diff --git a/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java b/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java index f8bf668b8f7b336c04218c24c409eb8cc2615bbd..581237e9b14048b76b49b4f9b6b2437d851d823e 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java @@ -17,21 +17,19 @@ package org.apache.rocketmq.acl; import java.util.HashMap; - import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.engine.PlainAclPlugEngine; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; +import org.apache.rocketmq.acl.plug.AccessControl; +import org.apache.rocketmq.acl.plug.AclPlugRuntimeException; +import org.apache.rocketmq.acl.plug.AuthenticationResult; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine; import org.apache.rocketmq.remoting.protocol.RemotingCommand; -public class PlainAccessValidator implements AccessValidator { +public class PlainAccessValidator implements AccessValidator { - private PlainAclPlugEngine aclPlugEngine; public PlainAccessValidator() { - aclPlugEngine = new PlainAclPlugEngine(); + aclPlugEngine = new PlainAclPlugEngine(); } @Override diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java similarity index 90% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java index 092a97ef44bdfc2615b75d5a866c40010f5399ca..f487bf47efc62b6134e12e9cb6a14916fe53e1e3 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; import org.apache.rocketmq.acl.AccessResource; @@ -87,8 +87,8 @@ public class AccessControl implements AccessResource { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("AccessControl [account=").append(account).append(", password=").append(password) - .append(", netaddress=").append(netaddress).append(", recognition=").append(recognition) - .append(", code=").append(code).append(", topic=").append(topic).append("]"); + .append(", netaddress=").append(netaddress).append(", recognition=").append(recognition) + .append(", code=").append(code).append(", topic=").append(topic).append("]"); return builder.toString(); } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java similarity index 95% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java index 0048b2c6817d098f9af09f1bc9523fc9ce73ba9f..8f6af5d33442ba4dea47cdf7e30c5595bb2b023c 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.exception; +package org.apache.rocketmq.acl.plug; public class AclPlugRuntimeException extends RuntimeException { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java index 19f2b234df652ce303d292f99f4e30ac4feead9d..9ba5b79a06e883bc1dccc5620b97b27257686b17 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java @@ -19,9 +19,7 @@ package org.apache.rocketmq.acl.plug; import java.io.File; import java.io.FileInputStream; import java.io.IOException; - import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.yaml.snakeyaml.Yaml; public class AclUtils { @@ -84,24 +82,23 @@ public class AclUtils { return minus.indexOf('-') > -1; } - - - public static T getYamlDataObject(String path ,Class clazz) { - Yaml ymal = new Yaml(); - FileInputStream fis = null; - try { - fis = new FileInputStream(new File(path)); - return ymal.loadAs(fis, clazz); - } catch (Exception e) { - throw new AclPlugRuntimeException(String.format("The transport.yml file for Plain mode was not found , paths %s", path), e); - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - throw new AclPlugRuntimeException("close transport fileInputStream Exception", e); - } - } - } + + public static T getYamlDataObject(String path, Class clazz) { + Yaml ymal = new Yaml(); + FileInputStream fis = null; + try { + fis = new FileInputStream(new File(path)); + return ymal.loadAs(fis, clazz); + } catch (Exception e) { + throw new AclPlugRuntimeException(String.format("The transport.yml file for Plain mode was not found , paths %s", path), e); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + throw new AclPlugRuntimeException("close transport fileInputStream Exception", e); + } + } + } } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java similarity index 91% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java index a1696e2e44c3d869e4c90570bbb0f2a9d6632288..4852dbdb86591091afa93f10966984be2ea95f75 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java @@ -14,9 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; - -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategy; +package org.apache.rocketmq.acl.plug; import java.util.Iterator; import java.util.Map; @@ -31,7 +29,7 @@ public class AuthenticationInfo { private Map authority; public AuthenticationInfo(Map authority, AccessControl accessControl, - NetaddressStrategy netaddressStrategy) { + NetaddressStrategy netaddressStrategy) { super(); this.authority = authority; this.accessControl = accessControl; @@ -66,7 +64,7 @@ public class AuthenticationInfo { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("AuthenticationInfo [accessControl=").append(accessControl).append(", netaddressStrategy=") - .append(netaddressStrategy).append(", authority={"); + .append(netaddressStrategy).append(", authority={"); Iterator> it = authority.entrySet().iterator(); while (it.hasNext()) { Entry e = it.next(); diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java similarity index 97% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java index bef05cef06c4a62bf2748af0c844445d4cbbe248..de26837339a4cdb33589490a70c71b015d768bef 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; public class AuthenticationResult { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/BorkerAccessControl.java similarity index 98% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/BorkerAccessControl.java index b5eb1187d2859932df50e38caaac31de4efd8af0..449c8d01dc88c4ce0808b89f3d7f25fcac6cc783 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/BorkerAccessControl.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; import java.util.HashSet; import java.util.Set; @@ -556,8 +556,8 @@ public class BorkerAccessControl extends AccessControl { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("BorkerAccessControl [permitSendTopic=").append(permitSendTopic).append(", noPermitSendTopic=") - .append(noPermitSendTopic).append(", permitPullTopic=").append(permitPullTopic) - .append(", noPermitPullTopic=").append(noPermitPullTopic); + .append(noPermitSendTopic).append(", permitPullTopic=").append(permitPullTopic) + .append(", noPermitPullTopic=").append(noPermitPullTopic); if (!!sendMessage) builder.append(", sendMessage=").append(sendMessage); if (!!sendMessageV2) diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java similarity index 89% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java index 7276634e30fd82e3b89c1a71d22bda681fc4143a..fa28871a5a8b268a4a9d24660adf059f6e2114ac 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java @@ -14,9 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; +package org.apache.rocketmq.acl.plug; public interface NetaddressStrategy { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java similarity index 96% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java index 4be995309168fd85018b6ca3b16580f597d82b74..4f6dde5cea16254425c6a26e87b057a5457ffaa5 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java @@ -14,15 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.AclUtils; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; +package org.apache.rocketmq.acl.plug; import java.util.HashSet; import java.util.Set; +import org.apache.commons.lang3.StringUtils; public class NetaddressStrategyFactory { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java new file mode 100644 index 0000000000000000000000000000000000000000..bdee1be9242583651ad09d140ce48c1116aed7ac --- /dev/null +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java @@ -0,0 +1,268 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.rocketmq.acl.plug; + +import java.lang.reflect.Field; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.apache.rocketmq.common.MixAll; +import org.apache.rocketmq.common.constant.LoggerName; +import org.apache.rocketmq.common.protocol.RequestCode; +import org.apache.rocketmq.logging.InternalLogger; +import org.apache.rocketmq.logging.InternalLoggerFactory; + +public class PlainAclPlugEngine { + + private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME); + + private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, + System.getenv(MixAll.ROCKETMQ_HOME_ENV)); + + private Map> accessControlMap = new HashMap<>(); + + private AuthenticationInfo authenticationInfo; + + private NetaddressStrategyFactory netaddressStrategyFactory = new NetaddressStrategyFactory(); + + private AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + + private Class accessContralAnalysisClass = RequestCode.class; + + public PlainAclPlugEngine() { + initialize(); + } + + public void initialize() { + BorkerAccessControlTransport accessControlTransport = AclUtils.getYamlDataObject(fileHome + "/conf/transport.yml", BorkerAccessControlTransport.class); + if (accessControlTransport == null) { + throw new AclPlugRuntimeException("transport.yml file is no data"); + } + accessContralAnalysis.analysisClass(accessContralAnalysisClass); + setBorkerAccessControlTransport(accessControlTransport); + } + + public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { + if (accessControl.getAccount() == null || accessControl.getPassword() == null + || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { + throw new AclPlugRuntimeException(String.format( + "The account password cannot be null and is longer than 6, account is %s password is %s", + accessControl.getAccount(), accessControl.getPassword())); + } + try { + NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); + List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); + if (accessControlAddressList == null) { + accessControlAddressList = new ArrayList<>(); + accessControlMap.put(accessControl.getAccount(), accessControlAddressList); + } + AuthenticationInfo authenticationInfo = new AuthenticationInfo( + accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategy); + accessControlAddressList.add(authenticationInfo); + log.info("authenticationInfo is {}", authenticationInfo.toString()); + } catch (Exception e) { + throw new AclPlugRuntimeException( + String.format("Exception info %s %s", e.getMessage(), accessControl.toString()), e); + } + } + + public void setAccessControlList(List accessControlList) throws AclPlugRuntimeException { + for (AccessControl accessControl : accessControlList) { + setAccessControl(accessControl); + } + } + + public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { + try { + authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategyFactory.getNetaddressStrategy(accessControl)); + log.info("default authenticationInfo is {}", authenticationInfo.toString()); + } catch (Exception e) { + throw new AclPlugRuntimeException(accessControl.toString(), e); + } + + } + + public AuthenticationInfo getAccessControl(AccessControl accessControl) { + if (accessControl.getAccount() == null && authenticationInfo != null) { + return authenticationInfo.getNetaddressStrategy().match(accessControl) ? authenticationInfo : null; + } else { + List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); + if (accessControlAddressList != null) { + for (AuthenticationInfo ai : accessControlAddressList) { + if (ai.getNetaddressStrategy().match(accessControl) && ai.getAccessControl().getPassword().equals(accessControl.getPassword())) { + return ai; + } + } + } + } + return null; + } + + public AuthenticationResult eachCheckAuthentication(AccessControl accessControl) { + AuthenticationResult authenticationResult = new AuthenticationResult(); + AuthenticationInfo authenticationInfo = getAccessControl(accessControl); + if (authenticationInfo != null) { + boolean boo = authentication(authenticationInfo, accessControl, authenticationResult); + authenticationResult.setSucceed(boo); + authenticationResult.setAccessControl(authenticationInfo.getAccessControl()); + } else { + authenticationResult.setResultString("accessControl is null, Please check login, password, IP\""); + } + return authenticationResult; + } + + void setBorkerAccessControlTransport(BorkerAccessControlTransport transport) { + if (transport.getOnlyNetAddress() == null && (transport.getList() == null || transport.getList().size() == 0)) { + throw new AclPlugRuntimeException("onlyNetAddress and list can't be all empty"); + } + + if (transport.getOnlyNetAddress() != null) { + this.setNetaddressAccessControl(transport.getOnlyNetAddress()); + } + if (transport.getList() != null || transport.getList().size() > 0) { + for (AccessControl accessControl : transport.getList()) { + this.setAccessControl(accessControl); + } + } + } + + public boolean authentication(AuthenticationInfo authenticationInfo, AccessControl accessControl, + AuthenticationResult authenticationResult) { + int code = accessControl.getCode(); + if (!authenticationInfo.getAuthority().get(code)) { + authenticationResult.setResultString(String.format("code is %d Authentication failed", code)); + return false; + } + if (!(authenticationInfo.getAccessControl() instanceof BorkerAccessControl)) { + return true; + } + BorkerAccessControl borker = (BorkerAccessControl) authenticationInfo.getAccessControl(); + String topicName = accessControl.getTopic(); + if (code == 10 || code == 310 || code == 320) { + if (borker.getPermitSendTopic().contains(topicName)) { + return true; + } + if (borker.getNoPermitSendTopic().contains(topicName)) { + authenticationResult.setResultString(String.format("noPermitSendTopic include %s", topicName)); + return false; + } + return borker.getPermitSendTopic().isEmpty() ? true : false; + } else if (code == 11) { + if (borker.getPermitPullTopic().contains(topicName)) { + return true; + } + if (borker.getNoPermitPullTopic().contains(topicName)) { + authenticationResult.setResultString(String.format("noPermitPullTopic include %s", topicName)); + return false; + } + return borker.getPermitPullTopic().isEmpty() ? true : false; + } + return true; + } + + public static class AccessContralAnalysis { + + private Map, Map> classTocodeAndMentod = new HashMap<>(); + + private Map fieldNameAndCode = new HashMap<>(); + + public void analysisClass(Class clazz) { + Field[] fields = clazz.getDeclaredFields(); + try { + for (Field field : fields) { + if (field.getType().equals(int.class)) { + String name = StringUtils.replace(field.getName(), "_", "").toLowerCase(); + fieldNameAndCode.put(name, (Integer) field.get(null)); + } + } + } catch (IllegalArgumentException | IllegalAccessException e) { + throw new AclPlugRuntimeException(String.format("analysis on failure Class is %s", clazz.getName()), e); + } + } + + public Map analysis(AccessControl accessControl) { + Class clazz = accessControl.getClass(); + Map codeAndField = classTocodeAndMentod.get(clazz); + if (codeAndField == null) { + codeAndField = new HashMap<>(); + Field[] fields = clazz.getDeclaredFields(); + for (Field field : fields) { + if (!field.getType().equals(boolean.class)) + continue; + Integer code = fieldNameAndCode.get(field.getName().toLowerCase()); + if (code == null) { + throw new AclPlugRuntimeException( + String.format("field nonexistent in code fieldName is %s", field.getName())); + } + field.setAccessible(true); + codeAndField.put(code, field); + + } + if (codeAndField.isEmpty()) { + throw new AclPlugRuntimeException(String.format("AccessControl nonexistent code , name %s", + accessControl.getClass().getName())); + } + classTocodeAndMentod.put(clazz, codeAndField); + } + Iterator> it = codeAndField.entrySet().iterator(); + Map authority = new HashMap<>(); + try { + while (it.hasNext()) { + Entry e = it.next(); + authority.put(e.getKey(), (Boolean) e.getValue().get(accessControl)); + } + } catch (IllegalArgumentException | IllegalAccessException e) { + throw new AclPlugRuntimeException( + String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); + } + return authority; + } + + } + + public static class BorkerAccessControlTransport { + + private BorkerAccessControl onlyNetAddress; + + private List list; + + public BorkerAccessControl getOnlyNetAddress() { + return onlyNetAddress; + } + + public void setOnlyNetAddress(BorkerAccessControl onlyNetAddress) { + this.onlyNetAddress = onlyNetAddress; + } + + public List getList() { + return list; + } + + public void setList(List list) { + this.list = list; + } + + @Override + public String toString() { + return "BorkerAccessControlTransport [onlyNetAddress=" + onlyNetAddress + ", list=" + list + "]"; + } + } +} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java deleted file mode 100644 index c5aadbf0b3c5529043e75106e1f367f393594cc8..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java +++ /dev/null @@ -1,279 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import java.lang.reflect.Field; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.AclUtils; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategy; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; -import org.apache.rocketmq.common.MixAll; -import org.apache.rocketmq.common.constant.LoggerName; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.apache.rocketmq.logging.InternalLogger; -import org.apache.rocketmq.logging.InternalLoggerFactory; - -public class PlainAclPlugEngine { - - private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME); - - private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, - System.getenv(MixAll.ROCKETMQ_HOME_ENV)); - - private Map> accessControlMap = new HashMap<>(); - - private AuthenticationInfo authenticationInfo; - - private NetaddressStrategyFactory netaddressStrategyFactory = new NetaddressStrategyFactory(); - - private AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - - private Class accessContralAnalysisClass = RequestCode.class; - - - public PlainAclPlugEngine() { - initialize(); - } - - public void initialize() { - BorkerAccessControlTransport accessControlTransport = AclUtils.getYamlDataObject(fileHome + "/conf/transport.yml", BorkerAccessControlTransport.class); - if (accessControlTransport == null) { - throw new AclPlugRuntimeException("transport.yml file is no data"); - } - accessContralAnalysis.analysisClass(accessContralAnalysisClass); - setBorkerAccessControlTransport(accessControlTransport); - } - - public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { - if (accessControl.getAccount() == null || accessControl.getPassword() == null - || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { - throw new AclPlugRuntimeException(String.format( - "The account password cannot be null and is longer than 6, account is %s password is %s", - accessControl.getAccount(), accessControl.getPassword())); - } - try { - NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); - if (accessControlAddressList == null) { - accessControlAddressList = new ArrayList<>(); - accessControlMap.put(accessControl.getAccount(), accessControlAddressList); - } - AuthenticationInfo authenticationInfo = new AuthenticationInfo( - accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategy); - accessControlAddressList.add(authenticationInfo); - log.info("authenticationInfo is {}", authenticationInfo.toString()); - } catch (Exception e) { - throw new AclPlugRuntimeException( - String.format("Exception info %s %s", e.getMessage(), accessControl.toString()), e); - } - } - - public void setAccessControlList(List accessControlList) throws AclPlugRuntimeException { - for (AccessControl accessControl : accessControlList) { - setAccessControl(accessControl); - } - } - - public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { - try { - authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl,netaddressStrategyFactory.getNetaddressStrategy(accessControl)); - log.info("default authenticationInfo is {}", authenticationInfo.toString()); - } catch (Exception e) { - throw new AclPlugRuntimeException(accessControl.toString(), e); - } - - } - - public AuthenticationInfo getAccessControl(AccessControl accessControl) { - if (accessControl.getAccount() == null && authenticationInfo != null) { - return authenticationInfo.getNetaddressStrategy().match(accessControl) ? authenticationInfo : null; - } else { - List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); - if (accessControlAddressList != null) { - for (AuthenticationInfo ai : accessControlAddressList) { - if (ai.getNetaddressStrategy().match(accessControl)&& ai.getAccessControl().getPassword().equals(accessControl.getPassword())) { - return ai; - } - } - } - } - return null; - } - - public AuthenticationResult eachCheckAuthentication(AccessControl accessControl) { - AuthenticationResult authenticationResult = new AuthenticationResult(); - AuthenticationInfo authenticationInfo = getAccessControl(accessControl); - if (authenticationInfo != null) { - boolean boo = authentication(authenticationInfo, accessControl, authenticationResult); - authenticationResult.setSucceed(boo); - authenticationResult.setAccessControl(authenticationInfo.getAccessControl()); - } else { - authenticationResult.setResultString("accessControl is null, Please check login, password, IP\""); - } - return authenticationResult; - } - - void setBorkerAccessControlTransport(BorkerAccessControlTransport transport) { - if (transport.getOnlyNetAddress() == null && (transport.getList() == null || transport.getList().size() == 0)) { - throw new AclPlugRuntimeException("onlyNetAddress and list can't be all empty"); - } - - if (transport.getOnlyNetAddress() != null) { - this.setNetaddressAccessControl(transport.getOnlyNetAddress()); - } - if (transport.getList() != null || transport.getList().size() > 0) { - for (AccessControl accessControl : transport.getList()) { - this.setAccessControl(accessControl); - } - } - } - - public boolean authentication(AuthenticationInfo authenticationInfo, AccessControl accessControl, - AuthenticationResult authenticationResult) { - int code = accessControl.getCode(); - if (!authenticationInfo.getAuthority().get(code)) { - authenticationResult.setResultString(String.format("code is %d Authentication failed", code)); - return false; - } - if (!(authenticationInfo.getAccessControl() instanceof BorkerAccessControl)) { - return true; - } - BorkerAccessControl borker = (BorkerAccessControl) authenticationInfo.getAccessControl(); - String topicName = accessControl.getTopic(); - if (code == 10 || code == 310 || code == 320) { - if (borker.getPermitSendTopic().contains(topicName)) { - return true; - } - if (borker.getNoPermitSendTopic().contains(topicName)) { - authenticationResult.setResultString(String.format("noPermitSendTopic include %s", topicName)); - return false; - } - return borker.getPermitSendTopic().isEmpty() ? true : false; - } else if (code == 11) { - if (borker.getPermitPullTopic().contains(topicName)) { - return true; - } - if (borker.getNoPermitPullTopic().contains(topicName)) { - authenticationResult.setResultString(String.format("noPermitPullTopic include %s", topicName)); - return false; - } - return borker.getPermitPullTopic().isEmpty() ? true : false; - } - return true; - } - - - public static class AccessContralAnalysis { - - private Map, Map> classTocodeAndMentod = new HashMap<>(); - - private Map fieldNameAndCode = new HashMap<>(); - - public void analysisClass(Class clazz) { - Field[] fields = clazz.getDeclaredFields(); - try { - for (Field field : fields) { - if (field.getType().equals(int.class)) { - String name = StringUtils.replace(field.getName(), "_", "").toLowerCase(); - fieldNameAndCode.put(name, (Integer) field.get(null)); - } - } - } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugRuntimeException(String.format("analysis on failure Class is %s", clazz.getName()), e); - } - } - - public Map analysis(AccessControl accessControl) { - Class clazz = accessControl.getClass(); - Map codeAndField = classTocodeAndMentod.get(clazz); - if (codeAndField == null) { - codeAndField = new HashMap<>(); - Field[] fields = clazz.getDeclaredFields(); - for (Field field : fields) { - if (!field.getType().equals(boolean.class)) - continue; - Integer code = fieldNameAndCode.get(field.getName().toLowerCase()); - if (code == null) { - throw new AclPlugRuntimeException( - String.format("field nonexistent in code fieldName is %s", field.getName())); - } - field.setAccessible(true); - codeAndField.put(code, field); - - } - if (codeAndField.isEmpty()) { - throw new AclPlugRuntimeException(String.format("AccessControl nonexistent code , name %s", - accessControl.getClass().getName())); - } - classTocodeAndMentod.put(clazz, codeAndField); - } - Iterator> it = codeAndField.entrySet().iterator(); - Map authority = new HashMap<>(); - try { - while (it.hasNext()) { - Entry e = it.next(); - authority.put(e.getKey(), (Boolean) e.getValue().get(accessControl)); - } - } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugRuntimeException( - String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); - } - return authority; - } - - } - - public static class BorkerAccessControlTransport { - - private BorkerAccessControl onlyNetAddress; - - private List list; - - public BorkerAccessControl getOnlyNetAddress() { - return onlyNetAddress; - } - - public void setOnlyNetAddress(BorkerAccessControl onlyNetAddress) { - this.onlyNetAddress = onlyNetAddress; - } - - public List getList() { - return list; - } - - public void setList(List list) { - this.list = list; - } - - @Override - public String toString() { - return "BorkerAccessControlTransport [onlyNetAddress=" + onlyNetAddress + ", list=" + list + "]"; - } - } -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java deleted file mode 100644 index b7896b13df92a05b6c18886a38c1145ebecdbbe6..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class AccessContralAnalysisTest { - - AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - - @Before - public void init() { - accessContralAnalysis.analysisClass(RequestCode.class); - } - - @Test - public void analysisTest() { - BorkerAccessControl accessControl = new BorkerAccessControl(); - accessControl.setSendMessage(false); - Map map = accessContralAnalysis.analysis(accessControl); - - Iterator> it = map.entrySet().iterator(); - long num = 0; - while (it.hasNext()) { - Entry e = it.next(); - if (!e.getValue()) { - Assert.assertEquals(e.getKey(), Integer.valueOf(10)); - num++; - } - } - Assert.assertEquals(num, 1); - } - - @Test(expected = AclPlugRuntimeException.class) - public void analysisExceptionTest() { - AccessControl accessControl = new AccessControl(); - accessContralAnalysis.analysis(accessControl); - } - -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java index b0cc4daba10b0307b5bf099689a3be79a710f510..db9d90915151cd28e1eb999c1e98441099092880 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java @@ -18,12 +18,10 @@ package org.apache.rocketmq.acl.plug; import java.util.ArrayList; import java.util.List; - import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Test; - public class AclUtilsTest { @Test @@ -125,4 +123,8 @@ public class AclUtilsTest { isMinus = AclUtils.isMinus("*"); Assert.assertFalse(isMinus); } + + public void getYamlDataObjectTest() { + + } } diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java deleted file mode 100644 index 6e5d1444db77cd7fd7ee1757b199f57d73033926..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class AuthenticationTest { - - Authentication authentication = new Authentication(); - - AuthenticationInfo authenticationInfo; - - BorkerAccessControl borkerAccessControl; - - AuthenticationResult authenticationResult = new AuthenticationResult(); - AccessControl accessControl = new AccessControl(); - - @Before - public void init() { - borkerAccessControl = new BorkerAccessControl(); - //321 - borkerAccessControl.setQueryConsumeQueue(false); - - Set permitSendTopic = new HashSet<>(); - permitSendTopic.add("permitSendTopic"); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - - Set noPermitSendTopic = new HashSet<>(); - noPermitSendTopic.add("noPermitSendTopic"); - borkerAccessControl.setNoPermitSendTopic(noPermitSendTopic); - - Set permitPullTopic = new HashSet<>(); - permitPullTopic.add("permitPullTopic"); - borkerAccessControl.setPermitPullTopic(permitPullTopic); - - Set noPermitPullTopic = new HashSet<>(); - noPermitPullTopic.add("noPermitPullTopic"); - borkerAccessControl.setNoPermitPullTopic(noPermitPullTopic); - - AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - accessContralAnalysis.analysisClass(RequestCode.class); - Map map = accessContralAnalysis.analysis(borkerAccessControl); - - authenticationInfo = new AuthenticationInfo(map, borkerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); - } - - @Test - public void authenticationTest() { - - accessControl.setCode(317); - - boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(321); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(10); - accessControl.setTopic("permitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(310); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(320); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(11); - accessControl.setTopic("permitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - } - - @Test - public void isEmptyTest() { - accessControl.setCode(10); - accessControl.setTopic("absentTopic"); - boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - Set permitSendTopic = new HashSet<>(); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(11); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - borkerAccessControl.setPermitPullTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - } - -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java similarity index 98% rename from acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java rename to acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java index 3f21b678876826e1bb5b23eaab2648a1a786b9eb..6c76609df08a1a951208ff8abf0c2fe15aa36eaa 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java @@ -14,10 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.strategy; +package org.apache.rocketmq.acl.plug; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.junit.Assert; import org.junit.Test; diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java new file mode 100644 index 0000000000000000000000000000000000000000..654cf423ae5fc9333e8ed1fda663505cd208bfd9 --- /dev/null +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java @@ -0,0 +1,320 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.rocketmq.acl.plug; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine.AccessContralAnalysis; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine.BorkerAccessControlTransport; +import org.apache.rocketmq.common.protocol.RequestCode; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.junit.MockitoJUnitRunner; + +@RunWith(MockitoJUnitRunner.class) +public class PlainAclPlugEngineTest { + + PlainAclPlugEngine plainAclPlugEngine; + + AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + + AccessControl accessControl; + + AccessControl accessControlTwo; + + AuthenticationInfo authenticationInfo; + + BorkerAccessControl borkerAccessControl; + + @Before + public void init() throws NoSuchFieldException, SecurityException, IOException { + + accessContralAnalysis.analysisClass(RequestCode.class); + + borkerAccessControl = new BorkerAccessControl(); + // 321 + borkerAccessControl.setQueryConsumeQueue(false); + + Set permitSendTopic = new HashSet<>(); + permitSendTopic.add("permitSendTopic"); + borkerAccessControl.setPermitSendTopic(permitSendTopic); + + Set noPermitSendTopic = new HashSet<>(); + noPermitSendTopic.add("noPermitSendTopic"); + borkerAccessControl.setNoPermitSendTopic(noPermitSendTopic); + + Set permitPullTopic = new HashSet<>(); + permitPullTopic.add("permitPullTopic"); + borkerAccessControl.setPermitPullTopic(permitPullTopic); + + Set noPermitPullTopic = new HashSet<>(); + noPermitPullTopic.add("noPermitPullTopic"); + borkerAccessControl.setNoPermitPullTopic(noPermitPullTopic); + + AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + accessContralAnalysis.analysisClass(RequestCode.class); + Map map = accessContralAnalysis.analysis(borkerAccessControl); + + authenticationInfo = new AuthenticationInfo(map, borkerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); + + System.setProperty("rocketmq.home.dir", "src/test/resources"); + plainAclPlugEngine = new PlainAclPlugEngine(); + plainAclPlugEngine.initialize(); + + accessControl = new BorkerAccessControl(); + accessControl.setAccount("rokcetmq"); + accessControl.setPassword("aliyun11"); + accessControl.setNetaddress("127.0.0.1"); + accessControl.setRecognition("127.0.0.1:1"); + + accessControlTwo = new BorkerAccessControl(); + accessControlTwo.setAccount("rokcet1"); + accessControlTwo.setPassword("aliyun1"); + accessControlTwo.setNetaddress("127.0.0.1"); + accessControlTwo.setRecognition("127.0.0.1:2"); + + } + + @Test(expected = AclPlugRuntimeException.class) + public void accountNullTest() { + accessControl.setAccount(null); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void accountThanTest() { + accessControl.setAccount("123"); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void passWordtNullTest() { + accessControl.setAccount(null); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void passWordThanTest() { + accessControl.setAccount("123"); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void testPlainAclPlugEngineInit() { + System.setProperty("rocketmq.home.dir", ""); + new PlainAclPlugEngine().initialize(); + } + + @Test + public void authenticationInfoOfSetAccessControl() { + plainAclPlugEngine.setAccessControl(accessControl); + + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + + AccessControl getAccessControl = authenticationInfo.getAccessControl(); + Assert.assertEquals(accessControl, getAccessControl); + + AccessControl testAccessControl = new AccessControl(); + testAccessControl.setAccount("rokcetmq"); + testAccessControl.setPassword("aliyun11"); + testAccessControl.setNetaddress("127.0.0.1"); + testAccessControl.setRecognition("127.0.0.1:1"); + + testAccessControl.setAccount("rokcetmq1"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + + testAccessControl.setAccount("rokcetmq"); + testAccessControl.setPassword("1234567"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + + testAccessControl.setNetaddress("127.0.0.2"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + } + + @Test + public void setAccessControlList() { + List accessControlList = new ArrayList<>(); + accessControlList.add(accessControl); + + accessControlList.add(accessControlTwo); + + plainAclPlugEngine.setAccessControlList(accessControlList); + + AuthenticationInfo newAccessControl = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertEquals(accessControl, newAccessControl.getAccessControl()); + + newAccessControl = plainAclPlugEngine.getAccessControl(accessControlTwo); + Assert.assertEquals(accessControlTwo, newAccessControl.getAccessControl()); + + } + + @Test + public void setNetaddressAccessControl() { + AccessControl accessControl = new BorkerAccessControl(); + accessControl.setAccount("RocketMQ"); + accessControl.setPassword("RocketMQ"); + accessControl.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(accessControl); + plainAclPlugEngine.setNetaddressAccessControl(accessControl); + + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + + AccessControl getAccessControl = authenticationInfo.getAccessControl(); + Assert.assertEquals(accessControl, getAccessControl); + + accessControl.setNetaddress("127.0.0.2"); + authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertNull(authenticationInfo); + } + + public void eachCheckLoginAndAuthentication() { + + } + + @Test(expected = AclPlugRuntimeException.class) + public void borkerAccessControlTransportTestNull() { + BorkerAccessControlTransport accessControlTransport = new BorkerAccessControlTransport(); + plainAclPlugEngine.setBorkerAccessControlTransport(accessControlTransport); + } + + @Test + public void borkerAccessControlTransportTest() { + BorkerAccessControlTransport accessControlTransport = new BorkerAccessControlTransport(); + List list = new ArrayList<>(); + list.add((BorkerAccessControl) this.accessControlTwo); + accessControlTransport.setOnlyNetAddress((BorkerAccessControl) this.accessControl); + accessControlTransport.setList(list); + plainAclPlugEngine.setBorkerAccessControlTransport(accessControlTransport); + + AccessControl accessControl = new BorkerAccessControl(); + accessControl.setAccount("RocketMQ"); + accessControl.setPassword("RocketMQ"); + accessControl.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(accessControl); + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertNotNull(authenticationInfo.getAccessControl()); + + authenticationInfo = plainAclPlugEngine.getAccessControl(accessControlTwo); + Assert.assertEquals(accessControlTwo, authenticationInfo.getAccessControl()); + + } + + @Test + public void authenticationTest() { + AuthenticationResult authenticationResult = new AuthenticationResult(); + accessControl.setCode(317); + + boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(321); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setCode(10); + accessControl.setTopic("permitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(310); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(320); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setTopic("noPermitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setTopic("nopermitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setCode(11); + accessControl.setTopic("permitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setTopic("noPermitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setTopic("nopermitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + } + + @Test + public void isEmptyTest() { + AuthenticationResult authenticationResult = new AuthenticationResult(); + accessControl.setCode(10); + accessControl.setTopic("absentTopic"); + boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + Set permitSendTopic = new HashSet<>(); + borkerAccessControl.setPermitSendTopic(permitSendTopic); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(11); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + borkerAccessControl.setPermitPullTopic(permitSendTopic); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + } + + @Test + public void analysisTest() { + BorkerAccessControl accessControl = new BorkerAccessControl(); + accessControl.setSendMessage(false); + Map map = accessContralAnalysis.analysis(accessControl); + + Iterator> it = map.entrySet().iterator(); + long num = 0; + while (it.hasNext()) { + Entry e = it.next(); + if (!e.getValue()) { + Assert.assertEquals(e.getKey(), Integer.valueOf(10)); + num++; + } + } + Assert.assertEquals(num, 1); + } + + @Test(expected = AclPlugRuntimeException.class) + public void analysisExceptionTest() { + AccessControl accessControl = new AccessControl(); + accessContralAnalysis.analysis(accessControl); + } +} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java deleted file mode 100644 index 616cb5c3bb184a749c3aeabe017f1476c28f7490..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.rocketmq.acl.plug.AccessContralAnalysis; -import org.apache.rocketmq.acl.plug.engine.PlainAclPlugEngine.BorkerAccessControlTransport; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; - -@RunWith(MockitoJUnitRunner.class) -public class PlainAclPlugEngineTest { - - PlainAclPlugEngine plainAclPlugEngine; - - AccessControl accessControl; - - AccessControl accessControlTwo; - - AuthenticationInfo authenticationInfo; - - BorkerAccessControl borkerAccessControl; - - @Before - public void init() throws NoSuchFieldException, SecurityException, IOException { - - borkerAccessControl = new BorkerAccessControl(); - // 321 - borkerAccessControl.setQueryConsumeQueue(false); - - Set permitSendTopic = new HashSet<>(); - permitSendTopic.add("permitSendTopic"); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - - Set noPermitSendTopic = new HashSet<>(); - noPermitSendTopic.add("noPermitSendTopic"); - borkerAccessControl.setNoPermitSendTopic(noPermitSendTopic); - - Set permitPullTopic = new HashSet<>(); - permitPullTopic.add("permitPullTopic"); - borkerAccessControl.setPermitPullTopic(permitPullTopic); - - Set noPermitPullTopic = new HashSet<>(); - noPermitPullTopic.add("noPermitPullTopic"); - borkerAccessControl.setNoPermitPullTopic(noPermitPullTopic); - - AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - accessContralAnalysis.analysisClass(RequestCode.class); - Map map = accessContralAnalysis.analysis(borkerAccessControl); - - authenticationInfo = new AuthenticationInfo(map, borkerAccessControl,NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); - - System.setProperty("rocketmq.home.dir", "src/test/resources"); - plainAclPlugEngine = new PlainAclPlugEngine(); - plainAclPlugEngine.initialize(); - - accessControl = new BorkerAccessControl(); - accessControl.setAccount("rokcetmq"); - accessControl.setPassword("aliyun11"); - accessControl.setNetaddress("127.0.0.1"); - accessControl.setRecognition("127.0.0.1:1"); - - accessControlTwo = new BorkerAccessControl(); - accessControlTwo.setAccount("rokcet1"); - accessControlTwo.setPassword("aliyun1"); - accessControlTwo.setNetaddress("127.0.0.1"); - accessControlTwo.setRecognition("127.0.0.1:2"); - - } - - @Test(expected = AclPlugRuntimeException.class) - public void accountNullTest() { - accessControl.setAccount(null); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void accountThanTest() { - accessControl.setAccount("123"); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void passWordtNullTest() { - accessControl.setAccount(null); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void passWordThanTest() { - accessControl.setAccount("123"); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void testPlainAclPlugEngineInit() { - System.setProperty("rocketmq.home.dir", ""); - new PlainAclPlugEngine().initialize(); - } - - @Test - public void authenticationInfoOfSetAccessControl() { - plainAclPlugEngine.setAccessControl(accessControl); - - AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); - - AccessControl getAccessControl = authenticationInfo.getAccessControl(); - Assert.assertEquals(accessControl, getAccessControl); - - AccessControl testAccessControl = new AccessControl(); - testAccessControl.setAccount("rokcetmq"); - testAccessControl.setPassword("aliyun11"); - testAccessControl.setNetaddress("127.0.0.1"); - testAccessControl.setRecognition("127.0.0.1:1"); - - testAccessControl.setAccount("rokcetmq1"); - authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - - testAccessControl.setAccount("rokcetmq"); - testAccessControl.setPassword("1234567"); - authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - - testAccessControl.setNetaddress("127.0.0.2"); - authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - } - - @Test - public void setAccessControlList() { - List accessControlList = new ArrayList<>(); - accessControlList.add(accessControl); - - accessControlList.add(accessControlTwo); - - plainAclPlugEngine.setAccessControlList(accessControlList); - - AuthenticationInfo newAccessControl = plainAclPlugEngine.getAccessControl(accessControl); - Assert.assertEquals(accessControl, newAccessControl.getAccessControl()); - - newAccessControl = plainAclPlugEngine.getAccessControl(accessControlTwo); - Assert.assertEquals(accessControlTwo, newAccessControl.getAccessControl()); - - } - - @Test - public void setNetaddressAccessControl() { - AccessControl accessControl = new BorkerAccessControl(); - accessControl.setAccount("RocketMQ"); - accessControl.setPassword("RocketMQ"); - accessControl.setNetaddress("127.0.0.1"); - plainAclPlugEngine.setAccessControl(accessControl); - plainAclPlugEngine.setNetaddressAccessControl(accessControl); - - AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); - - AccessControl getAccessControl = authenticationInfo.getAccessControl(); - Assert.assertEquals(accessControl, getAccessControl); - - accessControl.setNetaddress("127.0.0.2"); - authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); - Assert.assertNull(authenticationInfo); - } - - public void eachCheckLoginAndAuthentication() { - - } - - @Test(expected = AclPlugRuntimeException.class) - public void borkerAccessControlTransportTestNull() { - BorkerAccessControlTransport accessControlTransport = new BorkerAccessControlTransport(); - plainAclPlugEngine.setBorkerAccessControlTransport(accessControlTransport); - } - - @Test - public void borkerAccessControlTransportTest() { - BorkerAccessControlTransport accessControlTransport = new BorkerAccessControlTransport(); - List list = new ArrayList<>(); - list.add((BorkerAccessControl) this.accessControlTwo); - accessControlTransport.setOnlyNetAddress((BorkerAccessControl) this.accessControl); - accessControlTransport.setList(list); - plainAclPlugEngine.setBorkerAccessControlTransport(accessControlTransport); - - AccessControl accessControl = new BorkerAccessControl(); - accessControl.setAccount("RocketMQ"); - accessControl.setPassword("RocketMQ"); - accessControl.setNetaddress("127.0.0.1"); - plainAclPlugEngine.setAccessControl(accessControl); - AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); - Assert.assertNotNull(authenticationInfo.getAccessControl()); - - authenticationInfo = plainAclPlugEngine.getAccessControl(accessControlTwo); - Assert.assertEquals(accessControlTwo, authenticationInfo.getAccessControl()); - - } - - @Test - public void authenticationTest() { - AuthenticationResult authenticationResult = new AuthenticationResult(); - accessControl.setCode(317); - - boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(321); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(10); - accessControl.setTopic("permitSendTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(310); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(320); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitSendTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitSendTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(11); - accessControl.setTopic("permitPullTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitPullTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitPullTopic"); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - } - - @Test - public void isEmptyTest() { - AuthenticationResult authenticationResult = new AuthenticationResult(); - accessControl.setCode(10); - accessControl.setTopic("absentTopic"); - boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - Set permitSendTopic = new HashSet<>(); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(11); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - borkerAccessControl.setPermitPullTopic(permitSendTopic); - isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - } -}