diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/SigningAlgorithm.java b/acl/src/main/java/org/apache/rocketmq/acl/common/SigningAlgorithm.java index 6937cdf4905c7016d3996ff07414b54109cbe845..bfed7b2f2331b4c4760dc2e764180c47ef7ad4c9 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/common/SigningAlgorithm.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/common/SigningAlgorithm.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.common;//package com.aliyun.openservices.ons.api.impl.rocketmq.spas; +package org.apache.rocketmq.acl.common; public enum SigningAlgorithm { HmacSHA1, diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java index 7f0e67a56c853bd149ae5953d480849657200170..217fb35eee7b94547328289bdb57b9193bc0f03d 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java @@ -18,6 +18,7 @@ package org.apache.rocketmq.acl.plain; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; +import java.io.File; import java.io.IOException; import java.nio.file.FileSystems; import java.nio.file.Path; @@ -66,21 +67,21 @@ public class PlainPermissionLoader { } public void initialize() { - JSONObject accessControlTransport = AclUtils.getYamlDataObject(fileHome + fileName, + JSONObject plainAclConfData = AclUtils.getYamlDataObject(fileHome + File.separator + fileName, JSONObject.class); - if (accessControlTransport == null || accessControlTransport.isEmpty()) { - throw new AclException(String.format("%s file is not data", fileHome + fileName)); + if (plainAclConfData == null || plainAclConfData.isEmpty()) { + throw new AclException(String.format("%s file is not data", fileHome + File.separator + fileName)); } - log.info("BorkerAccessControlTransport data is : ", accessControlTransport.toString()); - JSONArray globalWhiteRemoteAddressesList = accessControlTransport.getJSONArray("globalWhiteRemoteAddresses"); + log.info("Broker plain acl conf data is : ", plainAclConfData.toString()); + JSONArray globalWhiteRemoteAddressesList = plainAclConfData.getJSONArray("globalWhiteRemoteAddresses"); if (globalWhiteRemoteAddressesList != null && !globalWhiteRemoteAddressesList.isEmpty()) { for (int i = 0; i < globalWhiteRemoteAddressesList.size(); i++) { addGlobalWhiteRemoteAddress(globalWhiteRemoteAddressesList.getString(i)); } } - JSONArray accounts = accessControlTransport.getJSONArray("accounts"); + JSONArray accounts = plainAclConfData.getJSONArray("accounts"); if (accounts != null && !accounts.isEmpty()) { List plainAccessList = accounts.toJavaList(PlainAccessConfig.class); for (PlainAccessConfig plainAccess : plainAccessList) { @@ -101,10 +102,10 @@ public class PlainPermissionLoader { int fileIndex = fileName.lastIndexOf("/") + 1; String watchDirectory = fileName.substring(0, fileIndex); final String watchFileName = fileName.substring(fileIndex); - log.info("watch directory is {} , watch directory file name is {} ", fileHome + watchDirectory, watchFileName); + log.info("watch directory is {} , watch directory file name is {} ", fileHome + File.separator + watchDirectory, watchFileName); final WatchService watcher = FileSystems.getDefault().newWatchService(); - Path p = Paths.get(fileHome + watchDirectory); + Path p = Paths.get(fileHome + File.separator + watchDirectory); p.register(watcher, StandardWatchEventKinds.ENTRY_MODIFY, StandardWatchEventKinds.ENTRY_CREATE); ServiceThread watcherServcie = new ServiceThread() { diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java index 68f6e11986eb0e0bdcf3d0603a61d23e9e599930..b34a5b79643ba9b98dd274c1ec4b5f31ebf8a0af 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java @@ -28,6 +28,7 @@ import org.apache.commons.lang3.reflect.FieldUtils; import org.apache.rocketmq.acl.common.AclException; import org.apache.rocketmq.acl.common.Permission; import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccessConfig; +import org.apache.rocketmq.common.UtilAll; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -61,9 +62,8 @@ public class PlainPermissionLoaderTest { ANYPlainAccessResource = clonePlainAccessResource(Permission.ANY); DENYPlainAccessResource = clonePlainAccessResource(Permission.DENY); - System.setProperty("java.version", "1.6.11"); System.setProperty("rocketmq.home.dir", "src/test/resources"); - System.setProperty("romcketmq.acl.plain.fileName", "/conf/plain_acl.yml"); + System.setProperty("rocketmq.acl.plain.file", "/conf/plain_acl.yml"); plainPermissionLoader = new PlainPermissionLoader(); } @@ -211,46 +211,56 @@ public class PlainPermissionLoaderTest { Assert.assertFalse(plainPermissionLoader.isWatchStart()); } - @SuppressWarnings("unchecked") @Test - public void watchTest() throws IOException, IllegalAccessException { + public void testWatch() throws IOException, IllegalAccessException { System.setProperty("java.version", "1.7.11"); - System.setProperty("rocketmq.home.dir", "src/test/resources/watch"); - File file = new File("src/test/resources/watch/conf"); - file.mkdirs(); - File transport = new File("src/test/resources/watch/conf/plain_acl.yml"); + System.setProperty("rocketmq.home.dir", "src/test/resources/conf"); + System.setProperty("rocketmq.acl.plain.file", "watch/plain_acl_watch.yml"); + String fileName = "src/test/resources/conf/watch/plain_acl_watch.yml"; + File transport = new File(fileName); transport.delete(); transport.createNewFile(); FileWriter writer = new FileWriter(transport); writer.write("accounts:\r\n"); - writer.write("- accessKey: rokcetmq\r\n"); - writer.write(" secretKey: aliyun11\r\n"); + writer.write("- accessKey: rocketmq\r\n"); + writer.write(" secretKey: 12345678\r\n"); writer.write(" whiteRemoteAddress: 127.0.0.1\r\n"); writer.write(" admin: true\r\n"); writer.flush(); writer.close(); + + System.out.println(System.getProperty("rocketmq.acl.plain.file")); PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader(); + Assert.assertTrue(plainPermissionLoader.isWatchStart()); - Map> plainAccessResourceMap = (Map>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); - Assert.assertNotNull(plainAccessResourceMap.get("rokcetmq")); + { + Map plainAccessResourceMap = (Map) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); + PlainAccessResource accessResource = plainAccessResourceMap.get("rocketmq"); + Assert.assertNotNull(accessResource); + Assert.assertEquals(accessResource.getSecretKey(), "12345678"); + Assert.assertTrue(accessResource.isAdmin()); + + } - writer = new FileWriter(new File("src/test/resources/watch/conf/plain_acl.yml"), true); - writer.write("- accessKey: rokcet1\r\n"); - writer.write(" secretKey: aliyun1\r\n"); + writer = new FileWriter(new File(fileName), true); + writer.write("- accessKey: rocketmq1\r\n"); + writer.write(" secretKey: 88888888\r\n"); writer.write(" whiteRemoteAddress: 127.0.0.1\r\n"); - writer.write(" admin: true\r\n"); + writer.write(" admin: false\r\n"); writer.flush(); writer.close(); - try { - Thread.sleep(100); - } catch (InterruptedException e) { - e.printStackTrace(); - } - plainAccessResourceMap = (Map>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); - Assert.assertNotNull(plainAccessResourceMap.get("rokcet1")); + UtilAll.sleep(1000); + { + Map plainAccessResourceMap = (Map) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); + PlainAccessResource accessResource = plainAccessResourceMap.get("rocketmq1"); + Assert.assertNotNull(accessResource); + Assert.assertEquals(accessResource.getSecretKey(), "88888888"); + Assert.assertFalse(accessResource.isAdmin()); + } + transport.delete(); } @Test(expected = AclException.class) diff --git a/acl/src/test/resources/conf/plain_acl.yml b/acl/src/test/resources/conf/plain_acl.yml index 5daefb67c335b12ad8359bb261742df6138926cf..2c24795ff641b0f3a6c6d431e69c9eae25d36ac8 100644 --- a/acl/src/test/resources/conf/plain_acl.yml +++ b/acl/src/test/resources/conf/plain_acl.yml @@ -36,7 +36,7 @@ accounts: - groupB=SUB - groupC=SUB -- accessKey: aliyun.com +- accessKey: rocketmq2 secretKey: 12345678 whiteRemoteAddress: 192.168.1.* # if it is admin, it could access all resources diff --git a/distribution/conf/plain_acl.yml b/distribution/conf/plain_acl.yml index 9043b0dd800c9adb7c2985869505b54a1a725d6f..413a7120f286024a3a6d0483574f1301d71a5cb4 100644 --- a/distribution/conf/plain_acl.yml +++ b/distribution/conf/plain_acl.yml @@ -32,7 +32,7 @@ accounts: - groupB=PUB|SUB - groupC=SUB -- accessKey: aliyun.com +- accessKey: rocketmq2 secretKey: 12345678 whiteRemoteAddress: 192.168.1.* # if it is admin, it could access all resources diff --git a/distribution/conf/tools.yml b/distribution/conf/tools.yml index b9096967082e295e7a69405574d1dd0d578f226e..a4a9ad1b5aebf534863ad0334045819487bf62ed 100644 --- a/distribution/conf/tools.yml +++ b/distribution/conf/tools.yml @@ -14,6 +14,6 @@ # limitations under the License. -accessKey: aliyun.com +accessKey: rocketmq secretKey: 12345678