diff --git a/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java b/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
index 71bbe0696907b1eef62d8c825f8c7bc54d2d4a70..dae1335540bfe0836983e601d2059f2a0b57a08f 100644
--- a/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
+++ b/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
@@ -24,6 +24,7 @@ import org.apache.rocketmq.remoting.netty.NettyClientConfig;
import org.apache.rocketmq.remoting.netty.NettyServerConfig;
import org.apache.rocketmq.store.config.MessageStoreConfig;
import org.junit.After;
+import org.junit.Ignore;
import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThat;
@@ -42,21 +43,6 @@ public class BrokerControllerTest {
brokerController.shutdown();
}
- @Test
- public void testBrokerStartAclEnabled() throws Exception {
- BrokerConfig brokerConfigAclEnabled = new BrokerConfig();
- brokerConfigAclEnabled.setEnableAcl(true);
-
- BrokerController brokerController = new BrokerController(
- brokerConfigAclEnabled,
- new NettyServerConfig(),
- new NettyClientConfig(),
- new MessageStoreConfig());
- assertThat(brokerController.initialize());
- brokerController.start();
- brokerController.shutdown();
- }
-
@After
public void destroy() {
UtilAll.deleteFile(new File(new MessageStoreConfig().getStorePathRootDir()));
diff --git a/distribution/conf/plain_acl.yml b/distribution/conf/plain_acl.yml
index ccebd8f9eda17bb83215bb52ba70f16ed899032a..9043b0dd800c9adb7c2985869505b54a1a725d6f 100644
--- a/distribution/conf/plain_acl.yml
+++ b/distribution/conf/plain_acl.yml
@@ -13,22 +13,28 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-onlyNetAddress:
- remoteAddr: 192.168.0.*
- noPermitPullTopic:
- - broker-a
+globalWhiteRemoteAddresses:
-list:
- - accessKey: RocketMQ
- signature: 1234567
- remoteAddr: 192.168.0.*
- permitSendTopic:
- - TopicTest
- - test2
- - accessKey: RocketMQ
- signature: 1234567
- remoteAddr: 192.168.2.1
- permitSendTopic:
- - test3
- - test4
+accounts:
+- accessKey: RocketMQ
+ secretKey: 12345678
+ whiteRemoteAddress:
+ admin: false
+ defaultTopicPerm: DENY
+ defaultGroupPerm: SUB
+ topicPerms:
+ - topicA=DENY
+ - topicB=PUB|SUB
+ - topicC=SUB
+ groupPerms:
+ # the group should convert to retry topic
+ - groupA=DENY
+ - groupB=PUB|SUB
+ - groupC=SUB
+
+- accessKey: aliyun.com
+ secretKey: 12345678
+ whiteRemoteAddress: 192.168.1.*
+ # if it is admin, it could access all resources
+ admin: true
diff --git a/example/pom.xml b/example/pom.xml
index 28dfe922fb1bf03996503c4e7fc339364454c279..1a4065770b6c82caed27c3014474fdeeeb4676a1 100644
--- a/example/pom.xml
+++ b/example/pom.xml
@@ -53,5 +53,10 @@
rocketmq-openmessaging
4.4.0-SNAPSHOT
+
+ org.apache.rocketmq
+ rocketmq-acl
+ 4.4.0-SNAPSHOT
+
diff --git a/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java b/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
index fa0bf0a1e130e1b401a37e102fbb2830434f8cce..898051704bfcea84bc4091e0d2c0de176c266325 100644
--- a/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
+++ b/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
@@ -20,6 +20,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
+
+import org.apache.rocketmq.acl.common.AclClientRPCHook;
+import org.apache.rocketmq.acl.common.SessionCredentials;
import org.apache.rocketmq.client.consumer.DefaultMQPullConsumer;
import org.apache.rocketmq.client.consumer.DefaultMQPushConsumer;
import org.apache.rocketmq.client.consumer.PullResult;
@@ -36,25 +39,22 @@ import org.apache.rocketmq.common.message.MessageExt;
import org.apache.rocketmq.common.message.MessageQueue;
import org.apache.rocketmq.remoting.RPCHook;
import org.apache.rocketmq.remoting.common.RemotingHelper;
-import org.apache.rocketmq.remoting.protocol.RemotingCommand;
/**
*
- * English explain
- * 1. broker module src/test/resources/META-INF/service/org.apache.rocketmq.acl.AccessValidator copy to src/java/resources/META-INF/service.
- *
- * 2. view the /conf/transport.yml file under the distribution module, pay attention to the account password, IP.
+ * 1. view the /conf/plain_acl.yml file under the distribution module, pay attention to the accessKey,secretKey,
+ * globalWhiteRemoteAddresses and whiteRemoteAddress and some other attributes.
*
- * 3. Modify ALC_RCP_HOOK_ACCOUT and ACL_RCP_HOOK_PASSWORD to the corresponding account password in transport.yml
+ * 2. Modify ACL_ACCESS_KEY and ACL_SECRET_KEY to the corresponding accessKey and secretKey in plain_acl.yml
*
*/
public class AclClient {
private static final Map OFFSE_TABLE = new HashMap();
- private static final String ACL_RCPHOOK_ACCOUT = "RocketMQ";
+ private static final String ACL_ACCESS_KEY = "RocketMQ";
- private static final String ACL_RCPHOOK_PASSWORD = "1234567";
+ private static final String ACL_SECRET_KEY = "1234567";
public static void main(String[] args) throws MQClientException, InterruptedException {
producer();
@@ -170,37 +170,6 @@ public class AclClient {
}
static RPCHook getAclRPCHook() {
- return new AclRPCHook(ACL_RCPHOOK_ACCOUT, ACL_RCPHOOK_PASSWORD);
- }
-
- static class AclRPCHook implements RPCHook {
-
- private String account;
-
- private String password;
-
- public AclRPCHook(String account, String password) {
- this.account = account;
- this.password = password;
- }
-
- @Override
- public void doBeforeRequest(String remoteAddr, RemotingCommand request) {
-
- HashMap ext = request.getExtFields();
- if (ext == null) {
- ext = new HashMap<>();
- request.setExtFields(ext);
- }
- ext.put("account", this.account);
- ext.put("password", this.password);
- }
-
- @Override
- public void doAfterResponse(String remoteAddr, RemotingCommand request, RemotingCommand response) {
- //do nothing
-
- }
-
+ return new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY,ACL_SECRET_KEY));
}
}