Fix prometheus auth manager problem.

console/src/main/java/com/alibaba/nacos/console/config/ConsoleWebConfig.java

@@ -26,6 +26,7 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.stereotype.Component;
 import org.springframework.web.cors.CorsConfiguration;
@@ -137,7 +138,9 @@ public Jackson2ObjectMapperBuilderCustomizer jacksonObjectMapperCustomization()
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        return http.authorizeHttpRequests().requestMatchers("/**").permitAll().and().csrf().disable().build();
+        http.authorizeHttpRequests((authorizeHttpRequests) -> authorizeHttpRequests.requestMatchers("/**").permitAll());
+        http.csrf(AbstractHttpConfigurer::disable);
+        return http.build();
     }
 
     public boolean isConsoleUiEnabled() {

console/src/main/java/com/alibaba/nacos/console/handler/config/ConfigHandler.java

@@ -214,6 +214,7 @@ Result<Map<String, Object>> cloneConfig(String srcUser, String namespaceId,
      * @param namespaceId  the namespaceId
      * @param remoteIp     the IP address of the client making the request
      * @param requestIpApp the name of the application making the request
+     * @param srcUser      the src user performing the operation
      * @return true if the beta configuration is successfully removed
      */
     boolean removeBetaConfig(String dataId, String group, String namespaceId, String remoteIp, String requestIpApp,

plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/configuration/NacosAuthPluginWebConfig.java

@@ -29,6 +29,7 @@
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
@@ -62,8 +63,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         if (StringUtils.isBlank(ignoreUrls)) {
             return http.build();
         }
-        return http.authorizeHttpRequests().requestMatchers(ignoreUrls.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR))
-                .permitAll().and().csrf().disable().build();
+        final String finalIgnoreUrls = ignoreUrls;
+        http.authorizeHttpRequests((authorizeHttpRequests) ->
+                authorizeHttpRequests.requestMatchers(finalIgnoreUrls.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR)).permitAll()
+        );
+        http.csrf(AbstractHttpConfigurer::disable);
+        return http.build();
     }
 
     /**

prometheus/src/main/java/com/alibaba/nacos/prometheus/conf/PrometheusSecurityConfiguration.java

@@ -19,6 +19,7 @@
 import com.alibaba.nacos.common.utils.StringUtils;
 import com.alibaba.nacos.core.web.NacosWebBean;
 import com.alibaba.nacos.plugin.auth.constant.Constants;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Condition;
 import org.springframework.context.annotation.ConditionContext;
@@ -39,14 +40,16 @@
  */
 @Configuration
 @NacosWebBean
+@ConditionalOnProperty(name = "nacos.prometheus.metrics.enabled", havingValue = "true")
 public class PrometheusSecurityConfiguration {
 
     @Bean
     @Conditional(ConditionOnNoAuthPluginType.class)
     public SecurityFilterChain prometheusSecurityFilterChain(HttpSecurity http) throws Exception {
-        return http.authorizeHttpRequests()
-                .requestMatchers(PROMETHEUS_CONTROLLER_PATH, PROMETHEUS_CONTROLLER_NAMESPACE_PATH,
-                        PROMETHEUS_CONTROLLER_SERVICE_PATH).permitAll().and().getOrBuild();
+        http.authorizeHttpRequests(
+                (authorizeHttpRequests) -> authorizeHttpRequests.requestMatchers(PROMETHEUS_CONTROLLER_PATH,
+                        PROMETHEUS_CONTROLLER_NAMESPACE_PATH, PROMETHEUS_CONTROLLER_SERVICE_PATH).permitAll());
+        return http.getOrBuild();
     }
 
     private static class ConditionOnNoAuthPluginType implements Condition {

prometheus/src/main/java/com/alibaba/nacos/prometheus/filter/PrometheusAuthFilter.java

@@ -16,18 +16,24 @@
 
 package com.alibaba.nacos.prometheus.filter;
 
+import com.alibaba.nacos.core.web.NacosWebBean;
 import com.alibaba.nacos.plugin.auth.constant.Constants;
+import com.alibaba.nacos.prometheus.controller.PrometheusController;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.access.intercept.AuthorizationFilter;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_PATH;
@@ -37,9 +43,20 @@
  *
  * @author vividfish
  */
+@NacosWebBean
 @Configuration
 @ConditionalOnProperty(value = Constants.Auth.NACOS_CORE_AUTH_ENABLED, havingValue = "true")
-public class PrometheusAuthFilter extends UsernamePasswordAuthenticationFilter {
+@ConditionalOnBean(PrometheusController.class)
+public class PrometheusAuthFilter {
+
+    @Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http, UserDetailsService userDetailsService,
+            PasswordEncoder passwordEncoder) throws Exception {
+        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(
+                AuthenticationManagerBuilder.class);
+        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
+        return authenticationManagerBuilder.getOrBuild();
+    }
 
     @Bean
     public FilterRegistrationBean<BasicAuthenticationFilter> basicAuthenticationFilter(