Rename and polish permission loader

e3d38d7c · dongeforever · cb46a66a · e3d38d7c · e3d38d7c · e3d38d7c
10 changed file
--- a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
@@ -55,7 +55,7 @@ public class Permission {
        return (neededPerm & ownedPerm) > 0;
    }
-    public static byte fromStringGetPermission(String permString) {
+    public static byte parsePermFromString(String permString) {
        if (permString == null) {
            return Permission.DENY;
        }
@@ -77,21 +77,21 @@ public class Permission {
        }
    }
-    public static void setTopicPerm(PlainAccessResource plainAccessResource, Boolean isTopic, List<String> topicArray) {
+    public static void parseResourcePerms(PlainAccessResource plainAccessResource, Boolean isTopic, List<String> resources) {
-        if (topicArray == null || topicArray.isEmpty()) {
+        if (resources == null || resources.isEmpty()) {
            return;
        }
-        for (String topic : topicArray) {
+        for (String resource : resources) {
-            String[] topicPrem = StringUtils.split(topic, "=");
+            String[] items = StringUtils.split(resource, "=");
-            if (topicPrem.length == 2) {
+            if (items.length == 2) {
-                plainAccessResource.addResourceAndPerm(isTopic ? topicPrem[0] : PlainAccessResource.getRetryTopic(topicPrem[0]), fromStringGetPermission(topicPrem[1]));
+                plainAccessResource.addResourceAndPerm(isTopic ? items[0].trim() : PlainAccessResource.getRetryTopic(items[0].trim()), parsePermFromString(items[1].trim()));
            } else {
-                throw new AclException(String.format("%s Permission config erron %s", isTopic ? "topic" : "group", topic));
+                throw new AclException(String.format("Parse resource permission failed for %s:%s", isTopic ? "topic" : "group", resource));
            }
        }
    }
-    public static boolean checkAdminCode(Integer code) {
+    public static boolean needAdminPerm(Integer code) {
        return ADMIN_CODE.contains(code);
    }
 }
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
@@ -59,6 +59,23 @@ public class PlainAccessResource implements AccessResource {
        return null != topic && topic.startsWith(MixAll.RETRY_GROUP_TOPIC_PREFIX);
    }
+    public static String printStr(String resource, boolean isGroup) {
+        if (resource == null) {
+            return null;
+        }
+        if (isGroup) {
+            return String.format("%s:%s", "group", getGroupFromRetryTopic(resource));
+        } else {
+            return String.format("%s:%s", "topic", resource);
+        }
+    }
+    public static String getGroupFromRetryTopic(String retryTopic) {
+        if (retryTopic == null) {
+            return null;
+        }
+        return retryTopic.substring(MixAll.RETRY_GROUP_TOPIC_PREFIX.length());
+    }
    public static String getRetryTopic(String group) {
        if (group == null) {
            return null;

--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
@@ -120,7 +120,7 @@ public class PlainAccessValidator implements AccessValidator {
    @Override
    public void validate(AccessResource accessResource) {
-        aclPlugEngine.eachCheckPlainAccessResource((PlainAccessResource) accessResource);
+        aclPlugEngine.validate((PlainAccessResource) accessResource);
    }
 }
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
@@ -28,16 +28,15 @@ import java.nio.file.WatchKey;
 import java.nio.file.WatchService;
 import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.rocketmq.acl.common.AclException;
 import org.apache.rocketmq.acl.common.AclUtils;
 import org.apache.rocketmq.acl.common.Permission;
 import org.apache.rocketmq.common.MixAll;
 import org.apache.rocketmq.common.ServiceThread;
+import org.apache.rocketmq.common.UtilAll;
 import org.apache.rocketmq.common.constant.LoggerName;
 import org.apache.rocketmq.logging.InternalLogger;
 import org.apache.rocketmq.logging.InternalLoggerFactory;
@@ -46,13 +45,14 @@ public class PlainPermissionLoader {
    private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME);
    private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
        System.getenv(MixAll.ROCKETMQ_HOME_ENV));
-    private String fileName = System.getProperty("romcketmq.acl.plain.fileName", "/conf/transport.yml");
+    //TODO  rename transport to plain_acl.yml
+    private String fileName = System.getProperty("rocketmq.acl.plain.file", "/conf/transport.yml");
-    private Map<String/** account **/
+    private Map<String/** AccessKey **/, PlainAccessResource> plainAccessResourceMap = new HashMap<>();
-        , List<PlainAccessResource>> plainAccessResourceMap = new HashMap<>();
    private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new ArrayList<>();
@@ -61,6 +61,7 @@ public class PlainPermissionLoader {
    private boolean isWatchStart;
    public PlainPermissionLoader() {
+        //TODO test what will happen if initialize failed
        initialize();
        watch();
    }
@@ -76,25 +77,24 @@ public class PlainPermissionLoader {
        JSONArray globalWhiteRemoteAddressesList = accessControlTransport.getJSONArray("globalWhiteRemoteAddresses");
        if (globalWhiteRemoteAddressesList != null && !globalWhiteRemoteAddressesList.isEmpty()) {
            for (int i = 0; i < globalWhiteRemoteAddressesList.size(); i++) {
-                setGlobalWhite(globalWhiteRemoteAddressesList.getString(i));
+                addGlobalWhiteRemoteAddress(globalWhiteRemoteAddressesList.getString(i));
            }
        }
        JSONArray accounts = accessControlTransport.getJSONArray("accounts");
-        List<PlainAccess> plainAccessList = accounts.toJavaList(PlainAccess.class);
+        List<PlainAccessConfig> plainAccessList = accounts.toJavaList(PlainAccessConfig.class);
        if (plainAccessList != null && !plainAccessList.isEmpty()) {
-            for (PlainAccess plainAccess : plainAccessList) {
+            for (PlainAccessConfig plainAccess : plainAccessList) {
-                this.setPlainAccessResource(getPlainAccessResource(plainAccess));
+                this.addPlainAccessResource(getPlainAccessResource(plainAccess));
            }
        }
    }
    private void watch() {
        String version = System.getProperty("java.version");
-        log.info("java.version is : {}", version);
        String[] str = StringUtils.split(version, ".");
        if (Integer.valueOf(str[1]) < 7) {
-            log.warn("wacth need jdk 1.7 support , current version no support");
+            log.warn("Watch need jdk equal or greater than 1.7, current version is {}", str[1]);
            return;
        }
        try {
@@ -106,41 +106,41 @@ public class PlainPermissionLoader {
                public void run() {
                    while (true) {
                        try {
-                            while (true) {
+                            WatchKey watchKey = watcher.take();
-                                WatchKey watchKey = watcher.take();
+                            List<WatchEvent<?>> watchEvents = watchKey.pollEvents();
-                                List<WatchEvent<?>> watchEvents = watchKey.pollEvents();
+                            for (WatchEvent<?> event : watchEvents) {
-                                for (WatchEvent<?> event : watchEvents) {
+                                //TODO use variable instead of raw text
-                                    if ("transport.yml".equals(event.context().toString())
+                                if ("transport.yml".equals(event.context().toString())
-                                        && (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind())
+                                    && (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind())
-                                        || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) {
+                                    || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) {
-                                        log.info("transprot.yml make a difference  change is : ", event.toString());
+                                    log.info("transprot.yml make a difference  change is : ", event.toString());
-                                        PlainPermissionLoader.this.cleanAuthenticationInfo();
+                                    PlainPermissionLoader.this.clearPermissionInfo();
-                                        initialize();
+                                    initialize();
-                                    }
                                }
-                                watchKey.reset();
                            }
+                            watchKey.reset();
                        } catch (InterruptedException e) {
                            log.error(e.getMessage(), e);
+                            UtilAll.sleep(3000);
                        }
                    }
                }
                @Override
                public String getServiceName() {
-                    return "watcherServcie";
+                    return "AclWatcherService";
                }
            };
            watcherServcie.start();
-            log.info("succeed start watcherServcie");
+            log.info("Succeed to start AclWatcherService");
            this.isWatchStart = true;
        } catch (IOException e) {
-            log.error(e.getMessage(), e);
+            log.error("Failed to start AclWatcherService", e);
        }
    }
-    PlainAccessResource getPlainAccessResource(PlainAccess plainAccess) {
+    PlainAccessResource getPlainAccessResource(PlainAccessConfig plainAccess) {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setAccessKey(plainAccess.getAccessKey());
        plainAccessResource.setSecretKey(plainAccess.getSecretKey());
@@ -148,110 +148,114 @@ public class PlainPermissionLoader {
        plainAccessResource.setAdmin(plainAccess.isAdmin());
-        plainAccessResource.setDefaultGroupPerm(Permission.fromStringGetPermission(plainAccess.getDefaultGroupPerm()));
+        plainAccessResource.setDefaultGroupPerm(Permission.parsePermFromString(plainAccess.getDefaultGroupPerm()));
-        plainAccessResource.setDefaultTopicPerm(Permission.fromStringGetPermission(plainAccess.getDefaultTopicPerm()));
+        plainAccessResource.setDefaultTopicPerm(Permission.parsePermFromString(plainAccess.getDefaultTopicPerm()));
-        Permission.setTopicPerm(plainAccessResource, false, plainAccess.getGroups());
+        Permission.parseResourcePerms(plainAccessResource, false, plainAccess.getGroupPerms());
-        Permission.setTopicPerm(plainAccessResource, true, plainAccess.getTopics());
+        Permission.parseResourcePerms(plainAccessResource, true, plainAccess.getTopicPerms());
        return plainAccessResource;
    }
-    void checkPerm(PlainAccessResource needCheckplainAccessResource, PlainAccessResource plainAccessResource) {
+    void checkPerm(PlainAccessResource needCheckedAccess, PlainAccessResource ownedAccess) {
-        if (!plainAccessResource.isAdmin() && Permission.checkAdminCode(needCheckplainAccessResource.getRequestCode())) {
+        if (Permission.needAdminPerm(needCheckedAccess.getRequestCode()) && !ownedAccess.isAdmin()) {
-            throw new AclException(String.format("accessKey is %s  remoteAddress is %s , is not admin Premission . RequestCode is %d", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress(), needCheckplainAccessResource.getRequestCode()));
+            throw new AclException(String.format("Need admin permission for request code=%d, but accessKey=%s is not", needCheckedAccess.getRequestCode(), ownedAccess.getAccessKey()));
        }
-        Map<String, Byte> needCheckTopicAndGourpPerm = needCheckplainAccessResource.getResourcePermMap();
+        Map<String, Byte> needCheckedPermMap = needCheckedAccess.getResourcePermMap();
-        Map<String, Byte> topicAndGourpPerm = plainAccessResource.getResourcePermMap();
+        Map<String, Byte> ownedPermMap = ownedAccess.getResourcePermMap();
-        Iterator<Entry<String, Byte>> it = topicAndGourpPerm.entrySet().iterator();
+        for (Map.Entry<String, Byte> needCheckedEntry : needCheckedPermMap.entrySet()) {
-        Byte perm;
+            String resource = needCheckedEntry.getKey();
-        while (it.hasNext()) {
+            Byte neededPerm = needCheckedEntry.getValue();
-            Entry<String, Byte> e = it.next();
+            boolean isGroup = PlainAccessResource.isRetryTopic(resource);
-            if ((perm = needCheckTopicAndGourpPerm.get(e.getKey())) != null && Permission.checkPermission(perm, e.getValue())) {
+            if (!ownedPermMap.containsKey(resource)) {
+                //Check the default perm
+                byte ownedPerm = isGroup ? needCheckedAccess.getDefaultGroupPerm() :
+                    needCheckedAccess.getDefaultTopicPerm();
+                if (!Permission.checkPermission(neededPerm, ownedPerm)) {
+                    throw new AclException(String.format("No default permission for %s", PlainAccessResource.printStr(resource, isGroup)));
+                }
                continue;
            }
-            byte neededPerm = PlainAccessResource.isRetryTopic(e.getKey()) ? needCheckplainAccessResource.getDefaultGroupPerm() :
+            if (!Permission.checkPermission(neededPerm, ownedPermMap.get(resource))) {
-                needCheckplainAccessResource.getDefaultTopicPerm();
+                throw new AclException(String.format("No default permission for %s", PlainAccessResource.printStr(resource, isGroup)));
-            if (!Permission.checkPermission(neededPerm, e.getValue())) {
-                throw new AclException(String.format("", e.toString()));
            }
        }
    }
-    void cleanAuthenticationInfo() {
+    void clearPermissionInfo() {
        this.plainAccessResourceMap.clear();
        this.globalWhiteRemoteAddressStrategy.clear();
    }
-    public void setPlainAccessResource(PlainAccessResource plainAccessResource) throws AclException {
+    public void addPlainAccessResource(PlainAccessResource plainAccessResource) throws AclException {
-        if (plainAccessResource.getAccessKey() == null || plainAccessResource.getSecretKey() == null
+        if (plainAccessResource.getAccessKey() == null
+            || plainAccessResource.getSecretKey() == null
            || plainAccessResource.getAccessKey().length() <= 6
            || plainAccessResource.getSecretKey().length() <= 6) {
            throw new AclException(String.format(
-                "The account password cannot be null and is longer than 6, account is %s  password is %s",
+                "The accessKey=%s and secretKey=%s cannot be null and length should longer than 6",
                plainAccessResource.getAccessKey(), plainAccessResource.getSecretKey()));
        }
        try {
            RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory
-                .getNetaddressStrategy(plainAccessResource);
+                .getRemoteAddressStrategy(plainAccessResource);
-            List<PlainAccessResource> accessControlAddressList = plainAccessResourceMap.get(plainAccessResource.getAccessKey());
-            if (accessControlAddressList == null) {
-                accessControlAddressList = new ArrayList<>();
-                plainAccessResourceMap.put(plainAccessResource.getAccessKey(), accessControlAddressList);
-            }
            plainAccessResource.setRemoteAddressStrategy(remoteAddressStrategy);
-            accessControlAddressList.add(plainAccessResource);
+            if (plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) {
-            log.info("authenticationInfo is {}", plainAccessResource.toString());
+                log.warn("Duplicate acl config  for {}, the newly one may overwrite the old", plainAccessResource.getAccessKey());
+            }
+            plainAccessResourceMap.put(plainAccessResource.getAccessKey(), plainAccessResource);
        } catch (Exception e) {
-            throw new AclException(
+            throw new AclException(String.format("Load plain access resource failed %s  %s", e.getMessage(), plainAccessResource.toString()), e);
-                String.format("Exception info %s  %s", e.getMessage(), plainAccessResource.toString()), e);
        }
    }
-    private void setGlobalWhite(String remoteAddresses) {
+    private void addGlobalWhiteRemoteAddress(String remoteAddresses) {
-        globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getNetaddressStrategy(remoteAddresses));
+        globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getRemoteAddressStrategy(remoteAddresses));
    }
-    public void eachCheckPlainAccessResource(PlainAccessResource plainAccessResource) {
+    public void validate(PlainAccessResource plainAccessResource) {
-        List<PlainAccessResource> plainAccessResourceAddressList = plainAccessResourceMap.get(plainAccessResource.getAccessKey());
+        //Step 1, check the global white remote addr
-        boolean isDistinguishAccessKey = false;
+        if (plainAccessResource.getAccessKey() == null) {
-        if (plainAccessResourceAddressList != null) {
+            if (globalWhiteRemoteAddressStrategy.isEmpty()) {
-            for (PlainAccessResource plainAccess : plainAccessResourceAddressList) {
+                throw new AclException(String.format("No accessKey is configured and no global white remote addr is configured"));
-                if (!plainAccess.getRemoteAddressStrategy().match(plainAccessResource)) {
-                    isDistinguishAccessKey = true;
-                    continue;
-                }
-                String signature = AclUtils.calSignature(plainAccessResource.getContent(), plainAccess.getSecretKey());
-                if (signature.equals(plainAccessResource.getSignature())) {
-                    checkPerm(plainAccess, plainAccessResource);
-                    return;
-                } else {
-                    throw new AclException(String.format("signature is erron. erron accessKe is %s , erron reomiteAddress %s", plainAccess.getAccessKey(), plainAccessResource.getWhiteRemoteAddress()));
-                }
            }
-        }
-        if (plainAccessResource.getAccessKey() == null && !globalWhiteRemoteAddressStrategy.isEmpty()) {
            for (RemoteAddressStrategy remoteAddressStrategy : globalWhiteRemoteAddressStrategy) {
                if (remoteAddressStrategy.match(plainAccessResource)) {
                    return;
                }
            }
+            throw new AclException(String.format("No accessKey is configured and no global white remote addr is matched"));
+        }
+        if (!plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) {
+            throw new AclException(String.format("No acl config for %s", plainAccessResource.getAccessKey()));
        }
-        if (isDistinguishAccessKey) {
-            throw new AclException(String.format("client ip  not in WhiteRemoteAddress . erron accessKe is %s , erron reomiteAddress %s", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress()));
+        //Step 2, check the white addr for accesskey
-        } else {
+        PlainAccessResource ownedAccess = plainAccessResourceMap.get(plainAccessResource.getAccessKey());
-            throw new AclException(String.format("It is not make Access and make client ip .erron accessKe is %s , erron reomiteAddress %s", plainAccessResource.getAccessKey(), plainAccessResource.getWhiteRemoteAddress()));
+        if (ownedAccess.getRemoteAddressStrategy().match(plainAccessResource)) {
+            return;
        }
+        //Step 3, check the signature
+        String signature = AclUtils.calSignature(plainAccessResource.getContent(), ownedAccess.getSecretKey());
+        if (!signature.equals(plainAccessResource.getSignature())) {
+            throw new AclException(String.format("Check signature failed for accessKey=%s", plainAccessResource.getAccessKey()));
+        }
+        //Step 4, check perm of each resource
+        checkPerm(plainAccessResource, ownedAccess);
    }
    public boolean isWatchStart() {
        return isWatchStart;
    }
-    static class PlainAccess {
+    static class PlainAccessConfig {
        private String accessKey;
@@ -265,9 +269,9 @@ public class PlainPermissionLoader {
        private String defaultGroupPerm;
-        private List<String> topics;
+        private List<String> topicPerms;
-        private List<String> groups;
+        private List<String> groupPerms;
        public String getAccessKey() {
            return accessKey;
@@ -317,20 +321,20 @@ public class PlainPermissionLoader {
            this.defaultGroupPerm = defaultGroupPerm;
        }
-        public List<String> getTopics() {
+        public List<String> getTopicPerms() {
-            return topics;
+            return topicPerms;
        }
-        public void setTopics(List<String> topics) {
+        public void setTopicPerms(List<String> topicPerms) {
-            this.topics = topics;
+            this.topicPerms = topicPerms;
        }
-        public List<String> getGroups() {
+        public List<String> getGroupPerms() {
-            return groups;
+            return groupPerms;
        }
-        public void setGroups(List<String> groups) {
+        public void setGroupPerms(List<String> groupPerms) {
-            this.groups = groups;
+            this.groupPerms = groupPerms;
        }
    }

--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
@@ -26,28 +26,29 @@ public class RemoteAddressStrategyFactory {
    public static final NullRemoteAddressStrategy NULL_NET_ADDRESS_STRATEGY = new NullRemoteAddressStrategy();
-    public RemoteAddressStrategy getNetaddressStrategy(PlainAccessResource plainAccessResource) {
+    public RemoteAddressStrategy getRemoteAddressStrategy(PlainAccessResource plainAccessResource) {
-        return getNetaddressStrategy(plainAccessResource.getWhiteRemoteAddress());
+        return getRemoteAddressStrategy(plainAccessResource.getWhiteRemoteAddress());
    }
-    public RemoteAddressStrategy getNetaddressStrategy(String netaddress) {
+    public RemoteAddressStrategy getRemoteAddressStrategy(String remoteAddr) {
-        if (StringUtils.isBlank(netaddress) || "*".equals(netaddress)) {
+        //TODO if the white addr is not configured, should reject it.
+        if (StringUtils.isBlank(remoteAddr) || "*".equals(remoteAddr)) {
            return NULL_NET_ADDRESS_STRATEGY;
        }
-        if (netaddress.endsWith("}")) {
+        if (remoteAddr.endsWith("}")) {
-            String[] strArray = StringUtils.split(netaddress, ".");
+            String[] strArray = StringUtils.split(remoteAddr, ".");
            String four = strArray[3];
            if (!four.startsWith("{")) {
-                throw new AclException(String.format("MultipleRemoteAddressStrategy netaddress examine scope Exception netaddress", netaddress));
+                throw new AclException(String.format("MultipleRemoteAddressStrategy netaddress examine scope Exception netaddress", remoteAddr));
            }
-            return new MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(netaddress, four));
+            return new MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(remoteAddr, four));
-        } else if (AclUtils.isColon(netaddress)) {
+        } else if (AclUtils.isColon(remoteAddr)) {
-            return new MultipleRemoteAddressStrategy(StringUtils.split(netaddress, ","));
+            return new MultipleRemoteAddressStrategy(StringUtils.split(remoteAddr, ","));
-        } else if (AclUtils.isAsterisk(netaddress) || AclUtils.isMinus(netaddress)) {
+        } else if (AclUtils.isAsterisk(remoteAddr) || AclUtils.isMinus(remoteAddr)) {
-            return new RangeRemoteAddressStrategy(netaddress);
+            return new RangeRemoteAddressStrategy(remoteAddr);
        }
-        return new OneRemoteAddressStrategy(netaddress);
+        return new OneRemoteAddressStrategy(remoteAddr);
    }
@@ -103,10 +104,10 @@ public class RemoteAddressStrategyFactory {
        private int index;
-        public RangeRemoteAddressStrategy(String netaddress) {
+        public RangeRemoteAddressStrategy(String remoteAddr) {
-            String[] strArray = StringUtils.split(netaddress, ".");
+            String[] strArray = StringUtils.split(remoteAddr, ".");
            if (analysis(strArray, 2) || analysis(strArray, 3)) {
-                AclUtils.verify(netaddress, index - 1);
+                AclUtils.verify(remoteAddr, index - 1);
                StringBuffer sb = new StringBuffer().append(strArray[0].trim()).append(".").append(strArray[1].trim()).append(".");
                if (index == 3) {
                    sb.append(strArray[2].trim()).append(".");

--- a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
@@ -29,28 +29,28 @@ public class PermissionTest {
    @Test
    public void fromStringGetPermissionTest() {
-        byte perm = Permission.fromStringGetPermission("PUB");
+        byte perm = Permission.parsePermFromString("PUB");
        Assert.assertEquals(perm, Permission.PUB);
-        perm = Permission.fromStringGetPermission("SUB");
+        perm = Permission.parsePermFromString("SUB");
        Assert.assertEquals(perm, Permission.SUB);
-        perm = Permission.fromStringGetPermission("ANY");
+        perm = Permission.parsePermFromString("ANY");
        Assert.assertEquals(perm, Permission.ANY);
-        perm = Permission.fromStringGetPermission("PUB|SUB");
+        perm = Permission.parsePermFromString("PUB|SUB");
        Assert.assertEquals(perm, Permission.ANY);
-        perm = Permission.fromStringGetPermission("SUB|PUB");
+        perm = Permission.parsePermFromString("SUB|PUB");
        Assert.assertEquals(perm, Permission.ANY);
-        perm = Permission.fromStringGetPermission("DENY");
+        perm = Permission.parsePermFromString("DENY");
        Assert.assertEquals(perm, Permission.DENY);
-        perm = Permission.fromStringGetPermission("1");
+        perm = Permission.parsePermFromString("1");
        Assert.assertEquals(perm, Permission.DENY);
-        perm = Permission.fromStringGetPermission(null);
+        perm = Permission.parsePermFromString(null);
        Assert.assertEquals(perm, Permission.DENY);
    }
@@ -91,17 +91,17 @@ public class PermissionTest {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap();
-        Permission.setTopicPerm(plainAccessResource, false, null);
+        Permission.parseResourcePerms(plainAccessResource, false, null);
        Assert.assertNull(resourcePermMap);
        List<String> groups = new ArrayList<>();
-        Permission.setTopicPerm(plainAccessResource, false, groups);
+        Permission.parseResourcePerms(plainAccessResource, false, groups);
        Assert.assertNull(resourcePermMap);
        groups.add("groupA=DENY");
        groups.add("groupB=PUB|SUB");
        groups.add("groupC=PUB");
-        Permission.setTopicPerm(plainAccessResource, false, groups);
+        Permission.parseResourcePerms(plainAccessResource, false, groups);
        resourcePermMap = plainAccessResource.getResourcePermMap();
        byte perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupA"));
@@ -118,7 +118,7 @@ public class PermissionTest {
        topics.add("topicB=PUB|SUB");
        topics.add("topicC=PUB");
-        Permission.setTopicPerm(plainAccessResource, true, topics);
+        Permission.parseResourcePerms(plainAccessResource, true, topics);
        perm = resourcePermMap.get("topicA");
        Assert.assertEquals(perm, Permission.DENY);
@@ -131,7 +131,7 @@ public class PermissionTest {
        List<String> erron = new ArrayList<>();
        erron.add("");
-        Permission.setTopicPerm(plainAccessResource, false, erron);
+        Permission.parseResourcePerms(plainAccessResource, false, erron);
    }
    @Test
@@ -144,7 +144,7 @@ public class PermissionTest {
        code.add(207);
        for (int i = 0; i < 400; i++) {
-            boolean boo = Permission.checkAdminCode(i);
+            boolean boo = Permission.needAdminPerm(i);
            if (boo) {
                Assert.assertTrue(code.contains(i));
            }

--- a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
@@ -27,7 +27,7 @@ import java.util.Set;
 import org.apache.commons.lang3.reflect.FieldUtils;
 import org.apache.rocketmq.acl.common.AclException;
 import org.apache.rocketmq.acl.common.Permission;
-import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccess;
+import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccessConfig;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -90,7 +90,7 @@ public class PlainPermissionLoaderTest {
    @Test
    public void getPlainAccessResourceTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
-        PlainAccess plainAccess = new PlainAccess();
+        PlainAccessConfig plainAccess = new PlainAccessConfig();
        plainAccess.setAccessKey("RocketMQ");
        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
@@ -120,7 +120,7 @@ public class PlainPermissionLoaderTest {
        groups.add("groupA=DENY");
        groups.add("groupB=PUB|SUB");
        groups.add("groupC=PUB");
-        plainAccess.setGroups(groups);
+        plainAccess.setGroupPerms(groups);
        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
        Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap();
        Assert.assertEquals(resourcePermMap.size(), 3);
@@ -133,7 +133,7 @@ public class PlainPermissionLoaderTest {
        topics.add("topicA=DENY");
        topics.add("topicB=PUB|SUB");
        topics.add("topicC=PUB");
-        plainAccess.setTopics(topics);
+        plainAccess.setTopicPerms(topics);
        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
        resourcePermMap = plainAccessResource.getResourcePermMap();
        Assert.assertEquals(resourcePermMap.size(), 6);
@@ -170,25 +170,25 @@ public class PlainPermissionLoaderTest {
    @Test(expected = AclException.class)
    public void accountNullTest() {
        plainAccessResource.setAccessKey(null);
-        plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+        plainPermissionLoader.addPlainAccessResource(plainAccessResource);
    }
    @Test(expected = AclException.class)
    public void accountThanTest() {
        plainAccessResource.setAccessKey("123");
-        plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+        plainPermissionLoader.addPlainAccessResource(plainAccessResource);
    }
    @Test(expected = AclException.class)
    public void passWordtNullTest() {
        plainAccessResource.setAccessKey(null);
-        plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+        plainPermissionLoader.addPlainAccessResource(plainAccessResource);
    }
    @Test(expected = AclException.class)
    public void passWordThanTest() {
        plainAccessResource.setAccessKey("123");
-        plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+        plainPermissionLoader.addPlainAccessResource(plainAccessResource);
    }
    @Test(expected = AclException.class)
@@ -200,11 +200,11 @@ public class PlainPermissionLoaderTest {
    @SuppressWarnings("unchecked")
    @Test
    public void cleanAuthenticationInfoTest() throws IllegalAccessException {
-        //plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+        //plainPermissionLoader.addPlainAccessResource(plainAccessResource);
        Map<String, List<PlainAccessResource>> plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
        Assert.assertFalse(plainAccessResourceMap.isEmpty());
-        plainPermissionLoader.cleanAuthenticationInfo();
+        plainPermissionLoader.clearPermissionInfo();
        plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
        Assert.assertTrue(plainAccessResourceMap.isEmpty());
    }

--- a/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
@@ -27,35 +27,35 @@ public class RemoteAddressStrategyTest {
    @Test
    public void NetaddressStrategyFactoryTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
-        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy, RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY);
        plainAccessResource.setWhiteRemoteAddress("*");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy, RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.OneRemoteAddressStrategy.class);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.*");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
        plainAccessResource.setWhiteRemoteAddress("127.0.1-20.*");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        Assert.assertEquals(remoteAddressStrategy.getClass(), RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
    }
@@ -63,9 +63,9 @@ public class RemoteAddressStrategyTest {
    public void verifyTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
-        remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        plainAccessResource.setWhiteRemoteAddress("256.0.0.1");
-        remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
    }
    @Test
@@ -77,7 +77,7 @@ public class RemoteAddressStrategyTest {
    public void oneNetaddressStrategyTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
-        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        plainAccessResource.setWhiteRemoteAddress("");
        boolean match = remoteAddressStrategy.match(plainAccessResource);
        Assert.assertFalse(match);
@@ -95,11 +95,11 @@ public class RemoteAddressStrategyTest {
    public void multipleNetaddressStrategyTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3");
-        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        multipleNetaddressStrategyTest(remoteAddressStrategy);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        multipleNetaddressStrategyTest(remoteAddressStrategy);
    }
@@ -108,7 +108,7 @@ public class RemoteAddressStrategyTest {
    public void multipleNetaddressStrategyExceptionTest() {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1,2,3}");
-        remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
    }
    private void multipleNetaddressStrategyTest(RemoteAddressStrategy remoteAddressStrategy) {
@@ -140,14 +140,14 @@ public class RemoteAddressStrategyTest {
        String head = "127.0.0.";
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200");
-        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        RemoteAddressStrategy remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        rangeNetaddressStrategyTest(remoteAddressStrategy, head, 1, 200, true);
        plainAccessResource.setWhiteRemoteAddress("127.0.0.*");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        rangeNetaddressStrategyTest(remoteAddressStrategy, head, 0, 255, true);
        plainAccessResource.setWhiteRemoteAddress("127.0.1-200.*");
-        remoteAddressStrategy = remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategy = remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
        rangeNetaddressStrategyThirdlyTest(remoteAddressStrategy, head, 1, 200);
    }
@@ -196,7 +196,7 @@ public class RemoteAddressStrategyTest {
    private void rangeNetaddressStrategyExceptionTest(String netaddress) {
        PlainAccessResource plainAccessResource = new PlainAccessResource();
        plainAccessResource.setWhiteRemoteAddress(netaddress);
-        remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+        remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
    }
 }
--- a/acl/src/test/resources/conf/transport.yml
+++ b/acl/src/test/resources/conf/transport.yml
@@ -26,11 +26,11 @@ accounts:
  admin: false
  defaultTopicPerm: DENY
  defaultGroupPerm: SUB
-  topics:
+  topicPerms:
  - topicA=DENY
  - topicB=PUB|SUB
  - topicC=SUB
-  groups:
+  groupPerms:
  # the group should convert to retry topic
  - groupA=DENY
  - groupB=SUB

--- a/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
+++ b/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
@@ -60,6 +60,18 @@ public class UtilAll {
        }
    }
+    public static void sleep(long sleepMs) {
+        if (sleepMs < 0) {
+            return;
+        }
+        try {
+            Thread.sleep(sleepMs);
+        } catch (Throwable ignored) {
+        }
+    }
    public static String currentStackTrace() {
        StringBuilder sb = new StringBuilder();
        StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();