Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Apache RocketMQ
Rocketmq
提交
b11ccc5c
R
Rocketmq
项目概览
Apache RocketMQ
/
Rocketmq
上一次同步 大约 3 年
通知
270
Star
16139
Fork
68
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
Rocketmq
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
b11ccc5c
编写于
11月 27, 2018
作者:
H
hujie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
admin
上级
fb606838
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
155 addition
and
19 deletion
+155
-19
acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java
...java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java
+27
-7
acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java
.../org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java
+128
-11
broker/src/main/resources/META-INF/service/org.apache.rocketmq.acl.AccessValidator
.../META-INF/service/org.apache.rocketmq.acl.AccessValidator
+0
-1
未找到文件。
acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java
浏览文件 @
b11ccc5c
...
...
@@ -56,6 +56,8 @@ public class PlainAclPlugEngine {
private
Class
<?>
accessContralAnalysisClass
=
RequestCode
.
class
;
private
boolean
isWatchStart
;
public
PlainAclPlugEngine
()
{
initialize
();
watch
();
...
...
@@ -95,6 +97,7 @@ public class PlainAclPlugEngine {
if
(
"transport.yml"
.
equals
(
event
.
context
().
toString
())
&&
(
StandardWatchEventKinds
.
ENTRY_MODIFY
.
equals
(
event
.
kind
())
||
StandardWatchEventKinds
.
ENTRY_CREATE
.
equals
(
event
.
kind
())))
{
log
.
info
(
"transprot.yml make a difference change is : "
,
event
.
toString
());
PlainAclPlugEngine
.
this
.
cleanAuthenticationInfo
();
initialize
();
}
}
...
...
@@ -114,11 +117,30 @@ public class PlainAclPlugEngine {
};
watcherServcie
.
start
();
log
.
info
(
"succeed start watcherServcie"
);
this
.
isWatchStart
=
true
;
}
catch
(
IOException
e
)
{
log
.
error
(
e
.
getMessage
(),
e
);
}
}
private
void
handleAccessControl
(
AccessControl
accessControl
)
{
if
(
accessControl
instanceof
BrokerAccessControl
)
{
BrokerAccessControl
brokerAccessControl
=
(
BrokerAccessControl
)
accessControl
;
if
(
brokerAccessControl
.
isAdmin
())
{
brokerAccessControl
.
setUpdateAndCreateSubscriptiongroup
(
true
);
brokerAccessControl
.
setDeleteSubscriptiongroup
(
true
);
brokerAccessControl
.
setUpdateAndCreateTopic
(
true
);
brokerAccessControl
.
setDeleteTopicInbroker
(
true
);
brokerAccessControl
.
setUpdateBrokerConfig
(
true
);
}
}
}
void
cleanAuthenticationInfo
()
{
accessControlMap
.
clear
();
authenticationInfo
=
null
;
}
public
void
setAccessControl
(
AccessControl
accessControl
)
throws
AclPlugRuntimeException
{
if
(
accessControl
.
getAccount
()
==
null
||
accessControl
.
getPassword
()
==
null
||
accessControl
.
getAccount
().
length
()
<=
6
||
accessControl
.
getPassword
().
length
()
<=
6
)
{
...
...
@@ -127,6 +149,7 @@ public class PlainAclPlugEngine {
accessControl
.
getAccount
(),
accessControl
.
getPassword
()));
}
try
{
handleAccessControl
(
accessControl
);
NetaddressStrategy
netaddressStrategy
=
netaddressStrategyFactory
.
getNetaddressStrategy
(
accessControl
);
List
<
AuthenticationInfo
>
accessControlAddressList
=
accessControlMap
.
get
(
accessControl
.
getAccount
());
if
(
accessControlAddressList
==
null
)
{
...
...
@@ -198,13 +221,6 @@ public class PlainAclPlugEngine {
}
if
(
transport
.
getList
()
!=
null
||
transport
.
getList
().
size
()
>
0
)
{
for
(
BrokerAccessControl
accessControl
:
transport
.
getList
())
{
if
(
accessControl
.
isAdmin
())
{
accessControl
.
setUpdateAndCreateSubscriptiongroup
(
true
);
accessControl
.
setDeleteSubscriptiongroup
(
true
);
accessControl
.
setUpdateAndCreateTopic
(
true
);
accessControl
.
setDeleteTopicInbroker
(
true
);
accessControl
.
setUpdateBrokerConfig
(
true
);
}
this
.
setAccessControl
(
accessControl
);
}
}
...
...
@@ -244,6 +260,10 @@ public class PlainAclPlugEngine {
return
true
;
}
public
boolean
isWatchStart
()
{
return
isWatchStart
;
}
public
static
class
AccessContralAnalysis
{
private
Map
<
Class
<?>,
Map
<
Integer
,
Field
>>
classTocodeAndMentod
=
new
HashMap
<>();
...
...
acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java
浏览文件 @
b11ccc5c
...
...
@@ -16,6 +16,8 @@
*/
package
org.apache.rocketmq.acl.plug
;
import
java.io.File
;
import
java.io.FileWriter
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.HashSet
;
...
...
@@ -46,38 +48,50 @@ public class PlainAclPlugEngineTest {
AuthenticationInfo
authenticationInfo
;
BrokerAccessControl
BrokerAccessControl
;
BrokerAccessControl
brokerAccessControl
;
Set
<
Integer
>
adminCode
=
new
HashSet
<>();
@Before
public
void
init
()
throws
NoSuchFieldException
,
SecurityException
,
IOException
{
// UPDATE_AND_CREATE_TOPIC
adminCode
.
add
(
17
);
// UPDATE_BROKER_CONFIG
adminCode
.
add
(
25
);
// DELETE_TOPIC_IN_BROKER
adminCode
.
add
(
215
);
// UPDATE_AND_CREATE_SUBSCRIPTIONGROUP
adminCode
.
add
(
200
);
// DELETE_SUBSCRIPTIONGROUP
adminCode
.
add
(
207
);
accessContralAnalysis
.
analysisClass
(
RequestCode
.
class
);
B
rokerAccessControl
=
new
BrokerAccessControl
();
b
rokerAccessControl
=
new
BrokerAccessControl
();
// 321
B
rokerAccessControl
.
setQueryConsumeQueue
(
false
);
b
rokerAccessControl
.
setQueryConsumeQueue
(
false
);
Set
<
String
>
permitSendTopic
=
new
HashSet
<>();
permitSendTopic
.
add
(
"permitSendTopic"
);
B
rokerAccessControl
.
setPermitSendTopic
(
permitSendTopic
);
b
rokerAccessControl
.
setPermitSendTopic
(
permitSendTopic
);
Set
<
String
>
noPermitSendTopic
=
new
HashSet
<>();
noPermitSendTopic
.
add
(
"noPermitSendTopic"
);
B
rokerAccessControl
.
setNoPermitSendTopic
(
noPermitSendTopic
);
b
rokerAccessControl
.
setNoPermitSendTopic
(
noPermitSendTopic
);
Set
<
String
>
permitPullTopic
=
new
HashSet
<>();
permitPullTopic
.
add
(
"permitPullTopic"
);
B
rokerAccessControl
.
setPermitPullTopic
(
permitPullTopic
);
b
rokerAccessControl
.
setPermitPullTopic
(
permitPullTopic
);
Set
<
String
>
noPermitPullTopic
=
new
HashSet
<>();
noPermitPullTopic
.
add
(
"noPermitPullTopic"
);
B
rokerAccessControl
.
setNoPermitPullTopic
(
noPermitPullTopic
);
b
rokerAccessControl
.
setNoPermitPullTopic
(
noPermitPullTopic
);
AccessContralAnalysis
accessContralAnalysis
=
new
AccessContralAnalysis
();
accessContralAnalysis
.
analysisClass
(
RequestCode
.
class
);
Map
<
Integer
,
Boolean
>
map
=
accessContralAnalysis
.
analysis
(
B
rokerAccessControl
);
Map
<
Integer
,
Boolean
>
map
=
accessContralAnalysis
.
analysis
(
b
rokerAccessControl
);
authenticationInfo
=
new
AuthenticationInfo
(
map
,
B
rokerAccessControl
,
NetaddressStrategyFactory
.
NULL_NET_ADDRESS_STRATEGY
);
authenticationInfo
=
new
AuthenticationInfo
(
map
,
b
rokerAccessControl
,
NetaddressStrategyFactory
.
NULL_NET_ADDRESS_STRATEGY
);
System
.
setProperty
(
"rocketmq.home.dir"
,
"src/test/resources"
);
plainAclPlugEngine
=
new
PlainAclPlugEngine
();
...
...
@@ -280,7 +294,7 @@ public class PlainAclPlugEngineTest {
Assert
.
assertFalse
(
isReturn
);
Set
<
String
>
permitSendTopic
=
new
HashSet
<>();
B
rokerAccessControl
.
setPermitSendTopic
(
permitSendTopic
);
b
rokerAccessControl
.
setPermitSendTopic
(
permitSendTopic
);
isReturn
=
plainAclPlugEngine
.
authentication
(
authenticationInfo
,
accessControl
,
authenticationResult
);
Assert
.
assertTrue
(
isReturn
);
...
...
@@ -288,11 +302,111 @@ public class PlainAclPlugEngineTest {
isReturn
=
plainAclPlugEngine
.
authentication
(
authenticationInfo
,
accessControl
,
authenticationResult
);
Assert
.
assertFalse
(
isReturn
);
B
rokerAccessControl
.
setPermitPullTopic
(
permitSendTopic
);
b
rokerAccessControl
.
setPermitPullTopic
(
permitSendTopic
);
isReturn
=
plainAclPlugEngine
.
authentication
(
authenticationInfo
,
accessControl
,
authenticationResult
);
Assert
.
assertTrue
(
isReturn
);
}
@Test
public
void
adminBrokerAccessControlTest
()
{
BrokerAccessControl
admin
=
new
BrokerAccessControl
();
admin
.
setAccount
(
"adminTest"
);
admin
.
setPassword
(
"adminTest"
);
admin
.
setNetaddress
(
"127.0.0.1"
);
plainAclPlugEngine
.
setAccessControl
(
admin
);
Assert
.
assertFalse
(
admin
.
isUpdateAndCreateTopic
());
admin
.
setAdmin
(
true
);
plainAclPlugEngine
.
setAccessControl
(
admin
);
Assert
.
assertTrue
(
admin
.
isUpdateAndCreateTopic
());
}
@Test
public
void
adminEachCheckAuthentication
()
{
BrokerAccessControl
accessControl
=
new
BrokerAccessControl
();
accessControl
.
setAccount
(
"RocketMQ1"
);
accessControl
.
setPassword
(
"1234567"
);
accessControl
.
setNetaddress
(
"127.0.0.1"
);
plainAclPlugEngine
.
setAccessControl
(
accessControl
);
for
(
Integer
code
:
adminCode
)
{
accessControl
.
setCode
(
code
);
AuthenticationResult
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControl
);
Assert
.
assertFalse
(
authenticationResult
.
isSucceed
());
}
plainAclPlugEngine
.
cleanAuthenticationInfo
();
accessControl
.
setAdmin
(
true
);
plainAclPlugEngine
.
setAccessControl
(
accessControl
);
for
(
Integer
code
:
adminCode
)
{
accessControl
.
setCode
(
code
);
AuthenticationResult
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControl
);
Assert
.
assertTrue
(
authenticationResult
.
isSucceed
());
}
}
@Test
public
void
cleanAuthenticationInfoTest
()
{
plainAclPlugEngine
.
setAccessControl
(
accessControl
);
accessControl
.
setCode
(
202
);
AuthenticationResult
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControl
);
Assert
.
assertTrue
(
authenticationResult
.
isSucceed
());
plainAclPlugEngine
.
cleanAuthenticationInfo
();
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControl
);
Assert
.
assertFalse
(
authenticationResult
.
isSucceed
());
}
@Test
public
void
isWatchStartTest
()
{
PlainAclPlugEngine
plainAclPlugEngine
=
new
PlainAclPlugEngine
();
Assert
.
assertTrue
(
plainAclPlugEngine
.
isWatchStart
());
System
.
setProperty
(
"java.version"
,
"1.6.11"
);
plainAclPlugEngine
=
new
PlainAclPlugEngine
();
Assert
.
assertFalse
(
plainAclPlugEngine
.
isWatchStart
());
}
@Test
public
void
watchTest
()
throws
IOException
{
System
.
setProperty
(
"rocketmq.home.dir"
,
"src/test/resources/watch"
);
File
file
=
new
File
(
"src/test/resources/watch/conf"
);
file
.
mkdirs
();
File
transport
=
new
File
(
"src/test/resources/watch/conf/transport.yml"
);
transport
.
createNewFile
();
FileWriter
writer
=
new
FileWriter
(
transport
);
writer
.
write
(
"list:\r\n"
);
writer
.
write
(
"- account: rokcetmq\r\n"
);
writer
.
write
(
" password: aliyun11\r\n"
);
writer
.
write
(
" netaddress: 127.0.0.1\r\n"
);
writer
.
flush
();
writer
.
close
();
PlainAclPlugEngine
plainAclPlugEngine
=
new
PlainAclPlugEngine
();
accessControl
.
setCode
(
203
);
AuthenticationResult
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControl
);
Assert
.
assertTrue
(
authenticationResult
.
isSucceed
());
writer
=
new
FileWriter
(
new
File
(
"src/test/resources/watch/conf/transport.yml"
),
true
);
writer
.
write
(
"- account: rokcet1\r\n"
);
writer
.
write
(
" password: aliyun1\r\n"
);
writer
.
write
(
" netaddress: 127.0.0.1\r\n"
);
writer
.
flush
();
writer
.
close
();
try
{
Thread
.
sleep
(
100
);
}
catch
(
InterruptedException
e
)
{
// TODO Auto-generated catch block
e
.
printStackTrace
();
}
accessControlTwo
.
setCode
(
203
);
authenticationResult
=
plainAclPlugEngine
.
eachCheckAuthentication
(
accessControlTwo
);
Assert
.
assertTrue
(
authenticationResult
.
isSucceed
());
transport
.
delete
();
file
.
delete
();
file
=
new
File
(
"src/test/resources/watch"
);
file
.
delete
();
}
@Test
public
void
analysisTest
()
{
BrokerAccessControl
accessControl
=
new
BrokerAccessControl
();
...
...
@@ -304,6 +418,9 @@ public class PlainAclPlugEngineTest {
while
(
it
.
hasNext
())
{
Entry
<
Integer
,
Boolean
>
e
=
it
.
next
();
if
(!
e
.
getValue
())
{
if
(
adminCode
.
contains
(
e
.
getKey
()))
{
continue
;
}
Assert
.
assertEquals
(
e
.
getKey
(),
Integer
.
valueOf
(
10
));
num
++;
}
...
...
broker/src/main/resources/META-INF/service/org.apache.rocketmq.acl.AccessValidator
已删除
100644 → 0
浏览文件 @
fb606838
org.apache.rocketmq.acl.PlainAccessValidator
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录