Fix some 3.0 admin api problem.

auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java

@@ -51,7 +51,7 @@ public abstract class AbstractProtocolAuthService<R> implements ProtocolAuthServ
 
     protected AbstractProtocolAuthService(NacosAuthConfig authConfig) {
         this.authConfig = authConfig;
-        this.checker = ServerIdentityCheckerHolder.getInstance().getChecker();
+        this.checker = ServerIdentityCheckerHolder.getInstance().newChecker();
     }
 
     @Override

auth/src/main/java/com/alibaba/nacos/auth/serveridentity/ServerIdentityCheckerHolder.java

@@ -20,6 +20,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.lang.reflect.InvocationTargetException;
 import java.util.Collection;
 
 /**
@@ -33,7 +34,7 @@ public class ServerIdentityCheckerHolder {
 
     private static final ServerIdentityCheckerHolder INSTANCE = new ServerIdentityCheckerHolder();
 
-    private ServerIdentityChecker checker;
+    private Class<? extends ServerIdentityChecker> checkerClass;
 
     private ServerIdentityCheckerHolder() {
         tryGetCheckerBySpi();
@@ -43,32 +44,41 @@ public static ServerIdentityCheckerHolder getInstance() {
         return INSTANCE;
     }
 
-    public ServerIdentityChecker getChecker() {
-        return checker;
+    /**
+     * Build a new checker.
+     *
+     * @return new checker instance.
+     */
+    public ServerIdentityChecker newChecker() {
+        try {
+            return checkerClass.getDeclaredConstructor(new Class[0]).newInstance();
+        } catch (InstantiationException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) {
+            return new DefaultChecker();
+        }
     }
 
     private synchronized void tryGetCheckerBySpi() {
         Collection<ServerIdentityChecker> checkers = NacosServiceLoader.load(ServerIdentityChecker.class);
         if (checkers.isEmpty()) {
-            checker = new DefaultChecker();
+            checkerClass = DefaultChecker.class;
             LOGGER.info("Not found ServerIdentityChecker implementation from SPI, use default.");
             return;
         }
         if (checkers.size() > 1) {
-            checker = showAllImplementations(checkers);
+            checkerClass = showAllImplementations(checkers);
             return;
         }
-        checker = checkers.iterator().next();
-        LOGGER.info("Found ServerIdentityChecker implementation {}", checker.getClass().getCanonicalName());
+        checkerClass = checkers.iterator().next().getClass();
+        LOGGER.info("Found ServerIdentityChecker implementation {}", checkerClass.getClass().getCanonicalName());
     }
 
-    private ServerIdentityChecker showAllImplementations(Collection<ServerIdentityChecker> checkers) {
+    private Class<? extends ServerIdentityChecker> showAllImplementations(Collection<ServerIdentityChecker> checkers) {
         ServerIdentityChecker result = checkers.iterator().next();
         for (ServerIdentityChecker each : checkers) {
             LOGGER.warn("Found ServerIdentityChecker implementation {}", each.getClass().getCanonicalName());
         }
         LOGGER.warn("Found more than one ServerIdentityChecker implementation from SPI, use the first one {}.",
                 result.getClass().getCanonicalName());
-        return result;
+        return result.getClass();
     }
 }

auth/src/test/java/com/alibaba/nacos/auth/serveridentity/ServerIdentityCheckerHolderTest.java

@@ -52,14 +52,14 @@ void tearDown() {
     void testConstructorWithSingleImplementation()
             throws InvocationTargetException, NoSuchMethodException, InstantiationException, IllegalAccessException {
         ServerIdentityCheckerHolder holder = getNewHolder(1);
-        assertInstanceOf(MockChecker.class, holder.getChecker());
+        assertInstanceOf(MockChecker.class, holder.newChecker());
     }
 
     @Test
     void testConstructorWithMultipleImplementation()
             throws InvocationTargetException, NoSuchMethodException, InstantiationException, IllegalAccessException {
         ServerIdentityCheckerHolder holder = getNewHolder(2);
-        assertInstanceOf(MockChecker.class, holder.getChecker());
+        assertInstanceOf(MockChecker.class, holder.newChecker());
     }
 
     ServerIdentityCheckerHolder getNewHolder(int size)

bootstrap/src/main/resources/application.properties

@@ -178,7 +178,7 @@ server.error.include-message=ALWAYS
 ### Enabled for open API compatibility
 # nacos.core.api.compatibility.client.enabled=true
 ### Enabled for admin API compatibility
-# nacos.core.api.compatibility.admin.enabled=true
+# nacos.core.api.compatibility.admin.enabled=false
 ### Enabled for console API compatibility
 # nacos.core.api.compatibility.console.enabled=false
 
@@ -220,6 +220,8 @@ nacos.core.auth.system.type=nacos
 ### If turn on auth system:
 # Whether open nacos server API auth system
 nacos.core.auth.enabled=false
+# Whether open nacos admin API auth system
+nacos.core.auth.admin.enabled=true
 # Whether open nacos console API auth system
 nacos.core.auth.console.enabled=true
 

core/src/main/java/com/alibaba/nacos/core/auth/AbstractWebAuthFilter.java

@@ -75,6 +75,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             chain.doFilter(request, response);
             return;
         }
+
         try {
             if (Loggers.AUTH.isDebugEnabled()) {
                 Loggers.AUTH.debug("auth start, request: {} {}", req.getMethod(), req.getRequestURI());
@@ -93,7 +94,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                 default:
                     break;
             }
-
+            if (!isMatchFilter(secured)) {
+                chain.doFilter(request, response);
+                return;
+            }
             if (!protocolAuthService.enableAuth(secured)) {
                 chain.doFilter(request, response);
                 return;
@@ -132,6 +136,16 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         }
     }
 
+    /**
+     * Check whether this filter should be applied for this {@link Secured} API.
+     *
+     * @param secured api Secured annotation
+     * @return {@code true} if this auth filter should handle this request, {@code false} otherwise
+     */
+    protected boolean isMatchFilter(Secured secured) {
+        return true;
+    }
+
     protected ServerIdentityResult checkServerIdentity(HttpServletRequest request, Secured secured) {
         return protocolAuthService.checkServerIdentity(request, secured);
     }

core/src/main/java/com/alibaba/nacos/core/auth/AuthAdminFilter.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.auth;
+
+import com.alibaba.nacos.auth.annotation.Secured;
+import com.alibaba.nacos.auth.config.NacosAuthConfig;
+import com.alibaba.nacos.core.code.ControllerMethodsCache;
+import com.alibaba.nacos.plugin.auth.constant.ApiType;
+
+/**
+ * Unified filter to handle authentication and authorization.
+ *
+ * @author nkorange
+ * @since 1.2.0
+ */
+public class AuthAdminFilter extends AbstractWebAuthFilter {
+
+    private final NacosAuthConfig authConfig;
+
+    public AuthAdminFilter(NacosAuthConfig authConfig, ControllerMethodsCache methodsCache) {
+        super(authConfig, methodsCache);
+        this.authConfig = authConfig;
+    }
+
+    @Override
+    protected boolean isAuthEnabled() {
+        return authConfig.isAuthEnabled();
+    }
+
+    @Override
+    protected boolean isMatchFilter(Secured secured) {
+        // Other API authed by {@link AuthFilter}
+        return ApiType.ADMIN_API.equals(secured.apiType());
+    }
+}

core/src/main/java/com/alibaba/nacos/core/auth/AuthConfig.java

@@ -38,12 +38,26 @@ public FilterRegistrationBean<AuthFilter> authFilterRegistration(AuthFilter auth
         registration.addUrlPatterns("/*");
         registration.setName("authFilter");
         registration.setOrder(6);
-
+        return registration;
+    }
+
+    @Bean
+    public FilterRegistrationBean<AuthAdminFilter> authAdminFilterRegistration(AuthAdminFilter authAdminFilter) {
+        FilterRegistrationBean<AuthAdminFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(authAdminFilter);
+        registration.addUrlPatterns("/*");
+        registration.setName("authAdminFilter");
+        registration.setOrder(6);
         return registration;
     }
 
     @Bean
     public AuthFilter authFilter(ControllerMethodsCache methodsCache) {
         return new AuthFilter(NacosServerAuthConfig.getInstance(), methodsCache);
     }
+
+    @Bean
+    public AuthAdminFilter authAdminFilter(ControllerMethodsCache methodsCache) {
+        return new AuthAdminFilter(NacosServerAdminAuthConfig.getInstance(), methodsCache);
+    }
 }

core/src/main/java/com/alibaba/nacos/core/auth/AuthFilter.java

@@ -16,8 +16,10 @@
 
 package com.alibaba.nacos.core.auth;
 
+import com.alibaba.nacos.auth.annotation.Secured;
 import com.alibaba.nacos.auth.config.NacosAuthConfig;
 import com.alibaba.nacos.core.code.ControllerMethodsCache;
+import com.alibaba.nacos.plugin.auth.constant.ApiType;
 
 /**
  * Unified filter to handle authentication and authorization.
@@ -38,4 +40,10 @@ public AuthFilter(NacosAuthConfig authConfig, ControllerMethodsCache methodsCach
     protected boolean isAuthEnabled() {
         return authConfig.isAuthEnabled();
     }
+
+    @Override
+    protected boolean isMatchFilter(Secured secured) {
+        // ADMIN API use {@link AuthAdminFilter} to handle
+        return !ApiType.ADMIN_API.equals(secured.apiType());
+    }
 }

core/src/main/java/com/alibaba/nacos/core/auth/NacosServerAdminAuthConfig.java

@@ -0,0 +1,133 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.core.auth;
+
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
+import com.alibaba.nacos.auth.config.AuthErrorCode;
+import com.alibaba.nacos.auth.config.NacosAuthConfig;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.config.AbstractDynamicConfig;
+import com.alibaba.nacos.plugin.auth.constant.Constants;
+import com.alibaba.nacos.sys.env.EnvUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Nacos Server auth configurations.
+ *
+ * @author xiweng.yy
+ */
+public class NacosServerAdminAuthConfig extends AbstractDynamicConfig implements NacosAuthConfig {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(NacosServerAdminAuthConfig.class);
+
+    private static final NacosServerAdminAuthConfig INSTANCE = new NacosServerAdminAuthConfig();
+
+    /**
+     * Whether server auth enabled.
+     */
+    private boolean authEnabled;
+
+    /**
+     * Which auth system is in use.
+     */
+    private String nacosAuthSystemType;
+
+    private String serverIdentityKey;
+
+    private String serverIdentityValue;
+
+    private NacosServerAdminAuthConfig() {
+        super("NacosServerAdminAuth");
+        resetConfig();
+        validate();
+    }
+
+    public static NacosServerAdminAuthConfig getInstance() {
+        return INSTANCE;
+    }
+
+    /**
+     * Validate auth config.
+     */
+    private void validate() {
+        if (!authEnabled) {
+            return;
+        }
+        if (StringUtils.isEmpty(nacosAuthSystemType)) {
+            throw new NacosRuntimeException(AuthErrorCode.INVALID_TYPE.getCode(), AuthErrorCode.INVALID_TYPE.getMsg());
+        }
+        if (StringUtils.isEmpty(serverIdentityKey) || StringUtils.isEmpty(serverIdentityValue)) {
+            throw new NacosRuntimeException(AuthErrorCode.EMPTY_IDENTITY.getCode(),
+                    AuthErrorCode.EMPTY_IDENTITY.getMsg());
+        }
+    }
+
+    /**
+     * server auth function is open.
+     *
+     * @return server auth function is open
+     */
+    @Override
+    public boolean isAuthEnabled() {
+        return authEnabled;
+    }
+
+    @Override
+    public String getNacosAuthSystemType() {
+        return nacosAuthSystemType;
+    }
+
+    @Override
+    public boolean isSupportServerIdentity() {
+        return true;
+    }
+
+    @Override
+    public String getServerIdentityKey() {
+        return serverIdentityKey;
+    }
+
+    @Override
+    public String getServerIdentityValue() {
+        return serverIdentityValue;
+    }
+
+    @Override
+    protected void getConfigFromEnv() {
+        try {
+            authEnabled = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_ADMIN_ENABLED, Boolean.class, true);
+            nacosAuthSystemType = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SYSTEM_TYPE, "");
+            serverIdentityKey = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_KEY, "");
+            serverIdentityValue = EnvUtil.getProperty(Constants.Auth.NACOS_CORE_AUTH_SERVER_IDENTITY_VALUE, "");
+        } catch (Exception e) {
+            LOGGER.warn("Upgrade auth config from env failed, use old value", e);
+        }
+    }
+
+    @Override
+    protected String printConfig() {
+        return toString();
+    }
+
+    @Override
+    public String toString() {
+        return "NacosServerAdminAuthConfig{" + "authEnabled=" + authEnabled + ", nacosAuthSystemType='"
+                + nacosAuthSystemType + '\'' + ", serverIdentityKey='" + serverIdentityKey + '\''
+                + ", serverIdentityValue='" + serverIdentityValue + '\'' + '}';
+    }
+}

core/src/main/java/com/alibaba/nacos/core/controller/ServerLoaderController.java

@@ -111,7 +111,7 @@ public ServerLoaderController(ConnectionManager connectionManager, ServerMemberM
      */
     @Secured(resource = Commons.NACOS_CORE_CONTEXT_V2 + "/loader", action = ActionTypes.READ)
     @GetMapping("/current")
-    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/core/loader/current")
+    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/admin/core/loader/current")
     public ResponseEntity<Map<String, Connection>> currentClients() {
         Map<String, Connection> stringConnectionMap = connectionManager.currentClients();
         return ResponseEntity.ok().body(stringConnectionMap);
@@ -124,7 +124,7 @@ public ResponseEntity<Map<String, Connection>> currentClients() {
      */
     @Secured(resource = Commons.NACOS_CORE_CONTEXT_V2 + "/loader", action = ActionTypes.WRITE)
     @GetMapping("/reloadCurrent")
-    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/core/loader/reloadCurrent")
+    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/admin/core/loader/reloadCurrent")
     public ResponseEntity<String> reloadCount(@RequestParam Integer count,
             @RequestParam(value = "redirectAddress", required = false) String redirectAddress) {
         connectionManager.loadCount(count, redirectAddress);
@@ -139,7 +139,7 @@ public ResponseEntity<String> reloadCount(@RequestParam Integer count,
      */
     @Secured(resource = Commons.NACOS_CORE_CONTEXT_V2 + "/loader", action = ActionTypes.WRITE)
     @GetMapping("/smartReloadCluster")
-    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/core/loader/smartReloadCluster")
+    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/admin/core/loader/smartReloadCluster")
     public ResponseEntity<String> smartReload(HttpServletRequest request,
             @RequestParam(value = "loaderFactor", required = false) String loaderFactorStr,
             @RequestParam(value = "force", required = false) String force) {
@@ -250,7 +250,7 @@ public void onException(Throwable e) {
      */
     @Secured(resource = Commons.NACOS_CORE_CONTEXT_V2 + "/loader", action = ActionTypes.WRITE)
     @GetMapping("/reloadClient")
-    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/core/loader/reloadClient")
+    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/admin/core/loader/reloadClient")
     public ResponseEntity<String> reloadSingle(@RequestParam String connectionId,
             @RequestParam(value = "redirectAddress", required = false) String redirectAddress) {
         connectionManager.loadSingle(connectionId, redirectAddress);
@@ -264,7 +264,7 @@ public ResponseEntity<String> reloadSingle(@RequestParam String connectionId,
      */
     @Secured(resource = Commons.NACOS_CORE_CONTEXT_V2 + "/loader", action = ActionTypes.READ)
     @GetMapping("/cluster")
-    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/core/loader/cluster")
+    @Compatibility(apiType = ApiType.ADMIN_API, alternatives = "GET {contextPath:nacos}/v3/admin/core/loader/cluster")
     public ResponseEntity<Map<String, Object>> loaderMetrics() {
 
         Map<String, Object> serverLoadMetrics = getServerLoadMetrics();

core/src/main/java/com/alibaba/nacos/core/controller/compatibility/ApiCompatibilityConfig.java

@@ -57,7 +57,7 @@ public static ApiCompatibilityConfig getInstance() {
     protected void getConfigFromEnv() {
         clientApiCompatibility = EnvUtil.getProperty(CLIENT_API_COMPATIBILITY_KEY, Boolean.class, true);
         consoleApiCompatibility = EnvUtil.getProperty(CONSOLE_API_COMPATIBILITY_KEY, Boolean.class, false);
-        adminApiCompatibility = EnvUtil.getProperty(ADMIN_API_COMPATIBILITY_KEY, Boolean.class, true);
+        adminApiCompatibility = EnvUtil.getProperty(ADMIN_API_COMPATIBILITY_KEY, Boolean.class, false);
     }
 
     @Override

distribution/conf/application.properties

@@ -178,7 +178,7 @@ server.error.include-message=ALWAYS
 ### Enabled for open API compatibility
 # nacos.core.api.compatibility.client.enabled=true
 ### Enabled for admin API compatibility
-# nacos.core.api.compatibility.admin.enabled=true
+# nacos.core.api.compatibility.admin.enabled=false
 ### Enabled for console API compatibility
 # nacos.core.api.compatibility.console.enabled=false
 
@@ -220,6 +220,8 @@ nacos.core.auth.system.type=nacos
 ### If turn on auth system:
 # Whether open nacos server API auth system
 nacos.core.auth.enabled=false
+# Whether open nacos admin API auth system
+nacos.core.auth.admin.enabled=true
 # Whether open nacos console API auth system
 nacos.core.auth.console.enabled=true
 

naming/src/main/java/com/alibaba/nacos/naming/controllers/v3/InstanceControllerV3.java

@@ -41,6 +41,7 @@
 import com.alibaba.nacos.naming.misc.SwitchDomain;
 import com.alibaba.nacos.naming.misc.UtilsAndCommons;
 import com.alibaba.nacos.naming.model.form.InstanceForm;
+import com.alibaba.nacos.naming.model.form.InstanceListForm;
 import com.alibaba.nacos.naming.model.form.InstanceMetadataBatchOperationForm;
 import com.alibaba.nacos.naming.model.vo.InstanceDetailInfoVo;
 import com.alibaba.nacos.naming.model.vo.InstanceMetadataBatchOperationVo;
@@ -62,7 +63,6 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.ArrayList;
@@ -262,19 +262,18 @@ public Result<String> partialUpdateInstance(InstanceForm instanceForm) throws Ex
     @TpsControl(pointName = "NamingServiceSubscribe", name = "HttpNamingServiceSubscribe")
     @ExtractorManager.Extractor(httpExtractor = NamingInstanceListHttpParamExtractor.class)
     @Secured(resource = UtilsAndCommons.SERVICE_CONTROLLER_V3_ADMIN_PATH, action = ActionTypes.READ, apiType = ApiType.ADMIN_API)
-    public Result<ServiceInfo> list(InstanceForm instanceForm,
-            @RequestParam(defaultValue = "false") Boolean healthyOnly) throws NacosApiException {
-        instanceForm.validate();
-        String compositeServiceName = NamingUtils.getGroupedName(instanceForm.getServiceName(),
-                instanceForm.getGroupName());
-        String namespaceId = instanceForm.getNamespaceId();
-        String clusterName = instanceForm.getClusterName();
+    public Result<ServiceInfo> list(InstanceListForm instanceListForm) throws NacosApiException {
+        instanceListForm.validate();
+        String compositeServiceName = NamingUtils.getGroupedName(instanceListForm.getServiceName(),
+                instanceListForm.getGroupName());
+        String namespaceId = instanceListForm.getNamespaceId();
+        String clusterName = instanceListForm.getClusterName();
         // TODO Deprecated, the subscriber is used by client 1.0 to subs service, admin api don't need it,
         //  InstanceOperator should support no subscribe api.
         Subscriber subscriber = new Subscriber("Deprecated", "Deprecated", "Deprecated", "Deprecated", namespaceId,
                 compositeServiceName, 0, clusterName);
-        return Result.success(
-                instanceService.listInstance(namespaceId, compositeServiceName, subscriber, clusterName, healthyOnly));
+        return Result.success(instanceService.listInstance(namespaceId, compositeServiceName, subscriber, clusterName,
+                instanceListForm.getHealthyOnly()));
     }
 
     /**

naming/src/main/java/com/alibaba/nacos/naming/model/form/InstanceListForm.java

@@ -0,0 +1,137 @@
+/*
+ * Copyright 1999-2025 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.model.form;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.api.exception.api.NacosApiException;
+import com.alibaba.nacos.api.model.v2.ErrorCode;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.model.form.NacosForm;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.springframework.http.HttpStatus;
+
+import java.util.Objects;
+
+/**
+ * Instance List Form.
+ *
+ * @author xiweng.yy
+ */
+public class InstanceListForm implements NacosForm {
+
+    private static final long serialVersionUID = -3760300561436525429L;
+
+    private String namespaceId;
+
+    private String groupName;
+
+    private String serviceName;
+
+    private String clusterName;
+
+    private Boolean healthyOnly;
+
+    /**
+     * check param.
+     *
+     * @throws NacosApiException NacosApiException
+     */
+    public void validate() throws NacosApiException {
+        fillDefaultValue();
+        if (StringUtils.isBlank(serviceName)) {
+            throw new NacosApiException(HttpStatus.BAD_REQUEST.value(), ErrorCode.PARAMETER_MISSING,
+                    "Required parameter 'serviceName' type String is not present");
+        }
+    }
+
+    /**
+     * fill default value.
+     */
+    public void fillDefaultValue() {
+        if (StringUtils.isBlank(namespaceId)) {
+            namespaceId = Constants.DEFAULT_NAMESPACE_ID;
+        }
+        if (StringUtils.isBlank(groupName)) {
+            groupName = Constants.DEFAULT_GROUP;
+        }
+        if (StringUtils.isBlank(clusterName)) {
+            clusterName = UtilsAndCommons.DEFAULT_CLUSTER_NAME;
+        }
+        if (null == healthyOnly) {
+            healthyOnly = false;
+        }
+    }
+
+    public String getNamespaceId() {
+        return namespaceId;
+    }
+
+    public void setNamespaceId(String namespaceId) {
+        this.namespaceId = namespaceId;
+    }
+
+    public String getGroupName() {
+        return groupName;
+    }
+
+    public void setGroupName(String groupName) {
+        this.groupName = groupName;
+    }
+
+    public String getServiceName() {
+        return serviceName;
+    }
+
+    public void setServiceName(String serviceName) {
+        this.serviceName = serviceName;
+    }
+
+    public String getClusterName() {
+        return clusterName;
+    }
+
+    public void setClusterName(String clusterName) {
+        this.clusterName = clusterName;
+    }
+
+    public Boolean getHealthyOnly() {
+        return healthyOnly;
+    }
+
+    public void setHealthyOnly(Boolean healthyOnly) {
+        this.healthyOnly = healthyOnly;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        InstanceListForm that = (InstanceListForm) o;
+        return Objects.equals(namespaceId, that.namespaceId) && Objects.equals(groupName, that.groupName)
+                && Objects.equals(serviceName, that.serviceName) && Objects.equals(clusterName, that.clusterName)
+                && Objects.equals(healthyOnly, that.healthyOnly);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(namespaceId, groupName, serviceName, clusterName, healthyOnly);
+    }
+}

naming/src/test/java/com/alibaba/nacos/naming/controllers/v3/InstanceControllerV3Test.java

@@ -29,6 +29,7 @@
 import com.alibaba.nacos.naming.core.InstanceOperatorClientImpl;
 import com.alibaba.nacos.naming.misc.UtilsAndCommons;
 import com.alibaba.nacos.naming.model.form.InstanceForm;
+import com.alibaba.nacos.naming.model.form.InstanceListForm;
 import com.alibaba.nacos.naming.model.form.InstanceMetadataBatchOperationForm;
 import com.alibaba.nacos.naming.model.vo.InstanceDetailInfoVo;
 import com.alibaba.nacos.naming.model.vo.InstanceMetadataBatchOperationVo;
@@ -224,14 +225,12 @@ void listInstance() throws Exception {
 
         when(instanceService.listInstance(eq(TEST_NAMESPACE), eq(TEST_SERVICE_NAME), any(), eq(TEST_CLUSTER_NAME),
                 eq(false))).thenReturn(serviceInfo);
-        InstanceForm instanceForm = new InstanceForm();
+        InstanceListForm instanceForm = new InstanceListForm();
         instanceForm.setNamespaceId(TEST_NAMESPACE);
         instanceForm.setGroupName("DEFAULT_GROUP");
         instanceForm.setServiceName("test-service");
         instanceForm.setClusterName(TEST_CLUSTER_NAME);
-        instanceForm.setIp(TEST_IP);
-        instanceForm.setPort(9999);
-        Result<ServiceInfo> result = instanceControllerV3.list(instanceForm, false);
+        Result<ServiceInfo> result = instanceControllerV3.list(instanceForm);
 
         verify(instanceService).listInstance(eq(TEST_NAMESPACE), eq(TEST_SERVICE_NAME), any(), eq(TEST_CLUSTER_NAME),
                 eq(false));

plugin/auth/src/main/java/com/alibaba/nacos/plugin/auth/constant/Constants.java

@@ -29,6 +29,8 @@ public static class Auth {
 
         public static final String NACOS_CORE_AUTH_CONSOLE_ENABLED = "nacos.core.auth.console.enabled";
 
+        public static final String NACOS_CORE_AUTH_ADMIN_ENABLED = "nacos.core.auth.admin.enabled";
+
         public static final String NACOS_CORE_AUTH_SYSTEM_TYPE = "nacos.core.auth.system.type";
 
         public static final String NACOS_CORE_AUTH_CACHING_ENABLED = "nacos.core.auth.caching.enabled";