diff --git a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java index 6c65334d4f..4f3db46b14 100644 --- a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java +++ b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java @@ -107,8 +107,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent // Check whether the token belongs to the api and whether the permission is valid AccessToken accessToken = accessTokenService.getByUserId(userId); try { - String encryptToken = JWTUtil.encrypt(credential); - if (accessToken == null || !accessToken.getToken().equals(encryptToken)) { + if (accessToken == null || !credential.equals(JWTUtil.decrypt(accessToken.getToken()))) { throw new AuthenticationException("the openapi authorization token is invalid"); } } catch (Exception e) { diff --git a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java index ad802924d4..0da27b8e50 100644 --- a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java +++ b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java @@ -31,6 +31,14 @@ import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.client.HttpStatusCodeException; +import org.springframework.web.client.RestTemplate; public class AccessTokenServiceTest extends SpringUnitTestBase { @@ -40,6 +48,31 @@ public class AccessTokenServiceTest extends SpringUnitTestBase { @Autowired private UserService userService; + @Test + void testOpenApiTokenCanAuthenticate() throws Exception { + Long mockUserId = 100001L; + RestResponse restResponse = accessTokenService.create(mockUserId, ""); + AccessToken accessToken = (AccessToken) restResponse.get("data"); + + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + headers.set(HttpHeaders.AUTHORIZATION, accessToken.getToken()); + MultiValueMap body = new LinkedMultiValueMap<>(); + body.add("id", "100000"); + body.add("teamId", "100000"); + + try { + ResponseEntity response = new RestTemplate().postForEntity( + "http://localhost:10000/openapi/app/start", + new HttpEntity<>(body, headers), + String.class); + Assertions.assertNotEquals(401, response.getStatusCodeValue()); + } catch (HttpStatusCodeException e) { + Assertions.assertNotEquals(401, e.getRawStatusCode()); + } + Assertions.assertTrue(accessTokenService.removeById(accessToken.getId())); + } + @Test void testCrudToken() throws Exception { Long mockUserId = 100000L;