diff --git a/doc/XXL-JOB官方文档.md b/doc/XXL-JOB官方文档.md index 5495dde9..55c5ed7e 100644 --- a/doc/XXL-JOB官方文档.md +++ b/doc/XXL-JOB官方文档.md @@ -905,6 +905,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段 - 6、调度中心API服务改为自研RPC形式,统一底层通讯模型; - 7、新增调度中心API服务测试Demo,方便在调度中心API扩展和测试; - 8、任务列表页交互优化,更换执行器分组时自动刷新任务列表,新建任务时默认定位在当前执行器位置; +- 9、访问令牌(accessToken):为提升系统安全性,调度中心和执行器进行安全性校验,双方AccessToken匹配才允许通讯; #### TODO LIST - 1、任务权限管理:执行器为粒度分配权限,核心操作校验权限; diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java index be0b6a4d..e98c74e5 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java @@ -3,6 +3,7 @@ package com.xxl.job.admin.controller; import com.xxl.job.admin.core.model.XxlJobGroup; import com.xxl.job.admin.core.model.XxlJobInfo; import com.xxl.job.admin.core.model.XxlJobLog; +import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler; import com.xxl.job.admin.dao.XxlJobGroupDao; import com.xxl.job.admin.dao.XxlJobInfoDao; import com.xxl.job.admin.dao.XxlJobLogDao; @@ -119,7 +120,7 @@ public class JobLogController { @ResponseBody public ReturnT logDetailCat(String executorAddress, long triggerTime, int logId, int fromLineNum){ try { - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, executorAddress).getObject(); + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, executorAddress, XxlJobDynamicScheduler.getAccessToken()).getObject(); ReturnT logResult = executorBiz.log(triggerTime, logId, fromLineNum); // is end @@ -153,7 +154,7 @@ public class JobLogController { // request of kill ReturnT runResult = null; try { - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, log.getExecutorAddress()).getObject(); + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, log.getExecutorAddress(), XxlJobDynamicScheduler.getAccessToken()).getObject(); runResult = executorBiz.kill(jobInfo.getId()); } catch (Exception e) { logger.error(e.getMessage(), e); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/ExecutorRouter.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/ExecutorRouter.java index 06342122..6bb17bfa 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/ExecutorRouter.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/ExecutorRouter.java @@ -1,5 +1,6 @@ package com.xxl.job.admin.core.route; +import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler; import com.xxl.job.core.biz.ExecutorBiz; import com.xxl.job.core.biz.model.ReturnT; import com.xxl.job.core.biz.model.TriggerParam; @@ -33,7 +34,7 @@ public abstract class ExecutorRouter { public static ReturnT runExecutor(TriggerParam triggerParam, String address){ ReturnT runResult = null; try { - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject(); + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject(); runResult = executorBiz.run(triggerParam); } catch (Exception e) { logger.error(e.getMessage(), e); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteBusyover.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteBusyover.java index e200c704..753ba6f1 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteBusyover.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteBusyover.java @@ -1,6 +1,7 @@ package com.xxl.job.admin.core.route.strategy; import com.xxl.job.admin.core.route.ExecutorRouter; +import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler; import com.xxl.job.core.biz.ExecutorBiz; import com.xxl.job.core.biz.model.ReturnT; import com.xxl.job.core.biz.model.TriggerParam; @@ -25,7 +26,7 @@ public class ExecutorRouteBusyover extends ExecutorRouter { // beat ReturnT idleBeatResult = null; try { - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject(); + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject(); idleBeatResult = executorBiz.idleBeat(triggerParam.getJobId()); } catch (Exception e) { logger.error(e.getMessage(), e); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteFailover.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteFailover.java index 0c260b95..776927c4 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteFailover.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteFailover.java @@ -1,6 +1,7 @@ package com.xxl.job.admin.core.route.strategy; import com.xxl.job.admin.core.route.ExecutorRouter; +import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler; import com.xxl.job.core.biz.ExecutorBiz; import com.xxl.job.core.biz.model.ReturnT; import com.xxl.job.core.biz.model.TriggerParam; @@ -25,7 +26,7 @@ public class ExecutorRouteFailover extends ExecutorRouter { // beat ReturnT beatResult = null; try { - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject(); + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject(); beatResult = executorBiz.beat(); } catch (Exception e) { logger.error(e.getMessage(), e); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/schedule/XxlJobDynamicScheduler.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/schedule/XxlJobDynamicScheduler.java index cac05002..7f61cf25 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/core/schedule/XxlJobDynamicScheduler.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/core/schedule/XxlJobDynamicScheduler.java @@ -36,7 +36,16 @@ public final class XxlJobDynamicScheduler implements ApplicationContextAware, In public void setScheduler(Scheduler scheduler) { XxlJobDynamicScheduler.scheduler = scheduler; } - + + // accessToken + private static String accessToken; + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; + } + public static String getAccessToken() { + return accessToken; + } + // init public void init() throws Exception { // admin registry monitor run @@ -47,6 +56,8 @@ public final class XxlJobDynamicScheduler implements ApplicationContextAware, In // rpc-service, base on spring-mvc NetComServerFactory.putService(AdminBiz.class, XxlJobDynamicScheduler.adminBiz); + NetComServerFactory.setAccessToken(accessToken); + } // destroy diff --git a/xxl-job-admin/src/main/resources/spring/applicationcontext-xxl-job-admin.xml b/xxl-job-admin/src/main/resources/spring/applicationcontext-xxl-job-admin.xml index efd483a0..79da65b3 100644 --- a/xxl-job-admin/src/main/resources/spring/applicationcontext-xxl-job-admin.xml +++ b/xxl-job-admin/src/main/resources/spring/applicationcontext-xxl-job-admin.xml @@ -65,6 +65,7 @@ + \ No newline at end of file diff --git a/xxl-job-admin/src/main/resources/xxl-job-admin.properties b/xxl-job-admin/src/main/resources/xxl-job-admin.properties index 74134e3a..b00ef4b2 100644 --- a/xxl-job-admin/src/main/resources/xxl-job-admin.properties +++ b/xxl-job-admin/src/main/resources/xxl-job-admin.properties @@ -14,4 +14,7 @@ xxl.job.mail.sendNick=《任务调度平台XXL-JOB》 # xxl-job login xxl.job.login.username=admin -xxl.job.login.password=123456 \ No newline at end of file +xxl.job.login.password=123456 + +# xxl-job, access token +xxl.job.accessToken= \ No newline at end of file diff --git a/xxl-job-admin/src/test/java/com/xxl/job/dao/impl/AdminBizTest.java b/xxl-job-admin/src/test/java/com/xxl/job/dao/impl/AdminBizTest.java index ea577b33..017dcdb1 100644 --- a/xxl-job-admin/src/test/java/com/xxl/job/dao/impl/AdminBizTest.java +++ b/xxl-job-admin/src/test/java/com/xxl/job/dao/impl/AdminBizTest.java @@ -19,7 +19,8 @@ public class AdminBizTest { // admin-client String addressUrl = "http://127.0.0.1:8080/xxl-job-admin".concat(AdminBiz.MAPPING); - AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl).getObject(); + String accessToken = null; + AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl, accessToken).getObject(); // test executor registry RegistryParam registryParam = new RegistryParam(RegistryConfig.RegistType.EXECUTOR.name(), "xxl-job-executor-example", "127.0.0.1:9999"); diff --git a/xxl-job-core/src/main/java/com/xxl/job/core/executor/XxlJobExecutor.java b/xxl-job-core/src/main/java/com/xxl/job/core/executor/XxlJobExecutor.java index 88dda0c9..ca5e1bf1 100644 --- a/xxl-job-core/src/main/java/com/xxl/job/core/executor/XxlJobExecutor.java +++ b/xxl-job-core/src/main/java/com/xxl/job/core/executor/XxlJobExecutor.java @@ -34,7 +34,8 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe private int port = 9999; private String appName; private String adminAddresses; - public static String logPath; + private String accessToken; + public static String logPath = "/data/applogs/xxl-job/jobhandler/"; public void setIp(String ip) { this.ip = ip; @@ -48,18 +49,21 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe public void setAdminAddresses(String adminAddresses) { this.adminAddresses = adminAddresses; } + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; + } public void setLogPath(String logPath) { this.logPath = logPath; } // ---------------------------------- admin-client ------------------------------------ private static List adminBizList; - private static void initAdminBizList(String adminAddresses) throws Exception { + private static void initAdminBizList(String adminAddresses, String accessToken) throws Exception { if (adminAddresses!=null && adminAddresses.trim().length()>0) { for (String address: adminAddresses.trim().split(",")) { if (address!=null && address.trim().length()>0) { String addressUrl = address.concat(AdminBiz.MAPPING); - AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl).getObject(); + AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl, accessToken).getObject(); if (adminBizList == null) { adminBizList = new ArrayList(); } @@ -76,12 +80,14 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe private NetComServerFactory serverFactory = new NetComServerFactory(); public void start() throws Exception { // init admin-client - initAdminBizList(adminAddresses); + initAdminBizList(adminAddresses, accessToken); // executor start NetComServerFactory.putService(ExecutorBiz.class, new ExecutorBizImpl()); // rpc-service, base on jetty + NetComServerFactory.setAccessToken(accessToken); serverFactory.start(port, ip, appName); + // trigger callback thread start TriggerCallbackThread.getInstance().start(); } diff --git a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/codec/RpcRequest.java b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/codec/RpcRequest.java index 05ce00bb..5b598659 100644 --- a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/codec/RpcRequest.java +++ b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/codec/RpcRequest.java @@ -12,12 +12,14 @@ public class RpcRequest implements Serializable{ private String serverAddress; private long createMillisTime; + private String accessToken; private String className; private String methodName; private Class[] parameterTypes; private Object[] parameters; + public String getServerAddress() { return serverAddress; } @@ -29,41 +31,62 @@ public class RpcRequest implements Serializable{ public long getCreateMillisTime() { return createMillisTime; } + public void setCreateMillisTime(long createMillisTime) { this.createMillisTime = createMillisTime; } + + public String getAccessToken() { + return accessToken; + } + + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; + } + public String getClassName() { return className; } + public void setClassName(String className) { this.className = className; } + public String getMethodName() { return methodName; } + public void setMethodName(String methodName) { this.methodName = methodName; } + public Class[] getParameterTypes() { return parameterTypes; } + public void setParameterTypes(Class[] parameterTypes) { this.parameterTypes = parameterTypes; } + public Object[] getParameters() { return parameters; } + public void setParameters(Object[] parameters) { this.parameters = parameters; } - + @Override public String toString() { - return "NettyRequest [serverAddress=" + serverAddress + ", createMillisTime=" - + createMillisTime + ", className=" + className - + ", methodName=" + methodName + ", parameterTypes=" - + Arrays.toString(parameterTypes) + ", parameters=" - + Arrays.toString(parameters) + "]"; + return "RpcRequest{" + + "serverAddress='" + serverAddress + '\'' + + ", createMillisTime=" + createMillisTime + + ", accessToken='" + accessToken + '\'' + + ", className='" + className + '\'' + + ", methodName='" + methodName + '\'' + + ", parameterTypes=" + Arrays.toString(parameterTypes) + + ", parameters=" + Arrays.toString(parameters) + + '}'; } - + } diff --git a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComClientProxy.java b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComClientProxy.java index 62f9a6f1..b71a3534 100644 --- a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComClientProxy.java +++ b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComClientProxy.java @@ -20,11 +20,13 @@ public class NetComClientProxy implements FactoryBean { // ---------------------- config ---------------------- private Class iface; - String serverAddress; - JettyClient client = new JettyClient(); - public NetComClientProxy(Class iface, String serverAddress) { + private String serverAddress; + private String accessToken; + private JettyClient client = new JettyClient(); + public NetComClientProxy(Class iface, String serverAddress, String accessToken) { this.iface = iface; this.serverAddress = serverAddress; + this.accessToken = accessToken; } @Override @@ -39,6 +41,7 @@ public class NetComClientProxy implements FactoryBean { RpcRequest request = new RpcRequest(); request.setServerAddress(serverAddress); request.setCreateMillisTime(System.currentTimeMillis()); + request.setAccessToken(accessToken); request.setClassName(method.getDeclaringClass().getName()); request.setMethodName(method.getName()); request.setParameterTypes(method.getParameterTypes()); diff --git a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComServerFactory.java b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComServerFactory.java index 30b30cbc..8e73b30a 100644 --- a/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComServerFactory.java +++ b/xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComServerFactory.java @@ -30,14 +30,18 @@ public class NetComServerFactory { server.destroy(); } - // ---------------------- server init ---------------------- + // ---------------------- server instance ---------------------- /** * init local rpc service map */ private static Map serviceMap = new HashMap(); + private static String accessToken; public static void putService(Class iface, Object serviceBean){ serviceMap.put(iface.getName(), serviceBean); } + public static void setAccessToken(String accessToken) { + NetComServerFactory.accessToken = accessToken; + } public static RpcResponse invokeService(RpcRequest request, Object serviceBean) { if (serviceBean==null) { serviceBean = serviceMap.get(request.getClassName()); @@ -49,7 +53,11 @@ public class NetComServerFactory { RpcResponse response = new RpcResponse(); if (System.currentTimeMillis() - request.getCreateMillisTime() > 180000) { - response.setResult(new ReturnT(ReturnT.FAIL_CODE, "the timestamp difference between admin and executor exceeds the limit.")); + response.setResult(new ReturnT(ReturnT.FAIL_CODE, "The timestamp difference between admin and executor exceeds the limit.")); + return response; + } + if (accessToken!=null && accessToken.trim().length()>0 && !accessToken.trim().equals(request.getAccessToken())) { + response.setResult(new ReturnT(ReturnT.FAIL_CODE, "The access token[" + request.getAccessToken() + "] is wrong.")); return response; } diff --git a/xxl-job-executor-example/src/main/resources/applicationcontext-xxl-job.xml b/xxl-job-executor-example/src/main/resources/applicationcontext-xxl-job.xml index 740106ee..be84182c 100644 --- a/xxl-job-executor-example/src/main/resources/applicationcontext-xxl-job.xml +++ b/xxl-job-executor-example/src/main/resources/applicationcontext-xxl-job.xml @@ -33,6 +33,8 @@ + + diff --git a/xxl-job-executor-example/src/main/resources/xxl-job-executor.properties b/xxl-job-executor-example/src/main/resources/xxl-job-executor.properties index 2cd00d07..7aa2da13 100644 --- a/xxl-job-executor-example/src/main/resources/xxl-job-executor.properties +++ b/xxl-job-executor-example/src/main/resources/xxl-job-executor.properties @@ -7,4 +7,7 @@ xxl.job.executor.ip= xxl.job.executor.port=9999 ### xxl-job log path -xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/ \ No newline at end of file +xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/ + +### xxl-job, access token +xxl.job.accessToken= \ No newline at end of file diff --git a/xxl-job-executor-example/src/test/java/com/xxl/executor/test/DemoJobHandlerTest.java b/xxl-job-executor-example/src/test/java/com/xxl/executor/test/DemoJobHandlerTest.java index 301e83d5..69443804 100644 --- a/xxl-job-executor-example/src/test/java/com/xxl/executor/test/DemoJobHandlerTest.java +++ b/xxl-job-executor-example/src/test/java/com/xxl/executor/test/DemoJobHandlerTest.java @@ -33,7 +33,8 @@ public class DemoJobHandlerTest { triggerParam.setLogDateTim(System.currentTimeMillis()); // do remote trigger - ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, "127.0.0.1:9999").getObject(); + String accessToken = null; + ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, "127.0.0.1:9999", null).getObject(); ReturnT runResult = executorBiz.run(triggerParam); } diff --git a/xxl-job-executor-springboot-example/src/main/java/com/xxl/job/executor/core/config/XxlJobConfig.java b/xxl-job-executor-springboot-example/src/main/java/com/xxl/job/executor/core/config/XxlJobConfig.java index 5a1da344..8f3345e1 100644 --- a/xxl-job-executor-springboot-example/src/main/java/com/xxl/job/executor/core/config/XxlJobConfig.java +++ b/xxl-job-executor-springboot-example/src/main/java/com/xxl/job/executor/core/config/XxlJobConfig.java @@ -34,6 +34,8 @@ public class XxlJobConfig { @Value("${xxl.job.executor.logpath}") private String logpath; + @Value("${xxl.job.accessToken}") + private String accessToken; @Bean(initMethod = "start", destroyMethod = "destroy") public XxlJobExecutor xxlJobExecutor() { @@ -44,6 +46,7 @@ public class XxlJobConfig { xxlJobExecutor.setAppName(appname); xxlJobExecutor.setAdminAddresses(addresses); xxlJobExecutor.setLogPath(logpath); + xxlJobExecutor.setAccessToken(accessToken); return xxlJobExecutor; } diff --git a/xxl-job-executor-springboot-example/src/main/resources/application.properties b/xxl-job-executor-springboot-example/src/main/resources/application.properties index b4073e98..e6a6c1d9 100644 --- a/xxl-job-executor-springboot-example/src/main/resources/application.properties +++ b/xxl-job-executor-springboot-example/src/main/resources/application.properties @@ -15,3 +15,6 @@ xxl.job.executor.port=9998 ### xxl-job log path xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/ + +### xxl-job, access token +xxl.job.accessToken=