diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java index b5e9be20f1d4aa445f18223f91c14dad9fb591af..2fa38b15bd4b6f217ed1e2ac13d2becd4bcf3469 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java @@ -55,7 +55,7 @@ public class Permission { return (neededPerm & ownedPerm) > 0; } - public static byte fromStringGetPermission(String permString) { + public static byte parsePermFromString(String permString) { if (permString == null) { return Permission.DENY; } @@ -77,21 +77,21 @@ public class Permission { } } - public static void setTopicPerm(PlainAccessResource plainAccessResource, Boolean isTopic, List topicArray) { - if (topicArray == null || topicArray.isEmpty()) { + public static void parseResourcePerms(PlainAccessResource plainAccessResource, Boolean isTopic, List resources) { + if (resources == null || resources.isEmpty()) { return; } - for (String topic : topicArray) { - String[] topicPrem = StringUtils.split(topic, "="); - if (topicPrem.length == 2) { - plainAccessResource.addResourceAndPerm(isTopic ? topicPrem[0] : PlainAccessResource.getRetryTopic(topicPrem[0]), fromStringGetPermission(topicPrem[1])); + for (String resource : resources) { + String[] items = StringUtils.split(resource, "="); + if (items.length == 2) { + plainAccessResource.addResourceAndPerm(isTopic ? items[0].trim() : PlainAccessResource.getRetryTopic(items[0].trim()), parsePermFromString(items[1].trim())); } else { - throw new AclException(String.format("%s Permission config erron %s", isTopic ? "topic" : "group", topic)); + throw new AclException(String.format("Parse resource permission failed for %s:%s", isTopic ? "topic" : "group", resource)); } } } - public static boolean checkAdminCode(Integer code) { + public static boolean needAdminPerm(Integer code) { return ADMIN_CODE.contains(code); } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java index 0b2f417c67986419079f01f26b6fe1a82336e376..932a7a94ff7f2e98e72c1cba0a07a51e99baf709 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java @@ -59,6 +59,23 @@ public class PlainAccessResource implements AccessResource { return null != topic && topic.startsWith(MixAll.RETRY_GROUP_TOPIC_PREFIX); } + public static String printStr(String resource, boolean isGroup) { + if (resource == null) { + return null; + } + if (isGroup) { + return String.format("%s:%s", "group", getGroupFromRetryTopic(resource)); + } else { + return String.format("%s:%s", "topic", resource); + } + } + + public static String getGroupFromRetryTopic(String retryTopic) { + if (retryTopic == null) { + return null; + } + return retryTopic.substring(MixAll.RETRY_GROUP_TOPIC_PREFIX.length()); + } public static String getRetryTopic(String group) { if (group == null) { return null; diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java index 8a80757a3dfc36a6683ef2793a3d292f6d0624bc..d71509846f1f63492aa4e78472ea3aa17f4db8cd 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java @@ -120,7 +120,7 @@ public class PlainAccessValidator implements AccessValidator { @Override public void validate(AccessResource accessResource) { - aclPlugEngine.eachCheckPlainAccessResource((PlainAccessResource) accessResource); + aclPlugEngine.validate((PlainAccessResource) accessResource); } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java index 469c161205dda8a1c961dd1693af7604a40b80c7..36f652211997ba07a0d44375612280259a5f7a1a 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java @@ -28,16 +28,15 @@ import java.nio.file.WatchKey; import java.nio.file.WatchService; import java.util.ArrayList; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.acl.common.AclException; import org.apache.rocketmq.acl.common.AclUtils; import org.apache.rocketmq.acl.common.Permission; import org.apache.rocketmq.common.MixAll; import org.apache.rocketmq.common.ServiceThread; +import org.apache.rocketmq.common.UtilAll; import org.apache.rocketmq.common.constant.LoggerName; import org.apache.rocketmq.logging.InternalLogger; import org.apache.rocketmq.logging.InternalLoggerFactory; @@ -46,13 +45,14 @@ public class PlainPermissionLoader { private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME); + private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, System.getenv(MixAll.ROCKETMQ_HOME_ENV)); - private String fileName = System.getProperty("romcketmq.acl.plain.fileName", "/conf/transport.yml"); + //TODO rename transport to plain_acl.yml + private String fileName = System.getProperty("rocketmq.acl.plain.file", "/conf/transport.yml"); - private Map> plainAccessResourceMap = new HashMap<>(); + private Map plainAccessResourceMap = new HashMap<>(); private List globalWhiteRemoteAddressStrategy = new ArrayList<>(); @@ -61,6 +61,7 @@ public class PlainPermissionLoader { private boolean isWatchStart; public PlainPermissionLoader() { + //TODO test what will happen if initialize failed initialize(); watch(); } @@ -76,25 +77,24 @@ public class PlainPermissionLoader { JSONArray globalWhiteRemoteAddressesList = accessControlTransport.getJSONArray("globalWhiteRemoteAddresses"); if (globalWhiteRemoteAddressesList != null && !globalWhiteRemoteAddressesList.isEmpty()) { for (int i = 0; i < globalWhiteRemoteAddressesList.size(); i++) { - setGlobalWhite(globalWhiteRemoteAddressesList.getString(i)); + addGlobalWhiteRemoteAddress(globalWhiteRemoteAddressesList.getString(i)); } } JSONArray accounts = accessControlTransport.getJSONArray("accounts"); - List plainAccessList = accounts.toJavaList(PlainAccess.class); + List plainAccessList = accounts.toJavaList(PlainAccessConfig.class); if (plainAccessList != null && !plainAccessList.isEmpty()) { - for (PlainAccess plainAccess : plainAccessList) { - this.setPlainAccessResource(getPlainAccessResource(plainAccess)); + for (PlainAccessConfig plainAccess : plainAccessList) { + this.addPlainAccessResource(getPlainAccessResource(plainAccess)); } } } private void watch() { String version = System.getProperty("java.version"); - log.info("java.version is : {}", version); String[] str = StringUtils.split(version, "."); if (Integer.valueOf(str[1]) < 7) { - log.warn("wacth need jdk 1.7 support , current version no support"); + log.warn("Watch need jdk equal or greater than 1.7, current version is {}", str[1]); return; } try { @@ -106,41 +106,41 @@ public class PlainPermissionLoader { public void run() { while (true) { try { - while (true) { - WatchKey watchKey = watcher.take(); - List> watchEvents = watchKey.pollEvents(); - for (WatchEvent event : watchEvents) { - if ("transport.yml".equals(event.context().toString()) - && (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind()) - || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) { - log.info("transprot.yml make a difference change is : ", event.toString()); - PlainPermissionLoader.this.cleanAuthenticationInfo(); - initialize(); - } + WatchKey watchKey = watcher.take(); + List> watchEvents = watchKey.pollEvents(); + for (WatchEvent event : watchEvents) { + //TODO use variable instead of raw text + if ("transport.yml".equals(event.context().toString()) + && (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind()) + || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) { + log.info("transprot.yml make a difference change is : ", event.toString()); + PlainPermissionLoader.this.clearPermissionInfo(); + initialize(); } - watchKey.reset(); } + watchKey.reset(); } catch (InterruptedException e) { log.error(e.getMessage(), e); + UtilAll.sleep(3000); + } } } - @Override public String getServiceName() { - return "watcherServcie"; + return "AclWatcherService"; } }; watcherServcie.start(); - log.info("succeed start watcherServcie"); + log.info("Succeed to start AclWatcherService"); this.isWatchStart = true; } catch (IOException e) { - log.error(e.getMessage(), e); + log.error("Failed to start AclWatcherService", e); } } - PlainAccessResource getPlainAccessResource(PlainAccess plainAccess) { + PlainAccessResource getPlainAccessResource(PlainAccessConfig plainAccess) { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setAccessKey(plainAccess.getAccessKey()); plainAccessResource.setSecretKey(plainAccess.getSecretKey()); @@ -148,110 +148,114 @@ public class PlainPermissionLoader { plainAccessResource.setAdmin(plainAccess.isAdmin()); - plainAccessResource.setDefaultGroupPerm(Permission.fromStringGetPermission(plainAccess.getDefaultGroupPerm())); - plainAccessResource.setDefaultTopicPerm(Permission.fromStringGetPermission(plainAccess.getDefaultTopicPerm())); + plainAccessResource.setDefaultGroupPerm(Permission.parsePermFromString(plainAccess.getDefaultGroupPerm())); + plainAccessResource.setDefaultTopicPerm(Permission.parsePermFromString(plainAccess.getDefaultTopicPerm())); - Permission.setTopicPerm(plainAccessResource, false, plainAccess.getGroups()); - Permission.setTopicPerm(plainAccessResource, true, plainAccess.getTopics()); + Permission.parseResourcePerms(plainAccessResource, false, plainAccess.getGroupPerms()); + Permission.parseResourcePerms(plainAccessResource, true, plainAccess.getTopicPerms()); return plainAccessResource; } - void checkPerm(PlainAccessResource needCheckplainAccessResource, PlainAccessResource plainAccessResource) { - if (!plainAccessResource.isAdmin() && Permission.checkAdminCode(needCheckplainAccessResource.getRequestCode())) { - throw new AclException(String.format("accessKey is %s remoteAddress is %s , is not admin Premission . RequestCode is %d", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress(), needCheckplainAccessResource.getRequestCode())); + void checkPerm(PlainAccessResource needCheckedAccess, PlainAccessResource ownedAccess) { + if (Permission.needAdminPerm(needCheckedAccess.getRequestCode()) && !ownedAccess.isAdmin()) { + throw new AclException(String.format("Need admin permission for request code=%d, but accessKey=%s is not", needCheckedAccess.getRequestCode(), ownedAccess.getAccessKey())); } - Map needCheckTopicAndGourpPerm = needCheckplainAccessResource.getResourcePermMap(); - Map topicAndGourpPerm = plainAccessResource.getResourcePermMap(); - - Iterator> it = topicAndGourpPerm.entrySet().iterator(); - Byte perm; - while (it.hasNext()) { - Entry e = it.next(); - if ((perm = needCheckTopicAndGourpPerm.get(e.getKey())) != null && Permission.checkPermission(perm, e.getValue())) { + Map needCheckedPermMap = needCheckedAccess.getResourcePermMap(); + Map ownedPermMap = ownedAccess.getResourcePermMap(); + + for (Map.Entry needCheckedEntry : needCheckedPermMap.entrySet()) { + String resource = needCheckedEntry.getKey(); + Byte neededPerm = needCheckedEntry.getValue(); + boolean isGroup = PlainAccessResource.isRetryTopic(resource); + + if (!ownedPermMap.containsKey(resource)) { + //Check the default perm + byte ownedPerm = isGroup ? needCheckedAccess.getDefaultGroupPerm() : + needCheckedAccess.getDefaultTopicPerm(); + if (!Permission.checkPermission(neededPerm, ownedPerm)) { + throw new AclException(String.format("No default permission for %s", PlainAccessResource.printStr(resource, isGroup))); + } continue; } - byte neededPerm = PlainAccessResource.isRetryTopic(e.getKey()) ? needCheckplainAccessResource.getDefaultGroupPerm() : - needCheckplainAccessResource.getDefaultTopicPerm(); - if (!Permission.checkPermission(neededPerm, e.getValue())) { - throw new AclException(String.format("", e.toString())); + if (!Permission.checkPermission(neededPerm, ownedPermMap.get(resource))) { + throw new AclException(String.format("No default permission for %s", PlainAccessResource.printStr(resource, isGroup))); } } } - void cleanAuthenticationInfo() { + void clearPermissionInfo() { this.plainAccessResourceMap.clear(); this.globalWhiteRemoteAddressStrategy.clear(); } - public void setPlainAccessResource(PlainAccessResource plainAccessResource) throws AclException { - if (plainAccessResource.getAccessKey() == null || plainAccessResource.getSecretKey() == null + public void addPlainAccessResource(PlainAccessResource plainAccessResource) throws AclException { + if (plainAccessResource.getAccessKey() == null + || plainAccessResource.getSecretKey() == null || plainAccessResource.getAccessKey().length() <= 6 || plainAccessResource.getSecretKey().length() <= 6) { throw new AclException(String.format( - "The account password cannot be null and is longer than 6, account is %s password is %s", + "The accessKey=%s and secretKey=%s cannot be null and length should longer than 6", plainAccessResource.getAccessKey(), plainAccessResource.getSecretKey())); } try { RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory - .getNetaddressStrategy(plainAccessResource); - List accessControlAddressList = plainAccessResourceMap.get(plainAccessResource.getAccessKey()); - if (accessControlAddressList == null) { - accessControlAddressList = new ArrayList<>(); - plainAccessResourceMap.put(plainAccessResource.getAccessKey(), accessControlAddressList); - } + .getRemoteAddressStrategy(plainAccessResource); plainAccessResource.setRemoteAddressStrategy(remoteAddressStrategy); - accessControlAddressList.add(plainAccessResource); - log.info("authenticationInfo is {}", plainAccessResource.toString()); + if (plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) { + log.warn("Duplicate acl config for {}, the newly one may overwrite the old", plainAccessResource.getAccessKey()); + } + plainAccessResourceMap.put(plainAccessResource.getAccessKey(), plainAccessResource); } catch (Exception e) { - throw new AclException( - String.format("Exception info %s %s", e.getMessage(), plainAccessResource.toString()), e); + throw new AclException(String.format("Load plain access resource failed %s %s", e.getMessage(), plainAccessResource.toString()), e); } } - private void setGlobalWhite(String remoteAddresses) { - globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getNetaddressStrategy(remoteAddresses)); + private void addGlobalWhiteRemoteAddress(String remoteAddresses) { + globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getRemoteAddressStrategy(remoteAddresses)); } - public void eachCheckPlainAccessResource(PlainAccessResource plainAccessResource) { + public void validate(PlainAccessResource plainAccessResource) { - List plainAccessResourceAddressList = plainAccessResourceMap.get(plainAccessResource.getAccessKey()); - boolean isDistinguishAccessKey = false; - if (plainAccessResourceAddressList != null) { - for (PlainAccessResource plainAccess : plainAccessResourceAddressList) { - if (!plainAccess.getRemoteAddressStrategy().match(plainAccessResource)) { - isDistinguishAccessKey = true; - continue; - } - String signature = AclUtils.calSignature(plainAccessResource.getContent(), plainAccess.getSecretKey()); - if (signature.equals(plainAccessResource.getSignature())) { - checkPerm(plainAccess, plainAccessResource); - return; - } else { - throw new AclException(String.format("signature is erron. erron accessKe is %s , erron reomiteAddress %s", plainAccess.getAccessKey(), plainAccessResource.getWhiteRemoteAddress())); - } + //Step 1, check the global white remote addr + if (plainAccessResource.getAccessKey() == null) { + if (globalWhiteRemoteAddressStrategy.isEmpty()) { + throw new AclException(String.format("No accessKey is configured and no global white remote addr is configured")); } - } - - if (plainAccessResource.getAccessKey() == null && !globalWhiteRemoteAddressStrategy.isEmpty()) { for (RemoteAddressStrategy remoteAddressStrategy : globalWhiteRemoteAddressStrategy) { if (remoteAddressStrategy.match(plainAccessResource)) { return; } } + throw new AclException(String.format("No accessKey is configured and no global white remote addr is matched")); + } + + if (!plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) { + throw new AclException(String.format("No acl config for %s", plainAccessResource.getAccessKey())); } - if (isDistinguishAccessKey) { - throw new AclException(String.format("client ip not in WhiteRemoteAddress . erron accessKe is %s , erron reomiteAddress %s", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress())); - } else { - throw new AclException(String.format("It is not make Access and make client ip .erron accessKe is %s , erron reomiteAddress %s", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress())); + + //Step 2, check the white addr for accesskey + PlainAccessResource ownedAccess = plainAccessResourceMap.get(plainAccessResource.getAccessKey()); + if (ownedAccess.getRemoteAddressStrategy().match(plainAccessResource)) { + return; } + + + //Step 3, check the signature + String signature = AclUtils.calSignature(plainAccessResource.getContent(), ownedAccess.getSecretKey()); + if (!signature.equals(plainAccessResource.getSignature())) { + throw new AclException(String.format("Check signature failed for accessKey=%s", plainAccessResource.getAccessKey())); + } + //Step 4, check perm of each resource + + checkPerm(plainAccessResource, ownedAccess); } public boolean isWatchStart() { return isWatchStart; } - static class PlainAccess { + static class PlainAccessConfig { private String accessKey; @@ -265,9 +269,9 @@ public class PlainPermissionLoader { private String defaultGroupPerm; - private List topics; + private List topicPerms; - private List groups; + private List groupPerms; public String getAccessKey() { return accessKey; @@ -317,20 +321,20 @@ public class PlainPermissionLoader { this.defaultGroupPerm = defaultGroupPerm; } - public List getTopics() { - return topics; + public List getTopicPerms() { + return topicPerms; } - public void setTopics(List topics) { - this.topics = topics; + public void setTopicPerms(List topicPerms) { + this.topicPerms = topicPerms; } - public List getGroups() { - return groups; + public List getGroupPerms() { + return groupPerms; } - public void setGroups(List groups) { - this.groups = groups; + public void setGroupPerms(List groupPerms) { + this.groupPerms = groupPerms; } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java index 8015b6820d4aa2a8d10233a29101c6c004cae7f8..679e846d193cf7966b60038b5f6f005f3c865cd4 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java @@ -26,28 +26,29 @@ public class RemoteAddressStrategyFactory { public static final NullRemoteAddressStrategy NULL_NET_ADDRESS_STRATEGY = new NullRemoteAddressStrategy(); - public RemoteAddressStrategy getNetaddressStrategy(PlainAccessResource plainAccessResource) { - return getNetaddressStrategy(plainAccessResource.getWhiteRemoteAddress()); + public RemoteAddressStrategy getRemoteAddressStrategy(PlainAccessResource plainAccessResource) { + return getRemoteAddressStrategy(plainAccessResource.getWhiteRemoteAddress()); } - public RemoteAddressStrategy getNetaddressStrategy(String netaddress) { - if (StringUtils.isBlank(netaddress) || "*".equals(netaddress)) { + public RemoteAddressStrategy getRemoteAddressStrategy(String remoteAddr) { + //TODO if the white addr is not configured, should reject it. + if (StringUtils.isBlank(remoteAddr) || "*".equals(remoteAddr)) { return NULL_NET_ADDRESS_STRATEGY; } - if (netaddress.endsWith("}")) { - String[] strArray = StringUtils.split(netaddress, "."); + if (remoteAddr.endsWith("}")) { + String[] strArray = StringUtils.split(remoteAddr, "."); String four = strArray[3]; if (!four.startsWith("{")) { - throw new AclException(String.format("MultipleRemoteAddressStrategy netaddress examine scope Exception netaddress", netaddress)); + throw new AclException(String.format("MultipleRemoteAddressStrategy netaddress examine scope Exception netaddress", remoteAddr)); } - return new MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(netaddress, four)); - } else if (AclUtils.isColon(netaddress)) { - return new MultipleRemoteAddressStrategy(StringUtils.split(netaddress, ",")); - } else if (AclUtils.isAsterisk(netaddress) || AclUtils.isMinus(netaddress)) { - return new RangeRemoteAddressStrategy(netaddress); + return new MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(remoteAddr, four)); + } else if (AclUtils.isColon(remoteAddr)) { + return new MultipleRemoteAddressStrategy(StringUtils.split(remoteAddr, ",")); + } else if (AclUtils.isAsterisk(remoteAddr) || AclUtils.isMinus(remoteAddr)) { + return new RangeRemoteAddressStrategy(remoteAddr); } - return new OneRemoteAddressStrategy(netaddress); + return new OneRemoteAddressStrategy(remoteAddr); } @@ -103,10 +104,10 @@ public class RemoteAddressStrategyFactory { private int index; - public RangeRemoteAddressStrategy(String netaddress) { - String[] strArray = StringUtils.split(netaddress, "."); + public RangeRemoteAddressStrategy(String remoteAddr) { + String[] strArray = StringUtils.split(remoteAddr, "."); if (analysis(strArray, 2) || analysis(strArray, 3)) { - AclUtils.verify(netaddress, index - 1); + AclUtils.verify(remoteAddr, index - 1); StringBuffer sb = new StringBuffer().append(strArray[0].trim()).append(".").append(strArray[1].trim()).append("."); if (index == 3) { sb.append(strArray[2].trim()).append("."); diff --git a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java index 04a3f8f2c32b2545339f23081015bbe1fb0a5b63..2d998cc4e50721cde8fe5bd3d865af3f92b233d5 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java @@ -29,28 +29,28 @@ public class PermissionTest { @Test public void fromStringGetPermissionTest() { - byte perm = Permission.fromStringGetPermission("PUB"); + byte perm = Permission.parsePermFromString("PUB"); Assert.assertEquals(perm, Permission.PUB); - perm = Permission.fromStringGetPermission("SUB"); + perm = Permission.parsePermFromString("SUB"); Assert.assertEquals(perm, Permission.SUB); - perm = Permission.fromStringGetPermission("ANY"); + perm = Permission.parsePermFromString("ANY"); Assert.assertEquals(perm, Permission.ANY); - perm = Permission.fromStringGetPermission("PUB|SUB"); + perm = Permission.parsePermFromString("PUB|SUB"); Assert.assertEquals(perm, Permission.ANY); - perm = Permission.fromStringGetPermission("SUB|PUB"); + perm = Permission.parsePermFromString("SUB|PUB"); Assert.assertEquals(perm, Permission.ANY); - perm = Permission.fromStringGetPermission("DENY"); + perm = Permission.parsePermFromString("DENY"); Assert.assertEquals(perm, Permission.DENY); - perm = Permission.fromStringGetPermission("1"); + perm = Permission.parsePermFromString("1"); Assert.assertEquals(perm, Permission.DENY); - perm = Permission.fromStringGetPermission(null); + perm = Permission.parsePermFromString(null); Assert.assertEquals(perm, Permission.DENY); } @@ -91,17 +91,17 @@ public class PermissionTest { PlainAccessResource plainAccessResource = new PlainAccessResource(); Map resourcePermMap = plainAccessResource.getResourcePermMap(); - Permission.setTopicPerm(plainAccessResource, false, null); + Permission.parseResourcePerms(plainAccessResource, false, null); Assert.assertNull(resourcePermMap); List groups = new ArrayList<>(); - Permission.setTopicPerm(plainAccessResource, false, groups); + Permission.parseResourcePerms(plainAccessResource, false, groups); Assert.assertNull(resourcePermMap); groups.add("groupA=DENY"); groups.add("groupB=PUB|SUB"); groups.add("groupC=PUB"); - Permission.setTopicPerm(plainAccessResource, false, groups); + Permission.parseResourcePerms(plainAccessResource, false, groups); resourcePermMap = plainAccessResource.getResourcePermMap(); byte perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupA")); @@ -118,7 +118,7 @@ public class PermissionTest { topics.add("topicB=PUB|SUB"); topics.add("topicC=PUB"); - Permission.setTopicPerm(plainAccessResource, true, topics); + Permission.parseResourcePerms(plainAccessResource, true, topics); perm = resourcePermMap.get("topicA"); Assert.assertEquals(perm, Permission.DENY); @@ -131,7 +131,7 @@ public class PermissionTest { List erron = new ArrayList<>(); erron.add(""); - Permission.setTopicPerm(plainAccessResource, false, erron); + Permission.parseResourcePerms(plainAccessResource, false, erron); } @Test @@ -144,7 +144,7 @@ public class PermissionTest { code.add(207); for (int i = 0; i < 400; i++) { - boolean boo = Permission.checkAdminCode(i); + boolean boo = Permission.needAdminPerm(i); if (boo) { Assert.assertTrue(code.contains(i)); } diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java index 45004ec2ede046a88089de90b2a3a75b37741543..de9b45dc3df7e126ced3bcf23bada9b57e999081 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java @@ -27,7 +27,7 @@ import java.util.Set; import org.apache.commons.lang3.reflect.FieldUtils; import org.apache.rocketmq.acl.common.AclException; import org.apache.rocketmq.acl.common.Permission; -import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccess; +import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccessConfig; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -90,7 +90,7 @@ public class PlainPermissionLoaderTest { @Test public void getPlainAccessResourceTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); - PlainAccess plainAccess = new PlainAccess(); + PlainAccessConfig plainAccess = new PlainAccessConfig(); plainAccess.setAccessKey("RocketMQ"); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess); @@ -120,7 +120,7 @@ public class PlainPermissionLoaderTest { groups.add("groupA=DENY"); groups.add("groupB=PUB|SUB"); groups.add("groupC=PUB"); - plainAccess.setGroups(groups); + plainAccess.setGroupPerms(groups); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess); Map resourcePermMap = plainAccessResource.getResourcePermMap(); Assert.assertEquals(resourcePermMap.size(), 3); @@ -133,7 +133,7 @@ public class PlainPermissionLoaderTest { topics.add("topicA=DENY"); topics.add("topicB=PUB|SUB"); topics.add("topicC=PUB"); - plainAccess.setTopics(topics); + plainAccess.setTopicPerms(topics); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess); resourcePermMap = plainAccessResource.getResourcePermMap(); Assert.assertEquals(resourcePermMap.size(), 6); @@ -170,25 +170,25 @@ public class PlainPermissionLoaderTest { @Test(expected = AclException.class) public void accountNullTest() { plainAccessResource.setAccessKey(null); - plainPermissionLoader.setPlainAccessResource(plainAccessResource); + plainPermissionLoader.addPlainAccessResource(plainAccessResource); } @Test(expected = AclException.class) public void accountThanTest() { plainAccessResource.setAccessKey("123"); - plainPermissionLoader.setPlainAccessResource(plainAccessResource); + plainPermissionLoader.addPlainAccessResource(plainAccessResource); } @Test(expected = AclException.class) public void passWordtNullTest() { plainAccessResource.setAccessKey(null); - plainPermissionLoader.setPlainAccessResource(plainAccessResource); + plainPermissionLoader.addPlainAccessResource(plainAccessResource); } @Test(expected = AclException.class) public void passWordThanTest() { plainAccessResource.setAccessKey("123"); - plainPermissionLoader.setPlainAccessResource(plainAccessResource); + plainPermissionLoader.addPlainAccessResource(plainAccessResource); } @Test(expected = AclException.class) @@ -200,11 +200,11 @@ public class PlainPermissionLoaderTest { @SuppressWarnings("unchecked") @Test public void cleanAuthenticationInfoTest() throws IllegalAccessException { - //plainPermissionLoader.setPlainAccessResource(plainAccessResource); + //plainPermissionLoader.addPlainAccessResource(plainAccessResource); Map> plainAccessResourceMap = (Map>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); Assert.assertFalse(plainAccessResourceMap.isEmpty()); - plainPermissionLoader.cleanAuthenticationInfo(); + plainPermissionLoader.clearPermissionInfo(); plainAccessResourceMap = (Map>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true); Assert.assertTrue(plainAccessResourceMap.isEmpty()); } diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java index 1d681e0f467c5ce571e9ce3a829d33952e821cee..527c5c297e48c7255eebd1638425390507c4c345 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java @@ -27,35 +27,35 @@ public class RemoteAddressStrategyTest { @Test public void NetaddressStrategyFactoryTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); - RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy, RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); plainAccessResource.setWhiteRemoteAddress("*"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy, RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); plainAccessResource.setWhiteRemoteAddress("127.0.0.1"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.OneRemoteAddressStrategy.class); plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class); plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class); plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class); plainAccessResource.setWhiteRemoteAddress("127.0.0.*"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class); plainAccessResource.setWhiteRemoteAddress("127.0.1-20.*"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class); } @@ -63,9 +63,9 @@ public class RemoteAddressStrategyTest { public void verifyTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress("127.0.0.1"); - remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); plainAccessResource.setWhiteRemoteAddress("256.0.0.1"); - remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); } @Test @@ -77,7 +77,7 @@ public class RemoteAddressStrategyTest { public void oneNetaddressStrategyTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress("127.0.0.1"); - RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); plainAccessResource.setWhiteRemoteAddress(""); boolean match = remoteAddressStrategy.match(plainAccessResource); Assert.assertFalse(match); @@ -95,11 +95,11 @@ public class RemoteAddressStrategyTest { public void multipleNetaddressStrategyTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3"); - RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); multipleNetaddressStrategyTest(remoteAddressStrategy); plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); multipleNetaddressStrategyTest(remoteAddressStrategy); } @@ -108,7 +108,7 @@ public class RemoteAddressStrategyTest { public void multipleNetaddressStrategyExceptionTest() { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress("127.0.0.1,2,3}"); - remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); } private void multipleNetaddressStrategyTest(RemoteAddressStrategy remoteAddressStrategy) { @@ -140,14 +140,14 @@ public class RemoteAddressStrategyTest { String head = "127.0.0."; PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200"); - RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); rangeNetaddressStrategyTest(remoteAddressStrategy, head, 1, 200, true); plainAccessResource.setWhiteRemoteAddress("127.0.0.*"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); rangeNetaddressStrategyTest(remoteAddressStrategy, head, 0, 255, true); plainAccessResource.setWhiteRemoteAddress("127.0.1-200.*"); - remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); rangeNetaddressStrategyThirdlyTest(remoteAddressStrategy, head, 1, 200); } @@ -196,7 +196,7 @@ public class RemoteAddressStrategyTest { private void rangeNetaddressStrategyExceptionTest(String netaddress) { PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setWhiteRemoteAddress(netaddress); - remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource); + remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource); } } diff --git a/acl/src/test/resources/conf/transport.yml b/acl/src/test/resources/conf/transport.yml index 2c3070e191e49cadbc3762e37cc9c8179cc77624..5daefb67c335b12ad8359bb261742df6138926cf 100644 --- a/acl/src/test/resources/conf/transport.yml +++ b/acl/src/test/resources/conf/transport.yml @@ -26,11 +26,11 @@ accounts: admin: false defaultTopicPerm: DENY defaultGroupPerm: SUB - topics: + topicPerms: - topicA=DENY - topicB=PUB|SUB - topicC=SUB - groups: + groupPerms: # the group should convert to retry topic - groupA=DENY - groupB=SUB diff --git a/common/src/main/java/org/apache/rocketmq/common/UtilAll.java b/common/src/main/java/org/apache/rocketmq/common/UtilAll.java index a846755d8db47f198e02d05c1da5b573474ed4e9..dee6ca291144d7d55265913cbb9fab71cccf1637 100644 --- a/common/src/main/java/org/apache/rocketmq/common/UtilAll.java +++ b/common/src/main/java/org/apache/rocketmq/common/UtilAll.java @@ -60,6 +60,18 @@ public class UtilAll { } } + public static void sleep(long sleepMs) { + if (sleepMs < 0) { + return; + } + try { + Thread.sleep(sleepMs); + } catch (Throwable ignored) { + + } + + } + public static String currentStackTrace() { StringBuilder sb = new StringBuilder(); StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();