Merge pull request #634 from zongtanghu/feature_acl

[ISSUE#403] add the conf/plain_acl.yml file for acl_feature.

broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java

@@ -24,6 +24,7 @@ import org.apache.rocketmq.remoting.netty.NettyClientConfig;
 import org.apache.rocketmq.remoting.netty.NettyServerConfig;
 import org.apache.rocketmq.store.config.MessageStoreConfig;
 import org.junit.After;
+import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -42,21 +43,6 @@ public class BrokerControllerTest {
         brokerController.shutdown();
     }
 
-    @Test
-    public void testBrokerStartAclEnabled() throws Exception {
-        BrokerConfig brokerConfigAclEnabled = new BrokerConfig();
-        brokerConfigAclEnabled.setEnableAcl(true);
-        
-        BrokerController brokerController = new BrokerController(
-            brokerConfigAclEnabled,
-            new NettyServerConfig(),
-            new NettyClientConfig(),
-            new MessageStoreConfig());
-        assertThat(brokerController.initialize());
-        brokerController.start();
-        brokerController.shutdown();
-    }
-
     @After
     public void destroy() {
         UtilAll.deleteFile(new File(new MessageStoreConfig().getStorePathRootDir()));

distribution/conf/plain_acl.yml

@@ -13,22 +13,28 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-onlyNetAddress:
-  remoteAddr: 192.168.0.*
-  noPermitPullTopic:
-    - broker-a
+globalWhiteRemoteAddresses:
 
-list:
-  - accessKey: RocketMQ
-    signature: 1234567
-    remoteAddr: 192.168.0.*
-    permitSendTopic:
-      - TopicTest
-      - test2
-  - accessKey: RocketMQ
-    signature: 1234567
-    remoteAddr: 192.168.2.1
-    permitSendTopic:
-      - test3
-      - test4
+accounts:
+- accessKey: RocketMQ
+  secretKey: 12345678
+  whiteRemoteAddress:
+  admin: false
+  defaultTopicPerm: DENY
+  defaultGroupPerm: SUB
+  topicPerms:
+  - topicA=DENY
+  - topicB=PUB|SUB
+  - topicC=SUB
+  groupPerms:
+  # the group should convert to retry topic
+  - groupA=DENY
+  - groupB=PUB|SUB
+  - groupC=SUB
+
+- accessKey: aliyun.com
+  secretKey: 12345678
+  whiteRemoteAddress: 192.168.1.*
+  # if it is admin, it could access all resources
+  admin: true
     

example/pom.xml

@@ -53,5 +53,10 @@
             <artifactId>rocketmq-openmessaging</artifactId>
             <version>4.4.0-SNAPSHOT</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.rocketmq</groupId>
+            <artifactId>rocketmq-acl</artifactId>
+            <version>4.4.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 </project>

example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java

@@ -20,6 +20,9 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+
+import org.apache.rocketmq.acl.common.AclClientRPCHook;
+import org.apache.rocketmq.acl.common.SessionCredentials;
 import org.apache.rocketmq.client.consumer.DefaultMQPullConsumer;
 import org.apache.rocketmq.client.consumer.DefaultMQPushConsumer;
 import org.apache.rocketmq.client.consumer.PullResult;
@@ -36,25 +39,22 @@ import org.apache.rocketmq.common.message.MessageExt;
 import org.apache.rocketmq.common.message.MessageQueue;
 import org.apache.rocketmq.remoting.RPCHook;
 import org.apache.rocketmq.remoting.common.RemotingHelper;
-import org.apache.rocketmq.remoting.protocol.RemotingCommand;
 
 /**
  *
- * English explain
- * 1. broker module src/test/resources/META-INF/service/org.apache.rocketmq.acl.AccessValidator copy to src/java/resources/META-INF/service.
- *
- * 2. view the /conf/transport.yml file under the distribution module, pay attention to the account password, IP.
+ * 1. view the /conf/plain_acl.yml file under the distribution module, pay attention to the accessKey,secretKey,
+ * globalWhiteRemoteAddresses and whiteRemoteAddress and some other attributes.
  *
- * 3. Modify ALC_RCP_HOOK_ACCOUT and ACL_RCP_HOOK_PASSWORD to the corresponding account password in transport.yml
+ * 2. Modify ACL_ACCESS_KEY and ACL_SECRET_KEY to the corresponding accessKey and secretKey in plain_acl.yml
  *
  */
 public class AclClient {
 
     private static final Map<MessageQueue, Long> OFFSE_TABLE = new HashMap<MessageQueue, Long>();
 
-    private static final String ACL_RCPHOOK_ACCOUT = "RocketMQ";
+    private static final String ACL_ACCESS_KEY = "RocketMQ";
 
-    private static final String ACL_RCPHOOK_PASSWORD = "1234567";
+    private static final String ACL_SECRET_KEY = "1234567";
 
     public static void main(String[] args) throws MQClientException, InterruptedException {
         producer();
@@ -170,37 +170,6 @@ public class AclClient {
     }
 
     static RPCHook getAclRPCHook() {
-        return new AclRPCHook(ACL_RCPHOOK_ACCOUT, ACL_RCPHOOK_PASSWORD);
-    }
-
-    static class AclRPCHook implements RPCHook {
-
-        private String account;
-
-        private String password;
-
-        public AclRPCHook(String account, String password) {
-            this.account = account;
-            this.password = password;
-        }
-
-        @Override
-        public void doBeforeRequest(String remoteAddr, RemotingCommand request) {
-
-            HashMap<String, String> ext = request.getExtFields();
-            if (ext == null) {
-                ext = new HashMap<>();
-                request.setExtFields(ext);
-            }
-            ext.put("account", this.account);
-            ext.put("password", this.password);
-        }
-
-        @Override
-        public void doAfterResponse(String remoteAddr, RemotingCommand request, RemotingCommand response) {
-            //do nothing
-
-        }
-
+        return new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY,ACL_SECRET_KEY));
     }
 }