地址不然會一直呼叫本地8848服務
server-addr: XXX:30252,XXX:30252,XXX:30252
file-extension: yml
namespace: 0efa5a84-8cca-4733-b11e-71a2f92139ef
discovery:
server-addr: ${spring.cloud.nacos.config.server-addr}
namespace: ${spring.cloud.nacos.config.namespace}
application:
name: @[email protected]
記錄美好生活,希望能幫助到大家