访问令牌（accessToken）：为提升系统安全性，调度中心和执行器进行安全性校验，双方AccessToken匹配才允许通讯；

doc/XXL-JOB官方文档.md

@@ -905,6 +905,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
 - 6、调度中心API服务改为自研RPC形式，统一底层通讯模型；
 - 7、新增调度中心API服务测试Demo，方便在调度中心API扩展和测试；
 - 8、任务列表页交互优化，更换执行器分组时自动刷新任务列表，新建任务时默认定位在当前执行器位置；
+- 9、访问令牌（accessToken）：为提升系统安全性，调度中心和执行器进行安全性校验，双方AccessToken匹配才允许通讯；
 
 #### TODO LIST
 - 1、任务权限管理：执行器为粒度分配权限，核心操作校验权限；

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java

@@ -3,6 +3,7 @@ package com.xxl.job.admin.controller;
 import com.xxl.job.admin.core.model.XxlJobGroup;
 import com.xxl.job.admin.core.model.XxlJobInfo;
 import com.xxl.job.admin.core.model.XxlJobLog;
+import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
 import com.xxl.job.admin.dao.XxlJobGroupDao;
 import com.xxl.job.admin.dao.XxlJobInfoDao;
 import com.xxl.job.admin.dao.XxlJobLogDao;
@@ -119,7 +120,7 @@ public class JobLogController {
 	@ResponseBody
 	public ReturnT<LogResult> logDetailCat(String executorAddress, long triggerTime, int logId, int fromLineNum){
 		try {
-			ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, executorAddress).getObject();
+			ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, executorAddress, XxlJobDynamicScheduler.getAccessToken()).getObject();
 			ReturnT<LogResult> logResult = executorBiz.log(triggerTime, logId, fromLineNum);
 
 			// is end
@@ -153,7 +154,7 @@ public class JobLogController {
 		// request of kill
 		ReturnT<String> runResult = null;
 		try {
-			ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, log.getExecutorAddress()).getObject();
+			ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, log.getExecutorAddress(), XxlJobDynamicScheduler.getAccessToken()).getObject();
 			runResult = executorBiz.kill(jobInfo.getId());
 		} catch (Exception e) {
 			logger.error(e.getMessage(), e);

xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/ExecutorRouter.java

@@ -1,5 +1,6 @@
 package com.xxl.job.admin.core.route;
 
+import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
 import com.xxl.job.core.biz.ExecutorBiz;
 import com.xxl.job.core.biz.model.ReturnT;
 import com.xxl.job.core.biz.model.TriggerParam;
@@ -33,7 +34,7 @@ public abstract class ExecutorRouter {
     public static ReturnT<String> runExecutor(TriggerParam triggerParam, String address){
         ReturnT<String> runResult = null;
         try {
-            ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject();
+            ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject();
             runResult = executorBiz.run(triggerParam);
         } catch (Exception e) {
             logger.error(e.getMessage(), e);

xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteBusyover.java

@@ -1,6 +1,7 @@
 package com.xxl.job.admin.core.route.strategy;
 
 import com.xxl.job.admin.core.route.ExecutorRouter;
+import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
 import com.xxl.job.core.biz.ExecutorBiz;
 import com.xxl.job.core.biz.model.ReturnT;
 import com.xxl.job.core.biz.model.TriggerParam;
@@ -25,7 +26,7 @@ public class ExecutorRouteBusyover extends ExecutorRouter {
             // beat
             ReturnT<String> idleBeatResult = null;
             try {
-                ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject();
+                ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject();
                 idleBeatResult = executorBiz.idleBeat(triggerParam.getJobId());
             } catch (Exception e) {
                 logger.error(e.getMessage(), e);

xxl-job-admin/src/main/java/com/xxl/job/admin/core/route/strategy/ExecutorRouteFailover.java

@@ -1,6 +1,7 @@
 package com.xxl.job.admin.core.route.strategy;
 
 import com.xxl.job.admin.core.route.ExecutorRouter;
+import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
 import com.xxl.job.core.biz.ExecutorBiz;
 import com.xxl.job.core.biz.model.ReturnT;
 import com.xxl.job.core.biz.model.TriggerParam;
@@ -25,7 +26,7 @@ public class ExecutorRouteFailover extends ExecutorRouter {
             // beat
             ReturnT<String> beatResult = null;
             try {
-                ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address).getObject();
+                ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, address, XxlJobDynamicScheduler.getAccessToken()).getObject();
                 beatResult = executorBiz.beat();
             } catch (Exception e) {
                 logger.error(e.getMessage(), e);

xxl-job-admin/src/main/java/com/xxl/job/admin/core/schedule/XxlJobDynamicScheduler.java

@@ -36,7 +36,16 @@ public final class XxlJobDynamicScheduler implements ApplicationContextAware, In
     public void setScheduler(Scheduler scheduler) {
 		XxlJobDynamicScheduler.scheduler = scheduler;
 	}
-    
+
+	// accessToken
+    private static String accessToken;
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+    public static String getAccessToken() {
+        return accessToken;
+    }
+
     // init
     public void init() throws Exception {
 		// admin registry monitor run
@@ -47,6 +56,8 @@ public final class XxlJobDynamicScheduler implements ApplicationContextAware, In
 
         // rpc-service, base on spring-mvc
         NetComServerFactory.putService(AdminBiz.class, XxlJobDynamicScheduler.adminBiz);
+        NetComServerFactory.setAccessToken(accessToken);
+
     }
     
     // destroy

xxl-job-admin/src/main/resources/spring/applicationcontext-xxl-job-admin.xml

@@ -65,6 +65,7 @@
 	<bean id="xxlJobDynamicScheduler" class="com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler" init-method="init" destroy-method="destroy" >
 		<!-- (轻易不要变更“调度器名称”, 任务创建时会绑定该“调度器名称”) -->
 		<property name="scheduler" ref="quartzScheduler"/>
+		<property name="accessToken" value="${xxl.job.accessToken}" />
 	</bean>
 	
 </beans>

xxl-job-admin/src/main/resources/xxl-job-admin.properties

@@ -14,4 +14,7 @@ xxl.job.mail.sendNick=《任务调度平台XXL-JOB》
 
 # xxl-job login
 xxl.job.login.username=admin
-xxl.job.login.password=123456
+xxl.job.login.password=123456
+
+# xxl-job, access token
+xxl.job.accessToken=

xxl-job-admin/src/test/java/com/xxl/job/dao/impl/AdminBizTest.java

@@ -19,7 +19,8 @@ public class AdminBizTest {
 
         // admin-client
         String addressUrl = "http://127.0.0.1:8080/xxl-job-admin".concat(AdminBiz.MAPPING);
-        AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl).getObject();
+        String accessToken = null;
+        AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl, accessToken).getObject();
 
         // test executor registry
         RegistryParam registryParam = new RegistryParam(RegistryConfig.RegistType.EXECUTOR.name(), "xxl-job-executor-example", "127.0.0.1:9999");

xxl-job-core/src/main/java/com/xxl/job/core/executor/XxlJobExecutor.java

@@ -34,7 +34,8 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe
     private int port = 9999;
     private String appName;
     private String adminAddresses;
-    public static String logPath;
+    private String accessToken;
+    public static String logPath = "/data/applogs/xxl-job/jobhandler/";
 
     public void setIp(String ip) {
         this.ip = ip;
@@ -48,18 +49,21 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe
     public void setAdminAddresses(String adminAddresses) {
         this.adminAddresses = adminAddresses;
     }
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
     public void setLogPath(String logPath) {
         this.logPath = logPath;
     }
 
     // ---------------------------------- admin-client ------------------------------------
     private static List<AdminBiz> adminBizList;
-    private static void initAdminBizList(String adminAddresses) throws Exception {
+    private static void initAdminBizList(String adminAddresses, String accessToken) throws Exception {
         if (adminAddresses!=null && adminAddresses.trim().length()>0) {
             for (String address: adminAddresses.trim().split(",")) {
                 if (address!=null && address.trim().length()>0) {
                     String addressUrl = address.concat(AdminBiz.MAPPING);
-                    AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl).getObject();
+                    AdminBiz adminBiz = (AdminBiz) new NetComClientProxy(AdminBiz.class, addressUrl, accessToken).getObject();
                     if (adminBizList == null) {
                         adminBizList = new ArrayList<AdminBiz>();
                     }
@@ -76,12 +80,14 @@ public class XxlJobExecutor implements ApplicationContextAware, ApplicationListe
     private NetComServerFactory serverFactory = new NetComServerFactory();
     public void start() throws Exception {
         // init admin-client
-        initAdminBizList(adminAddresses);
+        initAdminBizList(adminAddresses, accessToken);
 
         // executor start
         NetComServerFactory.putService(ExecutorBiz.class, new ExecutorBizImpl());   // rpc-service, base on jetty
+        NetComServerFactory.setAccessToken(accessToken);
         serverFactory.start(port, ip, appName);
 
+
         // trigger callback thread start
         TriggerCallbackThread.getInstance().start();
     }

xxl-job-core/src/main/java/com/xxl/job/core/rpc/codec/RpcRequest.java

@@ -12,12 +12,14 @@ public class RpcRequest implements Serializable{
 	
 	private String serverAddress;
 	private long createMillisTime;
+	private String accessToken;
 
     private String className;
     private String methodName;
     private Class<?>[] parameterTypes;
     private Object[] parameters;
 
+
 	public String getServerAddress() {
 		return serverAddress;
 	}
@@ -29,41 +31,62 @@ public class RpcRequest implements Serializable{
 	public long getCreateMillisTime() {
 		return createMillisTime;
 	}
+
 	public void setCreateMillisTime(long createMillisTime) {
 		this.createMillisTime = createMillisTime;
 	}
+
+	public String getAccessToken() {
+		return accessToken;
+	}
+
+	public void setAccessToken(String accessToken) {
+		this.accessToken = accessToken;
+	}
+
 	public String getClassName() {
 		return className;
 	}
+
 	public void setClassName(String className) {
 		this.className = className;
 	}
+
 	public String getMethodName() {
 		return methodName;
 	}
+
 	public void setMethodName(String methodName) {
 		this.methodName = methodName;
 	}
+
 	public Class<?>[] getParameterTypes() {
 		return parameterTypes;
 	}
+
 	public void setParameterTypes(Class<?>[] parameterTypes) {
 		this.parameterTypes = parameterTypes;
 	}
+
 	public Object[] getParameters() {
 		return parameters;
 	}
+
 	public void setParameters(Object[] parameters) {
 		this.parameters = parameters;
 	}
-	
+
 	@Override
 	public String toString() {
-		return "NettyRequest [serverAddress=" + serverAddress + ", createMillisTime="
-				+ createMillisTime + ", className=" + className
-				+ ", methodName=" + methodName + ", parameterTypes="
-				+ Arrays.toString(parameterTypes) + ", parameters="
-				+ Arrays.toString(parameters) + "]";
+		return "RpcRequest{" +
+				"serverAddress='" + serverAddress + '\'' +
+				", createMillisTime=" + createMillisTime +
+				", accessToken='" + accessToken + '\'' +
+				", className='" + className + '\'' +
+				", methodName='" + methodName + '\'' +
+				", parameterTypes=" + Arrays.toString(parameterTypes) +
+				", parameters=" + Arrays.toString(parameters) +
+				'}';
 	}
-	
+
 }

xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComClientProxy.java

@@ -20,11 +20,13 @@ public class NetComClientProxy implements FactoryBean<Object> {
 
 	// ---------------------- config ----------------------
 	private Class<?> iface;
-	String serverAddress;
-	JettyClient client = new JettyClient();
-	public NetComClientProxy(Class<?> iface, String serverAddress) {
+	private String serverAddress;
+	private String accessToken;
+	private JettyClient client = new JettyClient();
+	public NetComClientProxy(Class<?> iface, String serverAddress, String accessToken) {
 		this.iface = iface;
 		this.serverAddress = serverAddress;
+		this.accessToken = accessToken;
 	}
 
 	@Override
@@ -39,6 +41,7 @@ public class NetComClientProxy implements FactoryBean<Object> {
 						RpcRequest request = new RpcRequest();
 	                    request.setServerAddress(serverAddress);
 	                    request.setCreateMillisTime(System.currentTimeMillis());
+	                    request.setAccessToken(accessToken);
 	                    request.setClassName(method.getDeclaringClass().getName());
 	                    request.setMethodName(method.getName());
 	                    request.setParameterTypes(method.getParameterTypes());

xxl-job-core/src/main/java/com/xxl/job/core/rpc/netcom/NetComServerFactory.java

@@ -30,14 +30,18 @@ public class NetComServerFactory  {
 		server.destroy();
 	}
 
-	// ---------------------- server init ----------------------
+	// ---------------------- server instance ----------------------
 	/**
 	 * init local rpc service map
 	 */
 	private static Map<String, Object> serviceMap = new HashMap<String, Object>();
+	private static String accessToken;
 	public static void putService(Class<?> iface, Object serviceBean){
 		serviceMap.put(iface.getName(), serviceBean);
 	}
+	public static void setAccessToken(String accessToken) {
+		NetComServerFactory.accessToken = accessToken;
+	}
 	public static RpcResponse invokeService(RpcRequest request, Object serviceBean) {
 		if (serviceBean==null) {
 			serviceBean = serviceMap.get(request.getClassName());
@@ -49,7 +53,11 @@ public class NetComServerFactory  {
 		RpcResponse response = new RpcResponse();
 
 		if (System.currentTimeMillis() - request.getCreateMillisTime() > 180000) {
-			response.setResult(new ReturnT<String>(ReturnT.FAIL_CODE, "the timestamp difference between admin and executor exceeds the limit."));
+			response.setResult(new ReturnT<String>(ReturnT.FAIL_CODE, "The timestamp difference between admin and executor exceeds the limit."));
+			return response;
+		}
+		if (accessToken!=null && accessToken.trim().length()>0 && !accessToken.trim().equals(request.getAccessToken())) {
+			response.setResult(new ReturnT<String>(ReturnT.FAIL_CODE, "The access token[" + request.getAccessToken() + "] is wrong."));
 			return response;
 		}
 

xxl-job-executor-example/src/main/resources/applicationcontext-xxl-job.xml

@@ -33,6 +33,8 @@
 		<property name="adminAddresses" value="${xxl.job.admin.addresses}" />
 		<!-- 执行器日志路径[必填] -->
 		<property name="logPath" value="${xxl.job.executor.logpath}" />
+		<!-- 访问令牌，非空则进行匹配校验[选填] -->
+		<property name="accessToken" value="${xxl.job.accessToken}" />
 	</bean>
 
 

xxl-job-executor-example/src/main/resources/xxl-job-executor.properties

@@ -7,4 +7,7 @@ xxl.job.executor.ip=
 xxl.job.executor.port=9999
 
 ### xxl-job log path
-xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/
+xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/
+
+### xxl-job, access token
+xxl.job.accessToken=

xxl-job-executor-example/src/test/java/com/xxl/executor/test/DemoJobHandlerTest.java

@@ -33,7 +33,8 @@ public class DemoJobHandlerTest {
         triggerParam.setLogDateTim(System.currentTimeMillis());
 
         // do remote trigger
-        ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, "127.0.0.1:9999").getObject();
+        String accessToken = null;
+        ExecutorBiz executorBiz = (ExecutorBiz) new NetComClientProxy(ExecutorBiz.class, "127.0.0.1:9999", null).getObject();
         ReturnT<String> runResult = executorBiz.run(triggerParam);
     }
 

xxl-job-executor-springboot-example/src/main/java/com/xxl/job/executor/core/config/XxlJobConfig.java

@@ -34,6 +34,8 @@ public class XxlJobConfig {
     @Value("${xxl.job.executor.logpath}")
     private String logpath;
 
+    @Value("${xxl.job.accessToken}")
+    private String accessToken;
 
     @Bean(initMethod = "start", destroyMethod = "destroy")
     public XxlJobExecutor xxlJobExecutor() {
@@ -44,6 +46,7 @@ public class XxlJobConfig {
         xxlJobExecutor.setAppName(appname);
         xxlJobExecutor.setAdminAddresses(addresses);
         xxlJobExecutor.setLogPath(logpath);
+        xxlJobExecutor.setAccessToken(accessToken);
         return xxlJobExecutor;
     }
 

xxl-job-executor-springboot-example/src/main/resources/application.properties

@@ -15,3 +15,6 @@ xxl.job.executor.port=9998
 
 ### xxl-job log path
 xxl.job.executor.logpath=/data/applogs/xxl-job/jobhandler/
+
+### xxl-job, access token
+xxl.job.accessToken=