From 66eeaed94f9adc4ce71aa22dca4f2d22f2026107 Mon Sep 17 00:00:00 2001 From: yuz10 <845238369@qq.com> Date: Sat, 24 Jul 2021 22:11:20 +0800 Subject: [PATCH] #3175 check acl config before update. otherwise broker may fail to start --- .../acl/plain/PlainPermissionManager.java | 17 +++++++++++------ .../acl/plain/PlainAccessValidatorTest.java | 10 ++++++++++ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java index a22b0b25..809cc759 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java @@ -130,6 +130,7 @@ public class PlainPermissionManager { log.error("Parameter value plainAccessConfig is null,Please check your parameter"); throw new AclException("Parameter value plainAccessConfig is null, Please check your parameter"); } + checkPlainAccessConfig(plainAccessConfig); Permission.checkResourcePerms(plainAccessConfig.getTopicPerms()); Permission.checkResourcePerms(plainAccessConfig.getGroupPerms()); @@ -357,15 +358,19 @@ public class PlainPermissionManager { this.globalWhiteRemoteAddressStrategy.clear(); } - public PlainAccessResource buildPlainAccessResource(PlainAccessConfig plainAccessConfig) throws AclException { + public void checkPlainAccessConfig(PlainAccessConfig plainAccessConfig) throws AclException { if (plainAccessConfig.getAccessKey() == null - || plainAccessConfig.getSecretKey() == null - || plainAccessConfig.getAccessKey().length() <= AclConstants.ACCESS_KEY_MIN_LENGTH - || plainAccessConfig.getSecretKey().length() <= AclConstants.SECRET_KEY_MIN_LENGTH) { + || plainAccessConfig.getSecretKey() == null + || plainAccessConfig.getAccessKey().length() <= AclConstants.ACCESS_KEY_MIN_LENGTH + || plainAccessConfig.getSecretKey().length() <= AclConstants.SECRET_KEY_MIN_LENGTH) { throw new AclException(String.format( - "The accessKey=%s and secretKey=%s cannot be null and length should longer than 6", - plainAccessConfig.getAccessKey(), plainAccessConfig.getSecretKey())); + "The accessKey=%s and secretKey=%s cannot be null and length should longer than 6", + plainAccessConfig.getAccessKey(), plainAccessConfig.getSecretKey())); } + } + + public PlainAccessResource buildPlainAccessResource(PlainAccessConfig plainAccessConfig) throws AclException { + checkPlainAccessConfig(plainAccessConfig); PlainAccessResource plainAccessResource = new PlainAccessResource(); plainAccessResource.setAccessKey(plainAccessConfig.getAccessKey()); plainAccessResource.setSecretKey(plainAccessConfig.getSecretKey()); diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java index c3d41919..056f0119 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java @@ -566,6 +566,16 @@ public class PlainAccessValidatorTest { plainAccessValidator.updateAccessConfig(plainAccessConfig); } + @Test(expected = AclException.class) + public void createAndUpdateAccessAclNullSkExceptionTest() { + PlainAccessConfig plainAccessConfig = new PlainAccessConfig(); + plainAccessConfig.setAccessKey("RocketMQ33"); + // secret key is null + + PlainAccessValidator plainAccessValidator = new PlainAccessValidator(); + plainAccessValidator.updateAccessConfig(plainAccessConfig); + } + @Test public void updateGlobalWhiteAddrsNormalTest() { System.setProperty("rocketmq.home.dir", "src/test/resources"); -- GitLab