提交 020f4b4c 编写于 作者: L laohu

clean code

上级 23a24c44
...@@ -49,17 +49,5 @@ ...@@ -49,17 +49,5 @@
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId> <artifactId>commons-lang3</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
<version>1.7.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito2</artifactId>
<version>1.7.1</version>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
</project> </project>
...@@ -24,9 +24,9 @@ import org.apache.rocketmq.remoting.CommandCustomHeader; ...@@ -24,9 +24,9 @@ import org.apache.rocketmq.remoting.CommandCustomHeader;
import org.apache.rocketmq.remoting.RPCHook; import org.apache.rocketmq.remoting.RPCHook;
import org.apache.rocketmq.remoting.protocol.RemotingCommand; import org.apache.rocketmq.remoting.protocol.RemotingCommand;
import static org.apache.rocketmq.acl.common.SessionCredentials.AccessKey; import static org.apache.rocketmq.acl.common.SessionCredentials.ACCESS_KEY;
import static org.apache.rocketmq.acl.common.SessionCredentials.SecurityToken; import static org.apache.rocketmq.acl.common.SessionCredentials.SECURITY_TOKEN;
import static org.apache.rocketmq.acl.common.SessionCredentials.Signature; import static org.apache.rocketmq.acl.common.SessionCredentials.SIGNATURE;
public class AclClientRPCHook implements RPCHook { public class AclClientRPCHook implements RPCHook {
private final SessionCredentials sessionCredentials; private final SessionCredentials sessionCredentials;
...@@ -42,11 +42,11 @@ public class AclClientRPCHook implements RPCHook { ...@@ -42,11 +42,11 @@ public class AclClientRPCHook implements RPCHook {
byte[] total = AclUtils.combineRequestContent(request, byte[] total = AclUtils.combineRequestContent(request,
parseRequestContent(request, sessionCredentials.getAccessKey(), sessionCredentials.getSecurityToken())); parseRequestContent(request, sessionCredentials.getAccessKey(), sessionCredentials.getSecurityToken()));
String signature = AclUtils.calSignature(total, sessionCredentials.getSecretKey()); String signature = AclUtils.calSignature(total, sessionCredentials.getSecretKey());
request.addExtField(Signature, signature); request.addExtField(SIGNATURE, signature);
request.addExtField(AccessKey, sessionCredentials.getAccessKey()); request.addExtField(ACCESS_KEY, sessionCredentials.getAccessKey());
if (sessionCredentials.getSecurityToken() != null) { if (sessionCredentials.getSecurityToken() != null) {
request.addExtField(SecurityToken, sessionCredentials.getSecurityToken()); request.addExtField(SECURITY_TOKEN, sessionCredentials.getSecurityToken());
} }
} }
...@@ -59,9 +59,9 @@ public class AclClientRPCHook implements RPCHook { ...@@ -59,9 +59,9 @@ public class AclClientRPCHook implements RPCHook {
CommandCustomHeader header = request.readCustomHeader(); CommandCustomHeader header = request.readCustomHeader();
// sort property // sort property
SortedMap<String, String> map = new TreeMap<String, String>(); SortedMap<String, String> map = new TreeMap<String, String>();
map.put(AccessKey, ak); map.put(ACCESS_KEY, ak);
if (securityToken != null) { if (securityToken != null) {
map.put(SecurityToken, securityToken); map.put(SECURITY_TOKEN, securityToken);
} }
try { try {
// add header properties // add header properties
......
...@@ -25,14 +25,14 @@ import org.apache.rocketmq.logging.InternalLogger; ...@@ -25,14 +25,14 @@ import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory; import org.apache.rocketmq.logging.InternalLoggerFactory;
public class AclSigner { public class AclSigner {
public static final Charset defaultCharset = Charset.forName("UTF-8"); public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");
public static final SigningAlgorithm defaultAlgorithm = SigningAlgorithm.HmacSHA1; public static final SigningAlgorithm DEFAULT_ALGORITHM = SigningAlgorithm.HmacSHA1;
private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ROCKETMQ_AUTHORIZE_LOGGER_NAME); private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ROCKETMQ_AUTHORIZE_LOGGER_NAME);
private static final int CAL_SIGNATURE_FAILED = 10015; private static final int CAL_SIGNATURE_FAILED = 10015;
private static final String CAL_SIGNATURE_FAILED_MSG = "[%s:signature-failed] unable to calculate a request signature. error=%s"; private static final String CAL_SIGNATURE_FAILED_MSG = "[%s:signature-failed] unable to calculate a request signature. error=%s";
public static String calSignature(String data, String key) throws AclException { public static String calSignature(String data, String key) throws AclException {
return calSignature(data, key, defaultAlgorithm, defaultCharset); return calSignature(data, key, DEFAULT_ALGORITHM, DEFAULT_CHARSET);
} }
public static String calSignature(String data, String key, SigningAlgorithm algorithm, public static String calSignature(String data, String key, SigningAlgorithm algorithm,
...@@ -44,7 +44,7 @@ public class AclSigner { ...@@ -44,7 +44,7 @@ public class AclSigner {
throws AclException { throws AclException {
try { try {
byte[] signature = sign(data.getBytes(charset), key.getBytes(charset), algorithm); byte[] signature = sign(data.getBytes(charset), key.getBytes(charset), algorithm);
return new String(Base64.encodeBase64(signature), defaultCharset); return new String(Base64.encodeBase64(signature), DEFAULT_CHARSET);
} catch (Exception e) { } catch (Exception e) {
String message = String.format(CAL_SIGNATURE_FAILED_MSG, CAL_SIGNATURE_FAILED, e.getMessage()); String message = String.format(CAL_SIGNATURE_FAILED_MSG, CAL_SIGNATURE_FAILED, e.getMessage());
log.error(message, e); log.error(message, e);
...@@ -65,7 +65,7 @@ public class AclSigner { ...@@ -65,7 +65,7 @@ public class AclSigner {
} }
public static String calSignature(byte[] data, String key) throws AclException { public static String calSignature(byte[] data, String key) throws AclException {
return calSignature(data, key, defaultAlgorithm, defaultCharset); return calSignature(data, key, DEFAULT_ALGORITHM, DEFAULT_CHARSET);
} }
public static String calSignature(byte[] data, String key, SigningAlgorithm algorithm, public static String calSignature(byte[] data, String key, SigningAlgorithm algorithm,
...@@ -77,7 +77,7 @@ public class AclSigner { ...@@ -77,7 +77,7 @@ public class AclSigner {
throws AclException { throws AclException {
try { try {
byte[] signature = sign(data, key.getBytes(charset), algorithm); byte[] signature = sign(data, key.getBytes(charset), algorithm);
return new String(Base64.encodeBase64(signature), defaultCharset); return new String(Base64.encodeBase64(signature), DEFAULT_CHARSET);
} catch (Exception e) { } catch (Exception e) {
String message = String.format(CAL_SIGNATURE_FAILED_MSG, CAL_SIGNATURE_FAILED, e.getMessage()); String message = String.format(CAL_SIGNATURE_FAILED_MSG, CAL_SIGNATURE_FAILED, e.getMessage());
log.error(message, e); log.error(message, e);
......
...@@ -33,7 +33,7 @@ public class AclUtils { ...@@ -33,7 +33,7 @@ public class AclUtils {
try { try {
StringBuilder sb = new StringBuilder(""); StringBuilder sb = new StringBuilder("");
for (Map.Entry<String, String> entry : fieldsMap.entrySet()) { for (Map.Entry<String, String> entry : fieldsMap.entrySet()) {
if (!SessionCredentials.Signature.equals(entry.getKey())) { if (!SessionCredentials.SIGNATURE.equals(entry.getKey())) {
sb.append(entry.getValue()); sb.append(entry.getValue());
} }
} }
......
...@@ -16,11 +16,12 @@ ...@@ -16,11 +16,12 @@
*/ */
package org.apache.rocketmq.acl.common; package org.apache.rocketmq.acl.common;
import com.alibaba.fastjson.JSONArray;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Set; import java.util.Set;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.acl.plain.PlainAccessResource; import org.apache.rocketmq.acl.plain.PlainAccessResource;
import org.apache.rocketmq.common.protocol.RequestCode;
public class Permission { public class Permission {
...@@ -33,15 +34,15 @@ public class Permission { ...@@ -33,15 +34,15 @@ public class Permission {
static { static {
// UPDATE_AND_CREATE_TOPIC // UPDATE_AND_CREATE_TOPIC
ADMIN_CODE.add(17); ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_TOPIC);
// UPDATE_BROKER_CONFIG // UPDATE_BROKER_CONFIG
ADMIN_CODE.add(25); ADMIN_CODE.add(RequestCode.UPDATE_BROKER_CONFIG);
// DELETE_TOPIC_IN_BROKER // DELETE_TOPIC_IN_BROKER
ADMIN_CODE.add(215); ADMIN_CODE.add(RequestCode.DELETE_TOPIC_IN_BROKER);
// UPDATE_AND_CREATE_SUBSCRIPTIONGROUP // UPDATE_AND_CREATE_SUBSCRIPTIONGROUP
ADMIN_CODE.add(200); ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_SUBSCRIPTIONGROUP);
// DELETE_SUBSCRIPTIONGROUP // DELETE_SUBSCRIPTIONGROUP
ADMIN_CODE.add(207); ADMIN_CODE.add(RequestCode.DELETE_SUBSCRIPTIONGROUP);
} }
public static boolean checkPermission(byte neededPerm, byte ownedPerm) { public static boolean checkPermission(byte neededPerm, byte ownedPerm) {
...@@ -76,16 +77,16 @@ public class Permission { ...@@ -76,16 +77,16 @@ public class Permission {
} }
} }
public static void setTopicPerm(PlainAccessResource plainAccessResource, Boolean isTopic, JSONArray topicArray) { public static void setTopicPerm(PlainAccessResource plainAccessResource, Boolean isTopic, List<String> topicArray) {
if (topicArray == null || topicArray.isEmpty()) { if (topicArray == null || topicArray.isEmpty()) {
return; return;
} }
for (int i = 0; i < topicArray.size(); i++) { for (String topic : topicArray) {
String[] topicPrem = StringUtils.split(topicArray.getString(i), "="); String[] topicPrem = StringUtils.split(topic, "=");
if (topicPrem.length == 2) { if (topicPrem.length == 2) {
plainAccessResource.addResourceAndPerm(isTopic ? topicPrem[0] : PlainAccessResource.getRetryTopic(topicPrem[0]), fromStringGetPermission(topicPrem[1])); plainAccessResource.addResourceAndPerm(isTopic ? topicPrem[0] : PlainAccessResource.getRetryTopic(topicPrem[0]), fromStringGetPermission(topicPrem[1]));
} else { } else {
throw new AclException(String.format("%s Permission config erron %s", isTopic ? "topic" : "group", topicArray.getString(i))); throw new AclException(String.format("%s Permission config erron %s", isTopic ? "topic" : "group", topic));
} }
} }
} }
......
...@@ -24,12 +24,12 @@ import org.apache.rocketmq.common.MixAll; ...@@ -24,12 +24,12 @@ import org.apache.rocketmq.common.MixAll;
public class SessionCredentials { public class SessionCredentials {
public static final Charset CHARSET = Charset.forName("UTF-8"); public static final Charset CHARSET = Charset.forName("UTF-8");
public static final String AccessKey = "AccessKey"; public static final String ACCESS_KEY = "AccessKey";
public static final String SecretKey = "SecretKey"; public static final String SECRET_KEY = "SecretKey";
public static final String Signature = "Signature"; public static final String SIGNATURE = "Signature";
public static final String SecurityToken = "SecurityToken"; public static final String SECURITY_TOKEN = "SecurityToken";
public static final String KeyFile = System.getProperty("rocketmq.client.keyFile", public static final String KEY_FILE = System.getProperty("rocketmq.client.keyFile",
System.getProperty("user.home") + File.separator + "onskey"); System.getProperty("user.home") + File.separator + "onskey");
private String accessKey; private String accessKey;
...@@ -40,7 +40,7 @@ public class SessionCredentials { ...@@ -40,7 +40,7 @@ public class SessionCredentials {
public SessionCredentials() { public SessionCredentials() {
String keyContent = null; String keyContent = null;
try { try {
keyContent = MixAll.file2String(KeyFile); keyContent = MixAll.file2String(KEY_FILE);
} catch (IOException ignore) { } catch (IOException ignore) {
} }
if (keyContent != null) { if (keyContent != null) {
...@@ -63,19 +63,19 @@ public class SessionCredentials { ...@@ -63,19 +63,19 @@ public class SessionCredentials {
public void updateContent(Properties prop) { public void updateContent(Properties prop) {
{ {
String value = prop.getProperty(AccessKey); String value = prop.getProperty(ACCESS_KEY);
if (value != null) { if (value != null) {
this.accessKey = value.trim(); this.accessKey = value.trim();
} }
} }
{ {
String value = prop.getProperty(SecretKey); String value = prop.getProperty(SECRET_KEY);
if (value != null) { if (value != null) {
this.secretKey = value.trim(); this.secretKey = value.trim();
} }
} }
{ {
String value = prop.getProperty(SecurityToken); String value = prop.getProperty(SECURITY_TOKEN);
if (value != null) { if (value != null) {
this.securityToken = value.trim(); this.securityToken = value.trim();
} }
......
...@@ -56,7 +56,7 @@ public class PlainAccessResource implements AccessResource { ...@@ -56,7 +56,7 @@ public class PlainAccessResource implements AccessResource {
} }
public static boolean isRetryTopic(String topic) { public static boolean isRetryTopic(String topic) {
return (null != topic && topic.startsWith(MixAll.RETRY_GROUP_TOPIC_PREFIX)); return null != topic && topic.startsWith(MixAll.RETRY_GROUP_TOPIC_PREFIX);
} }
public static String getRetryTopic(String group) { public static String getRetryTopic(String group) {
......
...@@ -49,12 +49,11 @@ public class PlainAccessValidator implements AccessValidator { ...@@ -49,12 +49,11 @@ public class PlainAccessValidator implements AccessValidator {
PlainAccessResource accessResource = new PlainAccessResource(); PlainAccessResource accessResource = new PlainAccessResource();
accessResource.setWhiteRemoteAddress(remoteAddr); accessResource.setWhiteRemoteAddress(remoteAddr);
accessResource.setRequestCode(request.getCode()); accessResource.setRequestCode(request.getCode());
accessResource.setAccessKey(request.getExtFields().get(SessionCredentials.AccessKey)); accessResource.setAccessKey(request.getExtFields().get(SessionCredentials.ACCESS_KEY));
accessResource.setSignature(request.getExtFields().get(SessionCredentials.Signature)); accessResource.setSignature(request.getExtFields().get(SessionCredentials.SIGNATURE));
accessResource.setSecretToken(request.getExtFields().get(SessionCredentials.SecurityToken)); accessResource.setSecretToken(request.getExtFields().get(SessionCredentials.SECURITY_TOKEN));
try { try {
// resource 和 permission 转换
switch (request.getCode()) { switch (request.getCode()) {
case RequestCode.SEND_MESSAGE: case RequestCode.SEND_MESSAGE:
accessResource.addResourceAndPerm(request.getExtFields().get("topic"), Permission.PUB); accessResource.addResourceAndPerm(request.getExtFields().get("topic"), Permission.PUB);
...@@ -111,7 +110,7 @@ public class PlainAccessValidator implements AccessValidator { ...@@ -111,7 +110,7 @@ public class PlainAccessValidator implements AccessValidator {
// content // content
SortedMap<String, String> map = new TreeMap<String, String>(); SortedMap<String, String> map = new TreeMap<String, String>();
for (Map.Entry<String, String> entry : request.getExtFields().entrySet()) { for (Map.Entry<String, String> entry : request.getExtFields().entrySet()) {
if (!SessionCredentials.Signature.equals(entry.getKey())) { if (!SessionCredentials.SIGNATURE.equals(entry.getKey())) {
map.put(entry.getKey(), entry.getValue()); map.put(entry.getKey(), entry.getValue());
} }
} }
......
...@@ -70,7 +70,7 @@ public class PlainPermissionLoader { ...@@ -70,7 +70,7 @@ public class PlainPermissionLoader {
JSONObject.class); JSONObject.class);
if (accessControlTransport == null || accessControlTransport.isEmpty()) { if (accessControlTransport == null || accessControlTransport.isEmpty()) {
throw new AclException("transport.yml file is not data"); throw new AclException(String.format("%s file is not data", fileHome + fileName));
} }
log.info("BorkerAccessControlTransport data is : ", accessControlTransport.toString()); log.info("BorkerAccessControlTransport data is : ", accessControlTransport.toString());
JSONArray globalWhiteRemoteAddressesList = accessControlTransport.getJSONArray("globalWhiteRemoteAddresses"); JSONArray globalWhiteRemoteAddressesList = accessControlTransport.getJSONArray("globalWhiteRemoteAddresses");
...@@ -81,9 +81,10 @@ public class PlainPermissionLoader { ...@@ -81,9 +81,10 @@ public class PlainPermissionLoader {
} }
JSONArray accounts = accessControlTransport.getJSONArray("accounts"); JSONArray accounts = accessControlTransport.getJSONArray("accounts");
if (accounts != null && !accounts.isEmpty()) { List<PlainAccess> plainAccessList = accounts.toJavaList(PlainAccess.class);
for (int i = 0; i < accounts.size(); i++) { if (plainAccessList != null && !plainAccessList.isEmpty()) {
this.setPlainAccessResource(getPlainAccessResource(accounts.getJSONObject(i))); for (PlainAccess plainAccess : plainAccessList) {
this.setPlainAccessResource(getPlainAccessResource(plainAccess));
} }
} }
} }
...@@ -139,19 +140,19 @@ public class PlainPermissionLoader { ...@@ -139,19 +140,19 @@ public class PlainPermissionLoader {
} }
} }
PlainAccessResource getPlainAccessResource(JSONObject account) { PlainAccessResource getPlainAccessResource(PlainAccess plainAccess) {
PlainAccessResource plainAccessResource = new PlainAccessResource(); PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setAccessKey(account.getString("accessKey")); plainAccessResource.setAccessKey(plainAccess.getAccessKey());
plainAccessResource.setSecretKey(account.getString("secretKey")); plainAccessResource.setSecretKey(plainAccess.getSecretKey());
plainAccessResource.setWhiteRemoteAddress(account.getString("whiteRemoteAddress")); plainAccessResource.setWhiteRemoteAddress(plainAccess.getWhiteRemoteAddress());
plainAccessResource.setAdmin(account.containsKey("admin") ? account.getBoolean("admin") : false); plainAccessResource.setAdmin(plainAccess.isAdmin());
plainAccessResource.setDefaultGroupPerm(Permission.fromStringGetPermission(account.getString("defaultGroupPerm"))); plainAccessResource.setDefaultGroupPerm(Permission.fromStringGetPermission(plainAccess.getDefaultGroupPerm()));
plainAccessResource.setDefaultTopicPerm(Permission.fromStringGetPermission(account.getString("defaultTopicPerm"))); plainAccessResource.setDefaultTopicPerm(Permission.fromStringGetPermission(plainAccess.getDefaultTopicPerm()));
Permission.setTopicPerm(plainAccessResource, true, account.getJSONArray("groups")); Permission.setTopicPerm(plainAccessResource, false, plainAccess.getGroups());
Permission.setTopicPerm(plainAccessResource, true, account.getJSONArray("topics")); Permission.setTopicPerm(plainAccessResource, true, plainAccess.getTopics());
return plainAccessResource; return plainAccessResource;
} }
...@@ -250,4 +251,88 @@ public class PlainPermissionLoader { ...@@ -250,4 +251,88 @@ public class PlainPermissionLoader {
return isWatchStart; return isWatchStart;
} }
static class PlainAccess {
private String accessKey;
private String secretKey;
private String whiteRemoteAddress;
private boolean admin;
private String defaultTopicPerm;
private String defaultGroupPerm;
private List<String> topics;
private List<String> groups;
public String getAccessKey() {
return accessKey;
}
public void setAccessKey(String accessKey) {
this.accessKey = accessKey;
}
public String getSecretKey() {
return secretKey;
}
public void setSecretKey(String secretKey) {
this.secretKey = secretKey;
}
public String getWhiteRemoteAddress() {
return whiteRemoteAddress;
}
public void setWhiteRemoteAddress(String whiteRemoteAddress) {
this.whiteRemoteAddress = whiteRemoteAddress;
}
public boolean isAdmin() {
return admin;
}
public void setAdmin(boolean admin) {
this.admin = admin;
}
public String getDefaultTopicPerm() {
return defaultTopicPerm;
}
public void setDefaultTopicPerm(String defaultTopicPerm) {
this.defaultTopicPerm = defaultTopicPerm;
}
public String getDefaultGroupPerm() {
return defaultGroupPerm;
}
public void setDefaultGroupPerm(String defaultGroupPerm) {
this.defaultGroupPerm = defaultGroupPerm;
}
public List<String> getTopics() {
return topics;
}
public void setTopics(List<String> topics) {
this.topics = topics;
}
public List<String> getGroups() {
return groups;
}
public void setGroups(List<String> groups) {
this.groups = groups;
}
}
} }
...@@ -16,8 +16,9 @@ ...@@ -16,8 +16,9 @@
*/ */
package org.apache.rocketmq.acl.common; package org.apache.rocketmq.acl.common;
import com.alibaba.fastjson.JSONArray; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.rocketmq.acl.plain.PlainAccessResource; import org.apache.rocketmq.acl.plain.PlainAccessResource;
...@@ -93,7 +94,7 @@ public class PermissionTest { ...@@ -93,7 +94,7 @@ public class PermissionTest {
Permission.setTopicPerm(plainAccessResource, false, null); Permission.setTopicPerm(plainAccessResource, false, null);
Assert.assertNull(resourcePermMap); Assert.assertNull(resourcePermMap);
JSONArray groups = new JSONArray(); List<String> groups = new ArrayList<>();
Permission.setTopicPerm(plainAccessResource, false, groups); Permission.setTopicPerm(plainAccessResource, false, groups);
Assert.assertNull(resourcePermMap); Assert.assertNull(resourcePermMap);
...@@ -112,7 +113,7 @@ public class PermissionTest { ...@@ -112,7 +113,7 @@ public class PermissionTest {
perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupC")); perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupC"));
Assert.assertEquals(perm, Permission.PUB); Assert.assertEquals(perm, Permission.PUB);
JSONArray topics = new JSONArray(); List<String> topics = new ArrayList<>();
topics.add("topicA=DENY"); topics.add("topicA=DENY");
topics.add("topicB=PUB|SUB"); topics.add("topicB=PUB|SUB");
topics.add("topicC=PUB"); topics.add("topicC=PUB");
...@@ -128,7 +129,7 @@ public class PermissionTest { ...@@ -128,7 +129,7 @@ public class PermissionTest {
perm = resourcePermMap.get("topicC"); perm = resourcePermMap.get("topicC");
Assert.assertEquals(perm, Permission.PUB); Assert.assertEquals(perm, Permission.PUB);
JSONArray erron = new JSONArray(); List<String> erron = new ArrayList<>();
erron.add(""); erron.add("");
Permission.setTopicPerm(plainAccessResource, false, erron); Permission.setTopicPerm(plainAccessResource, false, erron);
} }
......
...@@ -70,7 +70,7 @@ public class PlainAccessValidatorTest { ...@@ -70,7 +70,7 @@ public class PlainAccessValidatorTest {
AclClientRPCHook aclClient = new AclClientRPCHook(sessionCredentials); AclClientRPCHook aclClient = new AclClientRPCHook(sessionCredentials);
SendMessageRequestHeader messageRequestHeader = new SendMessageRequestHeader(); SendMessageRequestHeader messageRequestHeader = new SendMessageRequestHeader();
messageRequestHeader.setTopic("topicA"); messageRequestHeader.setTopic("topicB");
RemotingCommand remotingCommand = RemotingCommand.createRequestCommand(RequestCode.SEND_MESSAGE, messageRequestHeader); RemotingCommand remotingCommand = RemotingCommand.createRequestCommand(RequestCode.SEND_MESSAGE, messageRequestHeader);
aclClient.doBeforeRequest("", remotingCommand); aclClient.doBeforeRequest("", remotingCommand);
......
...@@ -16,30 +16,22 @@ ...@@ -16,30 +16,22 @@
*/ */
package org.apache.rocketmq.acl.plain; package org.apache.rocketmq.acl.plain;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.io.File; import java.io.File;
import java.io.FileWriter; import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.commons.lang3.reflect.FieldUtils; import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.rocketmq.acl.common.AclException; import org.apache.rocketmq.acl.common.AclException;
import org.apache.rocketmq.acl.common.AclUtils;
import org.apache.rocketmq.acl.common.Permission; import org.apache.rocketmq.acl.common.Permission;
import org.apache.rocketmq.common.MixAll; import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccess;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
@RunWith(PowerMockRunner.class)
@PrepareForTest({AclUtils.class})
public class PlainPermissionLoaderTest { public class PlainPermissionLoaderTest {
PlainPermissionLoader plainPermissionLoader; PlainPermissionLoader plainPermissionLoader;
...@@ -50,10 +42,6 @@ public class PlainPermissionLoaderTest { ...@@ -50,10 +42,6 @@ public class PlainPermissionLoaderTest {
PlainAccessResource plainAccessResource = new PlainAccessResource(); PlainAccessResource plainAccessResource = new PlainAccessResource();
PlainAccessResource plainAccessResourceTwo = new PlainAccessResource(); PlainAccessResource plainAccessResourceTwo = new PlainAccessResource();
Set<Integer> adminCode = new HashSet<>(); Set<Integer> adminCode = new HashSet<>();
private String fileName = System.getProperty("romcketmq.acl.plain.fileName", "/conf/transport.yml");
private Map<String/** account **/
, List<PlainAccessResource>> plainAccessResourceMap;
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy;
@Before @Before
public void init() throws NoSuchFieldException, SecurityException, IOException { public void init() throws NoSuchFieldException, SecurityException, IOException {
...@@ -75,6 +63,7 @@ public class PlainPermissionLoaderTest { ...@@ -75,6 +63,7 @@ public class PlainPermissionLoaderTest {
System.setProperty("java.version", "1.6.11"); System.setProperty("java.version", "1.6.11");
System.setProperty("rocketmq.home.dir", "src/test/resources"); System.setProperty("rocketmq.home.dir", "src/test/resources");
System.setProperty("romcketmq.acl.plain.fileName", "/conf/transport.yml");
plainPermissionLoader = new PlainPermissionLoader(); plainPermissionLoader = new PlainPermissionLoader();
} }
...@@ -98,85 +87,56 @@ public class PlainPermissionLoaderTest { ...@@ -98,85 +87,56 @@ public class PlainPermissionLoaderTest {
return painAccessResource; return painAccessResource;
} }
@SuppressWarnings("unchecked")
private void getField(PlainPermissionLoader plainPermissionLoader) {
try {
this.globalWhiteRemoteAddressStrategy = (List<RemoteAddressStrategy>) FieldUtils.readDeclaredField(plainPermissionLoader, "globalWhiteRemoteAddressStrategy", true);
this.plainAccessResourceMap = (Map<String/** account **/, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
} catch (IllegalAccessException e) {
e.printStackTrace();
}
}
@Test(expected = AclException.class)
public void initializeTest() {
System.setProperty("romcketmq.acl.plain.fileName", "/conf/transport-null.yml");
new PlainPermissionLoader();
}
@Test
public void initializeIngetYamlDataObject() {
String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, System.getenv(MixAll.ROCKETMQ_HOME_ENV));
PowerMockito.mockStatic(AclUtils.class);
JSONObject json = new JSONObject();
json.put("", "");
PowerMockito.when(AclUtils.getYamlDataObject(fileHome + "/conf/transport.yml", JSONObject.class)).thenReturn(json);
PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader();
getField(plainPermissionLoader);
Assert.assertTrue(globalWhiteRemoteAddressStrategy.isEmpty());
Assert.assertTrue(plainAccessResourceMap.isEmpty());
}
@Test @Test
public void getPlainAccessResourceTest() { public void getPlainAccessResourceTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource(); PlainAccessResource plainAccessResource = new PlainAccessResource();
JSONObject account = new JSONObject(); PlainAccess plainAccess = new PlainAccess();
account.put("accessKey", "RocketMQ");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccess.setAccessKey("RocketMQ");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.getAccessKey(), "RocketMQ"); Assert.assertEquals(plainAccessResource.getAccessKey(), "RocketMQ");
account.put("secretKey", "12345678"); plainAccess.setSecretKey("12345678");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.getSecretKey(), "12345678"); Assert.assertEquals(plainAccessResource.getSecretKey(), "12345678");
account.put("whiteRemoteAddress", "127.0.0.1"); plainAccess.setWhiteRemoteAddress("127.0.0.1");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.getWhiteRemoteAddress(), "127.0.0.1"); Assert.assertEquals(plainAccessResource.getWhiteRemoteAddress(), "127.0.0.1");
account.put("admin", true); plainAccess.setAdmin(true);
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.isAdmin(), true); Assert.assertEquals(plainAccessResource.isAdmin(), true);
account.put("defaultGroupPerm", "ANY"); plainAccess.setDefaultGroupPerm("ANY");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.getDefaultGroupPerm(), Permission.ANY); Assert.assertEquals(plainAccessResource.getDefaultGroupPerm(), Permission.ANY);
account.put("defaultTopicPerm", "ANY"); plainAccess.setDefaultTopicPerm("ANY");
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Assert.assertEquals(plainAccessResource.getDefaultTopicPerm(), Permission.ANY); Assert.assertEquals(plainAccessResource.getDefaultTopicPerm(), Permission.ANY);
JSONArray groups = new JSONArray(); List<String> groups = new ArrayList<String>();
groups.add("groupA=DENY"); groups.add("groupA=DENY");
groups.add("groupB=PUB|SUB"); groups.add("groupB=PUB|SUB");
groups.add("groupC=PUB"); groups.add("groupC=PUB");
account.put("groups", groups); plainAccess.setGroups(groups);
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap(); Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap();
Assert.assertEquals(resourcePermMap.size(), 3); Assert.assertEquals(resourcePermMap.size(), 3);
Assert.assertEquals(resourcePermMap.get("groupA").byteValue(), Permission.DENY); Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupA")).byteValue(), Permission.DENY);
Assert.assertEquals(resourcePermMap.get("groupB").byteValue(), Permission.ANY); Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupB")).byteValue(), Permission.ANY);
Assert.assertEquals(resourcePermMap.get("groupC").byteValue(), Permission.PUB); Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupC")).byteValue(), Permission.PUB);
JSONArray topics = new JSONArray(); List<String> topics = new ArrayList<String>();
topics.add("topicA=DENY"); topics.add("topicA=DENY");
topics.add("topicB=PUB|SUB"); topics.add("topicB=PUB|SUB");
topics.add("topicC=PUB"); topics.add("topicC=PUB");
account.put("topics", topics); plainAccess.setTopics(topics);
plainAccessResource = plainPermissionLoader.getPlainAccessResource(account); plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
resourcePermMap = plainAccessResource.getResourcePermMap(); resourcePermMap = plainAccessResource.getResourcePermMap();
Assert.assertEquals(resourcePermMap.size(), 3); Assert.assertEquals(resourcePermMap.size(), 6);
Assert.assertEquals(resourcePermMap.get("topicA").byteValue(), Permission.DENY); Assert.assertEquals(resourcePermMap.get("topicA").byteValue(), Permission.DENY);
Assert.assertEquals(resourcePermMap.get("topicB").byteValue(), Permission.ANY); Assert.assertEquals(resourcePermMap.get("topicB").byteValue(), Permission.ANY);
...@@ -237,17 +197,21 @@ public class PlainPermissionLoaderTest { ...@@ -237,17 +197,21 @@ public class PlainPermissionLoaderTest {
new PlainPermissionLoader().initialize(); new PlainPermissionLoader().initialize();
} }
@SuppressWarnings("unchecked")
@Test @Test
public void cleanAuthenticationInfoTest() { public void cleanAuthenticationInfoTest() throws IllegalAccessException {
plainPermissionLoader.setPlainAccessResource(plainAccessResource); //plainPermissionLoader.setPlainAccessResource(plainAccessResource);
plainAccessResource.setRequestCode(202); Map<String, List<PlainAccessResource>> plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
plainPermissionLoader.eachCheckPlainAccessResource(plainAccessResource); Assert.assertFalse(plainAccessResourceMap.isEmpty());
plainPermissionLoader.cleanAuthenticationInfo(); plainPermissionLoader.cleanAuthenticationInfo();
plainPermissionLoader.eachCheckPlainAccessResource(plainAccessResource); plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
Assert.assertTrue(plainAccessResourceMap.isEmpty());
} }
@Test @Test
public void isWatchStartTest() { public void isWatchStartTest() {
System.setProperty("java.version", "1.7.11");
PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader(); PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader();
Assert.assertTrue(plainPermissionLoader.isWatchStart()); Assert.assertTrue(plainPermissionLoader.isWatchStart());
System.setProperty("java.version", "1.6.11"); System.setProperty("java.version", "1.6.11");
...@@ -255,8 +219,10 @@ public class PlainPermissionLoaderTest { ...@@ -255,8 +219,10 @@ public class PlainPermissionLoaderTest {
Assert.assertFalse(plainPermissionLoader.isWatchStart()); Assert.assertFalse(plainPermissionLoader.isWatchStart());
} }
@SuppressWarnings("unchecked")
@Test @Test
public void watchTest() throws IOException { public void watchTest() throws IOException, IllegalAccessException {
System.setProperty("java.version", "1.7.11");
System.setProperty("rocketmq.home.dir", "src/test/resources/watch"); System.setProperty("rocketmq.home.dir", "src/test/resources/watch");
File file = new File("src/test/resources/watch/conf"); File file = new File("src/test/resources/watch/conf");
file.mkdirs(); file.mkdirs();
...@@ -264,30 +230,33 @@ public class PlainPermissionLoaderTest { ...@@ -264,30 +230,33 @@ public class PlainPermissionLoaderTest {
transport.createNewFile(); transport.createNewFile();
FileWriter writer = new FileWriter(transport); FileWriter writer = new FileWriter(transport);
writer.write("list:\r\n"); writer.write("accounts:\r\n");
writer.write("- account: rokcetmq\r\n"); writer.write("- accessKey: rokcetmq\r\n");
writer.write(" password: aliyun11\r\n"); writer.write(" secretKey: aliyun11\r\n");
writer.write(" netaddress: 127.0.0.1\r\n"); writer.write(" whiteRemoteAddress: 127.0.0.1\r\n");
writer.write(" admin: true\r\n");
writer.flush(); writer.flush();
writer.close(); writer.close();
PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader(); PlainPermissionLoader plainPermissionLoader = new PlainPermissionLoader();
plainAccessResource.setRequestCode(203);
plainPermissionLoader.eachCheckPlainAccessResource(plainAccessResource); Map<String, List<PlainAccessResource>> plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
Assert.assertEquals(plainAccessResourceMap.get("rokcetmq").size(), 1);
writer = new FileWriter(new File("src/test/resources/watch/conf/transport.yml"), true); writer = new FileWriter(new File("src/test/resources/watch/conf/transport.yml"), true);
writer.write("- account: rokcet1\r\n"); writer.write("- accessKey: rokcet1\r\n");
writer.write(" password: aliyun1\r\n"); writer.write(" secretKey: aliyun1\r\n");
writer.write(" netaddress: 127.0.0.1\r\n"); writer.write(" whiteRemoteAddress: 127.0.0.1\r\n");
writer.write(" admin: true\r\n");
writer.flush(); writer.flush();
writer.close(); writer.close();
try { try {
Thread.sleep(100); Thread.sleep(100);
} catch (InterruptedException e) { } catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace(); e.printStackTrace();
} }
plainAccessResourceTwo.setRequestCode(203); plainAccessResourceMap = (Map<String, List<PlainAccessResource>>) FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap", true);
plainPermissionLoader.eachCheckPlainAccessResource(plainAccessResourceTwo); Assert.assertEquals(plainAccessResourceMap.get("rokcet1").size(), 1);
transport.delete(); transport.delete();
file.delete(); file.delete();
...@@ -296,4 +265,11 @@ public class PlainPermissionLoaderTest { ...@@ -296,4 +265,11 @@ public class PlainPermissionLoaderTest {
} }
@Test(expected = AclException.class)
public void initializeTest() {
System.setProperty("romcketmq.acl.plain.fileName", "/conf/transport-null.yml");
new PlainPermissionLoader();
}
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册