diff --git a/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java b/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java index b8de0d345a09d66bda1a8064c72e382e52a0b456..74e988a75c536771517343dd5d4245af5dd4285c 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/PlainAccessValidator.java @@ -18,46 +18,24 @@ package org.apache.rocketmq.acl; import java.util.HashMap; import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.AccessResource; -import org.apache.rocketmq.acl.AccessValidator; -import org.apache.rocketmq.acl.plug.AclRemotingService; -import org.apache.rocketmq.acl.plug.engine.AclPlugEngine; -import org.apache.rocketmq.acl.plug.engine.PlainAclPlugEngine; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; +import org.apache.rocketmq.acl.plug.AccessControl; +import org.apache.rocketmq.acl.plug.AclPlugRuntimeException; +import org.apache.rocketmq.acl.plug.AuthenticationResult; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine; import org.apache.rocketmq.remoting.protocol.RemotingCommand; -public class PlainAccessValidator implements AclRemotingService, AccessValidator { +public class PlainAccessValidator implements AccessValidator { - private AclPlugEngine aclPlugEngine; + private PlainAclPlugEngine aclPlugEngine; public PlainAccessValidator() { - ControllerParameters controllerParameters = new ControllerParameters(); - this.aclPlugEngine = new PlainAclPlugEngine(controllerParameters); - this.aclPlugEngine.initialize(); - } - - public PlainAccessValidator(AclPlugEngine aclPlugEngine) { - this.aclPlugEngine = aclPlugEngine; - } - - @Override - public AuthenticationResult check(AccessControl accessControl) { - AuthenticationResult authenticationResult = aclPlugEngine.eachCheckLoginAndAuthentication(accessControl); - if (authenticationResult.getException() != null) { - throw new AclPlugRuntimeException(String.format("eachCheck the inspection appear exception, accessControl data is %s", accessControl.toString()), authenticationResult.getException()); - } - if (authenticationResult.getAccessControl() == null || !authenticationResult.isSucceed()) { - throw new AclPlugRuntimeException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessControl.toString())); - } - return authenticationResult; + aclPlugEngine = new PlainAclPlugEngine(); } @Override public AccessResource parse(RemotingCommand request, String remoteAddr) { HashMap extFields = request.getExtFields(); + int code = request.getCode(); AccessControl accessControl = new AccessControl(); accessControl.setCode(request.getCode()); accessControl.setRecognition(remoteAddr); @@ -65,24 +43,32 @@ public class PlainAccessValidator implements AclRemotingService, AccessValidator if (extFields != null) { accessControl.setAccount(extFields.get("account")); accessControl.setPassword(extFields.get("password")); - accessControl.setTopic(extFields.get("topic")); + if (code == 310 || code == 320) { + accessControl.setTopic(extFields.get("b")); + } else { + accessControl.setTopic(extFields.get("topic")); + + } } return accessControl; } @Override public void validate(AccessResource accessResource) { + AuthenticationResult authenticationResult = null; try { - AuthenticationResult authenticationResult = aclPlugEngine.eachCheckAuthentication((AccessControl) accessResource); - if (authenticationResult.getException() != null) { - throw new AclPlugRuntimeException(String.format("eachCheck the inspection appear exception, accessControl data is %s", accessResource.toString()), authenticationResult.getException()); - } - if (authenticationResult.getAccessControl() == null || !authenticationResult.isSucceed()) { - throw new AclPlugRuntimeException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessResource.toString())); - } + authenticationResult = aclPlugEngine.eachCheckAuthentication((AccessControl) accessResource); + if (authenticationResult.isSucceed()) + return; } catch (Exception e) { throw new AclPlugRuntimeException(String.format("validate exception AccessResource data %s", accessResource.toString()), e); } + if (authenticationResult.getException() != null) { + throw new AclPlugRuntimeException(String.format("eachCheck the inspection appear exception, accessControl data is %s", accessResource.toString()), authenticationResult.getException()); + } + if (authenticationResult.getAccessControl() != null || !authenticationResult.isSucceed()) { + throw new AclPlugRuntimeException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessResource.toString())); + } } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java deleted file mode 100644 index 1adf6d432eaeaa49872608eba9b23f9b560aea42..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; - -import java.lang.reflect.Field; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; - -public class AccessContralAnalysis { - - private Map, Map> classTocodeAndMentod = new HashMap<>(); - - private Map fieldNameAndCode = new HashMap<>(); - - public void analysisClass(Class clazz) { - Field[] fields = clazz.getDeclaredFields(); - try { - for (Field field : fields) { - if (field.getType().equals(int.class)) { - String name = StringUtils.replace(field.getName(), "_", "").toLowerCase(); - fieldNameAndCode.put(name, (Integer) field.get(null)); - } - - } - } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugRuntimeException(String.format("analysis on failure Class is %s", clazz.getName()), e); - } - } - - public Map analysis(AccessControl accessControl) { - Class clazz = accessControl.getClass(); - Map codeAndField = classTocodeAndMentod.get(clazz); - if (codeAndField == null) { - codeAndField = new HashMap<>(); - Field[] fields = clazz.getDeclaredFields(); - for (Field field : fields) { - if (!field.getType().equals(boolean.class)) - continue; - Integer code = fieldNameAndCode.get(field.getName().toLowerCase()); - if (code == null) { - throw new AclPlugRuntimeException(String.format("field nonexistent in code fieldName is %s", field.getName())); - } - field.setAccessible(true); - codeAndField.put(code, field); - - } - if (codeAndField.isEmpty()) { - throw new AclPlugRuntimeException(String.format("AccessControl nonexistent code , name %s", accessControl.getClass().getName())); - } - classTocodeAndMentod.put(clazz, codeAndField); - } - Iterator> it = codeAndField.entrySet().iterator(); - Map authority = new HashMap<>(); - try { - while (it.hasNext()) { - Entry e = it.next(); - authority.put(e.getKey(), (Boolean) e.getValue().get(accessControl)); - } - } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugRuntimeException(String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); - } - return authority; - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java similarity index 90% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java index 092a97ef44bdfc2615b75d5a866c40010f5399ca..f487bf47efc62b6134e12e9cb6a14916fe53e1e3 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AccessControl.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; import org.apache.rocketmq.acl.AccessResource; @@ -87,8 +87,8 @@ public class AccessControl implements AccessResource { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("AccessControl [account=").append(account).append(", password=").append(password) - .append(", netaddress=").append(netaddress).append(", recognition=").append(recognition) - .append(", code=").append(code).append(", topic=").append(topic).append("]"); + .append(", netaddress=").append(netaddress).append(", recognition=").append(recognition) + .append(", code=").append(code).append(", topic=").append(topic).append("]"); return builder.toString(); } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java deleted file mode 100644 index 8598e93e9c8e28c754c38edf96d2be845f41b449..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import org.apache.rocketmq.acl.PlainAccessValidator; -import org.apache.rocketmq.acl.plug.engine.AclPlugEngine; -import org.apache.rocketmq.acl.plug.engine.PlainAclPlugEngine; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; - -public class AclPlugController { - - private ControllerParameters controllerParameters; - - private AclPlugEngine aclPlugEngine; - - private AclRemotingService aclRemotingService; - - private boolean startSucceed = false; - - public AclPlugController(ControllerParameters controllerParameters) throws AclPlugRuntimeException { - try { - this.controllerParameters = controllerParameters; - aclPlugEngine = new PlainAclPlugEngine(controllerParameters); - aclPlugEngine.initialize(); - aclRemotingService = new PlainAccessValidator(aclPlugEngine); - this.startSucceed = true; - } catch (Exception e) { - throw new AclPlugRuntimeException(String.format("Start the abnormal , Launch parameters is %s", this.controllerParameters.toString()), e); - } - } - - public AclRemotingService getAclRemotingService() { - return this.aclRemotingService; - } - - public void doChannelCloseEvent(String remoteAddr) { - if (this.startSucceed) { - aclPlugEngine.deleteLoginInfo(remoteAddr); - } - } - - public boolean isStartSucceed() { - return startSucceed; - } -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java similarity index 95% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java index 0048b2c6817d098f9af09f1bc9523fc9ce73ba9f..8f6af5d33442ba4dea47cdf7e30c5595bb2b023c 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugRuntimeException.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclPlugRuntimeException.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.exception; +package org.apache.rocketmq.acl.plug; public class AclPlugRuntimeException extends RuntimeException { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingService.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingService.java deleted file mode 100644 index c651a5d99f8153fa556bc192d4eb8c77b225f721..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingService.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; - -public interface AclRemotingService { - - public AuthenticationResult check(AccessControl accessControl); - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java index df997b59df2865b59561b9bd212d21e18309ab65..9ba5b79a06e883bc1dccc5620b97b27257686b17 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java @@ -16,8 +16,11 @@ */ package org.apache.rocketmq.acl.plug; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; +import org.yaml.snakeyaml.Yaml; public class AclUtils { @@ -79,4 +82,23 @@ public class AclUtils { return minus.indexOf('-') > -1; } + + public static T getYamlDataObject(String path, Class clazz) { + Yaml ymal = new Yaml(); + FileInputStream fis = null; + try { + fis = new FileInputStream(new File(path)); + return ymal.loadAs(fis, clazz); + } catch (Exception e) { + throw new AclPlugRuntimeException(String.format("The transport.yml file for Plain mode was not found , paths %s", path), e); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + throw new AclPlugRuntimeException("close transport fileInputStream Exception", e); + } + } + } + } } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java deleted file mode 100644 index ae247e7220e43c495e9bc63e73df0ad852e1dd49..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; - -public class Authentication { - - public boolean authentication(AuthenticationInfo authenticationInfo, - AccessControl accessControl, AuthenticationResult authenticationResult) { - int code = accessControl.getCode(); - if (!authenticationInfo.getAuthority().get(code)) { - authenticationResult.setResultString(String.format("code is %d Authentication failed", code)); - return false; - } - if (!(authenticationInfo.getAccessControl() instanceof BorkerAccessControl)) { - return true; - } - BorkerAccessControl borker = (BorkerAccessControl) authenticationInfo.getAccessControl(); - String topicName = accessControl.getTopic(); - if (code == 10 || code == 310 || code == 320) { - if (borker.getPermitSendTopic().contains(topicName)) { - return true; - } - if (borker.getNoPermitSendTopic().contains(topicName)) { - authenticationResult.setResultString(String.format("noPermitSendTopic include %s", topicName)); - return false; - } - return borker.getPermitSendTopic().isEmpty() ? true : false; - } else if (code == 11) { - if (borker.getPermitPullTopic().contains(topicName)) { - return true; - } - if (borker.getNoPermitPullTopic().contains(topicName)) { - authenticationResult.setResultString(String.format("noPermitPullTopic include %s", topicName)); - return false; - } - return borker.getPermitPullTopic().isEmpty() ? true : false; - } - return true; - } -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java similarity index 91% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java index a1696e2e44c3d869e4c90570bbb0f2a9d6632288..4852dbdb86591091afa93f10966984be2ea95f75 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationInfo.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationInfo.java @@ -14,9 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; - -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategy; +package org.apache.rocketmq.acl.plug; import java.util.Iterator; import java.util.Map; @@ -31,7 +29,7 @@ public class AuthenticationInfo { private Map authority; public AuthenticationInfo(Map authority, AccessControl accessControl, - NetaddressStrategy netaddressStrategy) { + NetaddressStrategy netaddressStrategy) { super(); this.authority = authority; this.accessControl = accessControl; @@ -66,7 +64,7 @@ public class AuthenticationInfo { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("AuthenticationInfo [accessControl=").append(accessControl).append(", netaddressStrategy=") - .append(netaddressStrategy).append(", authority={"); + .append(netaddressStrategy).append(", authority={"); Iterator> it = authority.entrySet().iterator(); while (it.hasNext()) { Entry e = it.next(); diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java similarity index 97% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java index bef05cef06c4a62bf2748af0c844445d4cbbe248..de26837339a4cdb33589490a70c71b015d768bef 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/AuthenticationResult.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/AuthenticationResult.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; public class AuthenticationResult { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/BrokerAccessControl.java similarity index 96% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/BrokerAccessControl.java index b5eb1187d2859932df50e38caaac31de4efd8af0..beb8539c0987accb1f4e9a79a6191e7eaf52d805 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControl.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/BrokerAccessControl.java @@ -14,12 +14,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.entity; +package org.apache.rocketmq.acl.plug; import java.util.HashSet; import java.util.Set; -public class BorkerAccessControl extends AccessControl { +public class BrokerAccessControl extends AccessControl { + + private boolean admin; private Set permitSendTopic = new HashSet<>(); private Set noPermitSendTopic = new HashSet<>(); @@ -54,13 +56,13 @@ public class BorkerAccessControl extends AccessControl { private boolean endTransaction = true; - private boolean updateAndCreateTopic = true; + private boolean updateAndCreateTopic = false; - private boolean deleteTopicInbroker = true; + private boolean deleteTopicInbroker = false; private boolean getAllTopicConfig = true; - private boolean updateBrokerConfig = true; + private boolean updateBrokerConfig = false; private boolean getBrokerConfig = true; @@ -78,11 +80,11 @@ public class BorkerAccessControl extends AccessControl { private boolean unlockBatchMQ = true; - private boolean updateAndCreateSubscriptiongroup = true; + private boolean updateAndCreateSubscriptiongroup = false; private boolean getAllSubscriptiongroupConfig = true; - private boolean deleteSubscriptiongroup = true; + private boolean deleteSubscriptiongroup = false; private boolean getTopicStatsInfo = true; @@ -124,8 +126,16 @@ public class BorkerAccessControl extends AccessControl { private boolean queryConsumeQueue = true; - public BorkerAccessControl() { + public BrokerAccessControl() { + + } + + public boolean isAdmin() { + return admin; + } + public void setAdmin(boolean admin) { + this.admin = admin; } public Set getPermitSendTopic() { @@ -556,8 +566,8 @@ public class BorkerAccessControl extends AccessControl { public String toString() { StringBuilder builder = new StringBuilder(); builder.append("BorkerAccessControl [permitSendTopic=").append(permitSendTopic).append(", noPermitSendTopic=") - .append(noPermitSendTopic).append(", permitPullTopic=").append(permitPullTopic) - .append(", noPermitPullTopic=").append(noPermitPullTopic); + .append(noPermitSendTopic).append(", permitPullTopic=").append(permitPullTopic) + .append(", noPermitPullTopic=").append(noPermitPullTopic); if (!!sendMessage) builder.append(", sendMessage=").append(sendMessage); if (!!sendMessageV2) diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclPlugControllerTest.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java similarity index 90% rename from acl/src/test/java/org/apache/rocketmq/acl/plug/AclPlugControllerTest.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java index 223cbc7c25d6ff415a3458bd3b77db33b751d5ae..fa28871a5a8b268a4a9d24660adf059f6e2114ac 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclPlugControllerTest.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategy.java @@ -16,6 +16,7 @@ */ package org.apache.rocketmq.acl.plug; -public class AclPlugControllerTest { +public interface NetaddressStrategy { + public boolean match(AccessControl accessControl); } diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java similarity index 96% rename from acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java rename to acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java index 4be995309168fd85018b6ca3b16580f597d82b74..4f6dde5cea16254425c6a26e87b057a5457ffaa5 100644 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/NetaddressStrategyFactory.java @@ -14,15 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.AclUtils; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; +package org.apache.rocketmq.acl.plug; import java.util.HashSet; import java.util.Set; +import org.apache.commons.lang3.StringUtils; public class NetaddressStrategyFactory { diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java new file mode 100644 index 0000000000000000000000000000000000000000..50aab379d32eb673217942ec5f8823e2c914334b --- /dev/null +++ b/acl/src/main/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngine.java @@ -0,0 +1,356 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.rocketmq.acl.plug; + +import java.io.IOException; +import java.lang.reflect.Field; +import java.nio.file.FileSystems; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardWatchEventKinds; +import java.nio.file.WatchEvent; +import java.nio.file.WatchKey; +import java.nio.file.WatchService; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.apache.rocketmq.common.MixAll; +import org.apache.rocketmq.common.ServiceThread; +import org.apache.rocketmq.common.constant.LoggerName; +import org.apache.rocketmq.common.protocol.RequestCode; +import org.apache.rocketmq.logging.InternalLogger; +import org.apache.rocketmq.logging.InternalLoggerFactory; + +public class PlainAclPlugEngine { + + private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME); + + private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, + System.getenv(MixAll.ROCKETMQ_HOME_ENV)); + + private Map> accessControlMap = new HashMap<>(); + + private AuthenticationInfo authenticationInfo; + + private NetaddressStrategyFactory netaddressStrategyFactory = new NetaddressStrategyFactory(); + + private AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + + private Class accessContralAnalysisClass = RequestCode.class; + + private boolean isWatchStart; + + public PlainAclPlugEngine() { + initialize(); + watch(); + } + + public void initialize() { + BrokerAccessControlTransport accessControlTransport = AclUtils.getYamlDataObject(fileHome + "/conf/transport.yml", BrokerAccessControlTransport.class); + if (accessControlTransport == null) { + throw new AclPlugRuntimeException("transport.yml file is no data"); + } + log.info("BorkerAccessControlTransport data is : ", accessControlTransport.toString()); + accessContralAnalysis.analysisClass(accessContralAnalysisClass); + setBrokerAccessControlTransport(accessControlTransport); + } + + private void watch() { + String version = System.getProperty("java.version"); + log.info("java.version is : {}", version); + String[] str = StringUtils.split(version, "."); + if (Integer.valueOf(str[1]) < 7) { + log.warn("wacth need jdk 1.7 support , current version no support"); + return; + } + try { + final WatchService watcher = FileSystems.getDefault().newWatchService(); + Path p = Paths.get(fileHome + "/conf/"); + p.register(watcher, StandardWatchEventKinds.ENTRY_MODIFY, StandardWatchEventKinds.ENTRY_CREATE); + ServiceThread watcherServcie = new ServiceThread() { + + public void run() { + while (true) { + try { + while (true) { + WatchKey watchKey = watcher.take(); + List> watchEvents = watchKey.pollEvents(); + for (WatchEvent event : watchEvents) { + if ("transport.yml".equals(event.context().toString()) && + (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind()) || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) { + log.info("transprot.yml make a difference change is : ", event.toString()); + PlainAclPlugEngine.this.cleanAuthenticationInfo(); + initialize(); + } + } + watchKey.reset(); + } + } catch (InterruptedException e) { + log.error(e.getMessage(), e); + } + } + } + + @Override + public String getServiceName() { + return "watcherServcie"; + } + + }; + watcherServcie.start(); + log.info("succeed start watcherServcie"); + this.isWatchStart = true; + } catch (IOException e) { + log.error(e.getMessage(), e); + } + } + + private void handleAccessControl(AccessControl accessControl) { + if (accessControl instanceof BrokerAccessControl) { + BrokerAccessControl brokerAccessControl = (BrokerAccessControl) accessControl; + if (brokerAccessControl.isAdmin()) { + brokerAccessControl.setUpdateAndCreateSubscriptiongroup(true); + brokerAccessControl.setDeleteSubscriptiongroup(true); + brokerAccessControl.setUpdateAndCreateTopic(true); + brokerAccessControl.setDeleteTopicInbroker(true); + brokerAccessControl.setUpdateBrokerConfig(true); + } + } + } + + void cleanAuthenticationInfo() { + accessControlMap.clear(); + authenticationInfo = null; + } + + public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { + if (accessControl.getAccount() == null || accessControl.getPassword() == null + || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { + throw new AclPlugRuntimeException(String.format( + "The account password cannot be null and is longer than 6, account is %s password is %s", + accessControl.getAccount(), accessControl.getPassword())); + } + try { + handleAccessControl(accessControl); + NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); + List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); + if (accessControlAddressList == null) { + accessControlAddressList = new ArrayList<>(); + accessControlMap.put(accessControl.getAccount(), accessControlAddressList); + } + AuthenticationInfo authenticationInfo = new AuthenticationInfo( + accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategy); + accessControlAddressList.add(authenticationInfo); + log.info("authenticationInfo is {}", authenticationInfo.toString()); + } catch (Exception e) { + throw new AclPlugRuntimeException( + String.format("Exception info %s %s", e.getMessage(), accessControl.toString()), e); + } + } + + public void setAccessControlList(List accessControlList) throws AclPlugRuntimeException { + for (AccessControl accessControl : accessControlList) { + setAccessControl(accessControl); + } + } + + public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { + try { + authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategyFactory.getNetaddressStrategy(accessControl)); + log.info("default authenticationInfo is {}", authenticationInfo.toString()); + } catch (Exception e) { + throw new AclPlugRuntimeException(accessControl.toString(), e); + } + + } + + public AuthenticationInfo getAccessControl(AccessControl accessControl) { + if (accessControl.getAccount() == null && authenticationInfo != null) { + return authenticationInfo.getNetaddressStrategy().match(accessControl) ? authenticationInfo : null; + } else { + List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); + if (accessControlAddressList != null) { + for (AuthenticationInfo ai : accessControlAddressList) { + if (ai.getNetaddressStrategy().match(accessControl) && ai.getAccessControl().getPassword().equals(accessControl.getPassword())) { + return ai; + } + } + } + } + return null; + } + + public AuthenticationResult eachCheckAuthentication(AccessControl accessControl) { + AuthenticationResult authenticationResult = new AuthenticationResult(); + AuthenticationInfo authenticationInfo = getAccessControl(accessControl); + if (authenticationInfo != null) { + boolean boo = authentication(authenticationInfo, accessControl, authenticationResult); + authenticationResult.setSucceed(boo); + authenticationResult.setAccessControl(authenticationInfo.getAccessControl()); + } else { + authenticationResult.setResultString("accessControl is null, Please check login, password, IP\""); + } + return authenticationResult; + } + + void setBrokerAccessControlTransport(BrokerAccessControlTransport transport) { + if (transport.getOnlyNetAddress() == null && (transport.getList() == null || transport.getList().size() == 0)) { + throw new AclPlugRuntimeException("onlyNetAddress and list can't be all empty"); + } + + if (transport.getOnlyNetAddress() != null) { + this.setNetaddressAccessControl(transport.getOnlyNetAddress()); + } + if (transport.getList() != null || transport.getList().size() > 0) { + for (BrokerAccessControl accessControl : transport.getList()) { + this.setAccessControl(accessControl); + } + } + } + + public boolean authentication(AuthenticationInfo authenticationInfo, AccessControl accessControl, + AuthenticationResult authenticationResult) { + int code = accessControl.getCode(); + if (!authenticationInfo.getAuthority().get(code)) { + authenticationResult.setResultString(String.format("code is %d Authentication failed", code)); + return false; + } + if (!(authenticationInfo.getAccessControl() instanceof BrokerAccessControl)) { + return true; + } + BrokerAccessControl borker = (BrokerAccessControl) authenticationInfo.getAccessControl(); + String topicName = accessControl.getTopic(); + if (code == 10 || code == 310 || code == 320) { + if (borker.getPermitSendTopic().contains(topicName)) { + return true; + } + if (borker.getNoPermitSendTopic().contains(topicName)) { + authenticationResult.setResultString(String.format("noPermitSendTopic include %s", topicName)); + return false; + } + return borker.getPermitSendTopic().isEmpty() ? true : false; + } else if (code == 11) { + if (borker.getPermitPullTopic().contains(topicName)) { + return true; + } + if (borker.getNoPermitPullTopic().contains(topicName)) { + authenticationResult.setResultString(String.format("noPermitPullTopic include %s", topicName)); + return false; + } + return borker.getPermitPullTopic().isEmpty() ? true : false; + } + return true; + } + + public boolean isWatchStart() { + return isWatchStart; + } + + public static class AccessContralAnalysis { + + private Map, Map> classTocodeAndMentod = new HashMap<>(); + + private Map fieldNameAndCode = new HashMap<>(); + + public void analysisClass(Class clazz) { + Field[] fields = clazz.getDeclaredFields(); + try { + for (Field field : fields) { + if (field.getType().equals(int.class)) { + String name = StringUtils.replace(field.getName(), "_", "").toLowerCase(); + fieldNameAndCode.put(name, (Integer) field.get(null)); + } + } + } catch (IllegalArgumentException | IllegalAccessException e) { + throw new AclPlugRuntimeException(String.format("analysis on failure Class is %s", clazz.getName()), e); + } + } + + public Map analysis(AccessControl accessControl) { + Class clazz = accessControl.getClass(); + Map codeAndField = classTocodeAndMentod.get(clazz); + if (codeAndField == null) { + codeAndField = new HashMap<>(); + Field[] fields = clazz.getDeclaredFields(); + for (Field field : fields) { + if ("admin".equals(field.getName())) + continue; + if (!field.getType().equals(boolean.class)) + continue; + Integer code = fieldNameAndCode.get(field.getName().toLowerCase()); + if (code == null) { + throw new AclPlugRuntimeException( + String.format("field nonexistent in code fieldName is %s", field.getName())); + } + field.setAccessible(true); + codeAndField.put(code, field); + + } + if (codeAndField.isEmpty()) { + throw new AclPlugRuntimeException(String.format("AccessControl nonexistent code , name %s", + accessControl.getClass().getName())); + } + classTocodeAndMentod.put(clazz, codeAndField); + } + Iterator> it = codeAndField.entrySet().iterator(); + Map authority = new HashMap<>(); + try { + while (it.hasNext()) { + Entry e = it.next(); + authority.put(e.getKey(), (Boolean) e.getValue().get(accessControl)); + } + } catch (IllegalArgumentException | IllegalAccessException e) { + throw new AclPlugRuntimeException( + String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); + } + return authority; + } + + } + + public static class BrokerAccessControlTransport { + + private BrokerAccessControl onlyNetAddress; + + private List list; + + public BrokerAccessControl getOnlyNetAddress() { + return onlyNetAddress; + } + + public void setOnlyNetAddress(BrokerAccessControl onlyNetAddress) { + this.onlyNetAddress = onlyNetAddress; + } + + public List getList() { + return list; + } + + public void setList(List list) { + this.list = list; + } + + @Override + public String toString() { + return "BorkerAccessControlTransport [onlyNetAddress=" + onlyNetAddress + ", list=" + list + "]"; + } + } +} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java deleted file mode 100644 index d1572755eeb6e6bdc9cb2703997decf160409eb9..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.LoginInfo; - -public interface AclPlugEngine { - - public AuthenticationInfo getAccessControl(AccessControl accessControl); - - public LoginInfo getLoginInfo(AccessControl accessControl); - - public void deleteLoginInfo(String remoteAddr); - - public AuthenticationResult eachCheckLoginAndAuthentication(AccessControl accessControl); - - public AuthenticationResult eachCheckAuthentication(AccessControl accessControl); - - public void initialize(); -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java deleted file mode 100644 index a6399fc3e468198d86e6b1afb24036f90fc00530..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.rocketmq.acl.plug.AccessContralAnalysis; -import org.apache.rocketmq.acl.plug.Authentication; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategy; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; -import org.apache.rocketmq.common.constant.LoggerName; -import org.apache.rocketmq.logging.InternalLogger; -import org.apache.rocketmq.logging.InternalLoggerFactory; - -public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPlugEngine { - - private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME); - ControllerParameters controllerParameters; - private Map> accessControlMap = new HashMap<>(); - private AuthenticationInfo authenticationInfo; - private NetaddressStrategyFactory netaddressStrategyFactory = new NetaddressStrategyFactory(); - private AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - private Authentication authentication = new Authentication(); - - public AuthenticationInfoManagementAclPlugEngine(ControllerParameters controllerParameters) { - this.controllerParameters = controllerParameters; - accessContralAnalysis.analysisClass(controllerParameters.getAccessContralAnalysisClass()); - } - - public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { - if (accessControl.getAccount() == null || accessControl.getPassword() == null || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { - throw new AclPlugRuntimeException(String.format("The account password cannot be null and is longer than 6, account is %s password is %s", accessControl.getAccount(), accessControl.getPassword())); - } - try { - NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); - if (accessControlAddressList == null) { - accessControlAddressList = new ArrayList<>(); - accessControlMap.put(accessControl.getAccount(), accessControlAddressList); - } - AuthenticationInfo authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategy); - accessControlAddressList.add(authenticationInfo); - log.info("authenticationInfo is {}", authenticationInfo.toString()); - } catch (Exception e) { - throw new AclPlugRuntimeException(String.format("Exception info %s %s", e.getMessage(), accessControl.toString()), e); - } - } - - public void setAccessControlList(List accessControlList) throws AclPlugRuntimeException { - for (AccessControl accessControl : accessControlList) { - setAccessControl(accessControl); - } - } - - public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { - try { - authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategyFactory.getNetaddressStrategy(accessControl)); - log.info("default authenticationInfo is {}", authenticationInfo.toString()); - } catch (Exception e) { - throw new AclPlugRuntimeException(accessControl.toString(), e); - } - - } - - public AuthenticationInfo getAccessControl(AccessControl accessControl) { - if (accessControl.getAccount() == null && authenticationInfo != null) { - return authenticationInfo.getNetaddressStrategy().match(accessControl) ? authenticationInfo : null; - } else { - List accessControlAddressList = accessControlMap.get(accessControl.getAccount()); - if (accessControlAddressList != null) { - for (AuthenticationInfo ai : accessControlAddressList) { - if (ai.getNetaddressStrategy().match(accessControl) && ai.getAccessControl().getPassword().equals(accessControl.getPassword())) { - return ai; - } - } - } - } - return null; - } - - @Override - public AuthenticationResult eachCheckLoginAndAuthentication(AccessControl accessControl) { - AuthenticationResult authenticationResult = new AuthenticationResult(); - try { - AuthenticationInfo authenticationInfo = getAuthenticationInfo(accessControl, authenticationResult); - if (authenticationInfo != null) { - boolean boo = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - authenticationResult.setSucceed(boo); - authenticationResult.setAccessControl(authenticationInfo.getAccessControl()); - } - } catch (Exception e) { - authenticationResult.setException(e); - } - return authenticationResult; - } - - public AuthenticationResult eachCheckAuthentication(AccessControl accessControl) { - AuthenticationResult authenticationResult = new AuthenticationResult(); - AuthenticationInfo authenticationInfo = getAccessControl(accessControl); - if (authenticationInfo != null) { - boolean boo = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - authenticationResult.setSucceed(boo); - authenticationResult.setAccessControl(authenticationInfo.getAccessControl()); - } else { - authenticationResult.setResultString("accessControl is null, Please check login, password, IP\""); - } - - - return authenticationResult; - } - - void setBorkerAccessControlTransport(BorkerAccessControlTransport transport) { - if (transport.getOnlyNetAddress() == null && (transport.getList() == null || transport.getList().size() == 0)) { - throw new AclPlugRuntimeException("onlyNetAddress and list can't be all empty"); - } - - if (transport.getOnlyNetAddress() != null) { - this.setNetaddressAccessControl(transport.getOnlyNetAddress()); - } - if (transport.getList() != null || transport.getList().size() > 0) { - for (AccessControl accessControl : transport.getList()) { - this.setAccessControl(accessControl); - } - } - } - - protected abstract AuthenticationInfo getAuthenticationInfo(AccessControl accessControl, - AuthenticationResult authenticationResult); -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java deleted file mode 100644 index 35b568349ece1ac9979636a73b6ca569bcc53f14..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.entity.LoginInfo; - -public abstract class LoginInfoAclPlugEngine extends AuthenticationInfoManagementAclPlugEngine { - - private Map loginInfoMap = new ConcurrentHashMap<>(); - - public LoginInfoAclPlugEngine(ControllerParameters controllerParameters) { - super(controllerParameters); - } - - public LoginInfo getLoginInfo(AccessControl accessControl) { - LoginInfo loginInfo = loginInfoMap.get(accessControl.getRecognition()); - if (loginInfo == null) { - AuthenticationInfo authenticationInfo = super.getAccessControl(accessControl); - if (authenticationInfo != null) { - loginInfo = new LoginInfo(); - loginInfo.setAuthenticationInfo(authenticationInfo); - loginInfoMap.put(accessControl.getRecognition(), loginInfo); - } - } - if (loginInfo != null) { - loginInfo.setOperationTime(System.currentTimeMillis()); - } - return loginInfo; - } - - public void deleteLoginInfo(String remoteAddr) { - loginInfoMap.remove(remoteAddr); - } - - protected AuthenticationInfo getAuthenticationInfo(AccessControl accessControl, - AuthenticationResult authenticationResult) { - LoginInfo loginInfo = getLoginInfo(accessControl); - if (loginInfo != null && loginInfo.getAuthenticationInfo() != null) { - return loginInfo.getAuthenticationInfo(); - } - authenticationResult.setResultString("Login information does not exist, Please check login, password, IP"); - return null; - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java deleted file mode 100644 index bcb89b8fa288c463d190457f95882edb04a263a9..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.yaml.snakeyaml.Yaml; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; - -public class PlainAclPlugEngine extends LoginInfoAclPlugEngine { - - public PlainAclPlugEngine( - ControllerParameters controllerParameters) throws AclPlugRuntimeException { - super(controllerParameters); - } - - public void initialize() throws AclPlugRuntimeException { - String filePath = controllerParameters.getFileHome() + "/conf/transport.yml"; - Yaml ymal = new Yaml(); - FileInputStream fis = null; - BorkerAccessControlTransport transport; - try { - fis = new FileInputStream(new File(filePath)); - transport = ymal.loadAs(fis, BorkerAccessControlTransport.class); - } catch (Exception e) { - throw new AclPlugRuntimeException(String.format("The transport.yml file for Plain mode was not found , paths %s", filePath), e); - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - throw new AclPlugRuntimeException("close transport fileInputStream Exception", e); - } - } - } - if (transport == null) { - throw new AclPlugRuntimeException("transport.yml file is no data"); - } - super.setBorkerAccessControlTransport(transport); - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControlTransport.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControlTransport.java deleted file mode 100644 index 93d002315d3aacf4d290d0fb01d621ceb648d907..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/BorkerAccessControlTransport.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.entity; - -import java.util.List; - -public class BorkerAccessControlTransport { - - private BorkerAccessControl onlyNetAddress; - - private List list; - - public BorkerAccessControlTransport() { - super(); - } - - public BorkerAccessControl getOnlyNetAddress() { - return onlyNetAddress; - } - - public void setOnlyNetAddress(BorkerAccessControl onlyNetAddress) { - this.onlyNetAddress = onlyNetAddress; - } - - public List getList() { - return list; - } - - public void setList(List list) { - this.list = list; - } - - @Override - public String toString() { - return "BorkerAccessControlTransport [onlyNetAddress=" + onlyNetAddress + ", list=" + list + "]"; - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/ControllerParameters.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/ControllerParameters.java deleted file mode 100644 index 94873b5fcf155983adc460272e63cc31571cf3cb..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/ControllerParameters.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.entity; - -import org.apache.rocketmq.common.MixAll; -import org.apache.rocketmq.common.protocol.RequestCode; - -public class ControllerParameters { - - private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, System.getenv(MixAll.ROCKETMQ_HOME_ENV)); - - private Class accessContralAnalysisClass = RequestCode.class; - - public String getFileHome() { - return fileHome; - } - - public void setFileHome(String fileHome) { - this.fileHome = fileHome; - } - - public Class getAccessContralAnalysisClass() { - return accessContralAnalysisClass; - } - - public void setAccessContralAnalysisClass(Class accessContralAnalysisClass) { - this.accessContralAnalysisClass = accessContralAnalysisClass; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("ControllerParametersEntity [fileHome=").append(fileHome).append(", accessContralAnalysisClass=") - .append(accessContralAnalysisClass).append("]"); - return builder.toString(); - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginInfo.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginInfo.java deleted file mode 100644 index df1166be639764b9b9f682b6bb1b1a63ac7a9dfd..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginInfo.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.entity; - -import java.util.concurrent.atomic.AtomicBoolean; - -public class LoginInfo { - - private String recognition; - - private long loginTime = System.currentTimeMillis(); - - private volatile long operationTime = loginTime; - - private volatile AtomicBoolean clear = new AtomicBoolean(); - - private AuthenticationInfo authenticationInfo; - - public AuthenticationInfo getAuthenticationInfo() { - return authenticationInfo; - } - - public void setAuthenticationInfo(AuthenticationInfo authenticationInfo) { - this.authenticationInfo = authenticationInfo; - } - - public String getRecognition() { - return recognition; - } - - public void setRecognition(String recognition) { - this.recognition = recognition; - } - - public long getLoginTime() { - return loginTime; - } - - public void setLoginTime(long loginTime) { - this.loginTime = loginTime; - } - - public long getOperationTime() { - return operationTime; - } - - public void setOperationTime(long operationTime) { - this.operationTime = operationTime; - } - - public AtomicBoolean getClear() { - return clear; - } - - public void setClear(AtomicBoolean clear) { - this.clear = clear; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("LoginInfo [recognition=").append(recognition).append(", loginTime=").append(loginTime) - .append(", operationTime=").append(operationTime).append(", clear=").append(clear) - .append(", authenticationInfo=").append(authenticationInfo).append("]"); - return builder.toString(); - } - -} diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java b/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java deleted file mode 100644 index 7276634e30fd82e3b89c1a71d22bda681fc4143a..0000000000000000000000000000000000000000 --- a/acl/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategy.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; - -public interface NetaddressStrategy { - - public boolean match(AccessControl accessControl); -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java deleted file mode 100644 index b7896b13df92a05b6c18886a38c1145ebecdbbe6..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class AccessContralAnalysisTest { - - AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - - @Before - public void init() { - accessContralAnalysis.analysisClass(RequestCode.class); - } - - @Test - public void analysisTest() { - BorkerAccessControl accessControl = new BorkerAccessControl(); - accessControl.setSendMessage(false); - Map map = accessContralAnalysis.analysis(accessControl); - - Iterator> it = map.entrySet().iterator(); - long num = 0; - while (it.hasNext()) { - Entry e = it.next(); - if (!e.getValue()) { - Assert.assertEquals(e.getKey(), Integer.valueOf(10)); - num++; - } - } - Assert.assertEquals(num, 1); - } - - @Test(expected = AclPlugRuntimeException.class) - public void analysisExceptionTest() { - AccessControl accessControl = new AccessControl(); - accessContralAnalysis.analysis(accessControl); - } - -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclRemotingServiceTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AclRemotingServiceTest.java deleted file mode 100644 index 37aa38b5919dc45972065fc74f78493dbcfc79ef..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclRemotingServiceTest.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import java.util.HashMap; - -import org.apache.rocketmq.acl.AccessResource; -import org.apache.rocketmq.acl.AccessValidator; -import org.apache.rocketmq.acl.PlainAccessValidator; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.remoting.protocol.RemotingCommand; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test;; - -public class AclRemotingServiceTest { - - - AclRemotingService defaultAclService; - - AccessValidator accessValidator; - - AccessControl accessControl; - - AccessControl accessControlTwo; - - @Before - public void init() { - System.setProperty("rocketmq.home.dir", "src/test/resources"); - PlainAccessValidator aclRemotingServiceImpl = new PlainAccessValidator(); - defaultAclService = aclRemotingServiceImpl; - accessValidator = aclRemotingServiceImpl; - - accessControl = new BorkerAccessControl(); - accessControl.setAccount("RocketMQ"); - accessControl.setPassword("1234567"); - accessControl.setNetaddress("192.0.0.1"); - accessControl.setRecognition("127.0.0.1:1"); - - accessControlTwo = new BorkerAccessControl(); - accessControlTwo.setAccount("RocketMQ"); - accessControlTwo.setPassword("1234567"); - accessControlTwo.setNetaddress("192.0.2.1"); - accessControlTwo.setRecognition("127.0.0.1:2"); - } - - - @Test - public void defaultConstructorTest() { - System.setProperty("rocketmq.home.dir", "src/test/resources"); - AclRemotingService defaultAclService = new PlainAccessValidator(); - Assert.assertNotNull(defaultAclService); - } - - @Test - public void parseTest() { - RemotingCommand remotingCommand = RemotingCommand.createResponseCommand(34, ""); - HashMap map = new HashMap<>(); - map.put("account", "RocketMQ"); - map.put("password", "123456"); - map.put("topic", "test"); - remotingCommand.setExtFields(map); - - AccessResource accessResource = accessValidator.parse(remotingCommand, "127.0.0.1:123"); - AccessControl accessControl = (AccessControl) accessResource; - AccessControl newAccessControl = new AccessControl(); - newAccessControl.setAccount("RocketMQ"); - newAccessControl.setPassword("123456"); - newAccessControl.setTopic("test"); - newAccessControl.setCode(34); - newAccessControl.setNetaddress("127.0.0.1"); - newAccessControl.setRecognition("127.0.0.1:123"); - Assert.assertEquals(accessControl.toString(), newAccessControl.toString()); - } - - @Test - public void checkTest() { - accessControl.setCode(34); - AuthenticationResult authenticationResult = defaultAclService.check(accessControl); - Assert.assertTrue(authenticationResult.isSucceed()); - } - - @Test(expected = AclPlugRuntimeException.class) - public void checkAccessExceptionTest() { - accessControl.setCode(34); - accessControl.setAccount("Rocketmq"); - defaultAclService.check(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void checkPasswordTest() { - accessControl.setCode(34); - accessControl.setPassword("123123123"); - defaultAclService.check(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void checkCodeTest() { - accessControl.setCode(14434); - accessControl.setPassword("123123123"); - defaultAclService.check(accessControl); - } - - - @Test - public void validateTest() { - accessControl.setCode(34); - accessValidator.validate(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void validateAccessExceptionTest() { - accessControl.setCode(34); - accessControl.setAccount("Rocketmq"); - accessValidator.validate(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void validatePasswordTest() { - accessControl.setCode(34); - accessControl.setPassword("123123123"); - accessValidator.validate(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void validateCodeTest() { - accessControl.setCode(14434); - accessControl.setPassword("123123123"); - accessValidator.validate(accessControl); - } -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java index b0cc4daba10b0307b5bf099689a3be79a710f510..db9d90915151cd28e1eb999c1e98441099092880 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/AclUtilsTest.java @@ -18,12 +18,10 @@ package org.apache.rocketmq.acl.plug; import java.util.ArrayList; import java.util.List; - import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Test; - public class AclUtilsTest { @Test @@ -125,4 +123,8 @@ public class AclUtilsTest { isMinus = AclUtils.isMinus("*"); Assert.assertFalse(isMinus); } + + public void getYamlDataObjectTest() { + + } } diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java deleted file mode 100644 index 6e5d1444db77cd7fd7ee1757b199f57d73033926..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; -import org.apache.rocketmq.common.protocol.RequestCode; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class AuthenticationTest { - - Authentication authentication = new Authentication(); - - AuthenticationInfo authenticationInfo; - - BorkerAccessControl borkerAccessControl; - - AuthenticationResult authenticationResult = new AuthenticationResult(); - AccessControl accessControl = new AccessControl(); - - @Before - public void init() { - borkerAccessControl = new BorkerAccessControl(); - //321 - borkerAccessControl.setQueryConsumeQueue(false); - - Set permitSendTopic = new HashSet<>(); - permitSendTopic.add("permitSendTopic"); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - - Set noPermitSendTopic = new HashSet<>(); - noPermitSendTopic.add("noPermitSendTopic"); - borkerAccessControl.setNoPermitSendTopic(noPermitSendTopic); - - Set permitPullTopic = new HashSet<>(); - permitPullTopic.add("permitPullTopic"); - borkerAccessControl.setPermitPullTopic(permitPullTopic); - - Set noPermitPullTopic = new HashSet<>(); - noPermitPullTopic.add("noPermitPullTopic"); - borkerAccessControl.setNoPermitPullTopic(noPermitPullTopic); - - AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); - accessContralAnalysis.analysisClass(RequestCode.class); - Map map = accessContralAnalysis.analysis(borkerAccessControl); - - authenticationInfo = new AuthenticationInfo(map, borkerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); - } - - @Test - public void authenticationTest() { - - accessControl.setCode(317); - - boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(321); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(10); - accessControl.setTopic("permitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(310); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(320); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setCode(11); - accessControl.setTopic("permitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setTopic("noPermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - accessControl.setTopic("nopermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - } - - @Test - public void isEmptyTest() { - accessControl.setCode(10); - accessControl.setTopic("absentTopic"); - boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - Set permitSendTopic = new HashSet<>(); - borkerAccessControl.setPermitSendTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - - accessControl.setCode(11); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertFalse(isReturn); - - borkerAccessControl.setPermitPullTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); - Assert.assertTrue(isReturn); - } - -} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java similarity index 98% rename from acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java rename to acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java index 3f21b678876826e1bb5b23eaab2648a1a786b9eb..6c76609df08a1a951208ff8abf0c2fe15aa36eaa 100644 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/NetaddressStrategyTest.java @@ -14,10 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.rocketmq.acl.plug.strategy; +package org.apache.rocketmq.acl.plug; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.junit.Assert; import org.junit.Test; diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java new file mode 100644 index 0000000000000000000000000000000000000000..3d3f254e35d6e0eab162d19159286bcb215963b0 --- /dev/null +++ b/acl/src/test/java/org/apache/rocketmq/acl/plug/PlainAclPlugEngineTest.java @@ -0,0 +1,436 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.rocketmq.acl.plug; + +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine.AccessContralAnalysis; +import org.apache.rocketmq.acl.plug.PlainAclPlugEngine.BrokerAccessControlTransport; +import org.apache.rocketmq.common.protocol.RequestCode; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.junit.MockitoJUnitRunner; + +@RunWith(MockitoJUnitRunner.class) +public class PlainAclPlugEngineTest { + + PlainAclPlugEngine plainAclPlugEngine; + + AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + + AccessControl accessControl; + + AccessControl accessControlTwo; + + AuthenticationInfo authenticationInfo; + + BrokerAccessControl brokerAccessControl; + + Set adminCode = new HashSet<>(); + + @Before + public void init() throws NoSuchFieldException, SecurityException, IOException { + // UPDATE_AND_CREATE_TOPIC + adminCode.add(17); + // UPDATE_BROKER_CONFIG + adminCode.add(25); + // DELETE_TOPIC_IN_BROKER + adminCode.add(215); + // UPDATE_AND_CREATE_SUBSCRIPTIONGROUP + adminCode.add(200); + // DELETE_SUBSCRIPTIONGROUP + adminCode.add(207); + + accessContralAnalysis.analysisClass(RequestCode.class); + + brokerAccessControl = new BrokerAccessControl(); + // 321 + brokerAccessControl.setQueryConsumeQueue(false); + + Set permitSendTopic = new HashSet<>(); + permitSendTopic.add("permitSendTopic"); + brokerAccessControl.setPermitSendTopic(permitSendTopic); + + Set noPermitSendTopic = new HashSet<>(); + noPermitSendTopic.add("noPermitSendTopic"); + brokerAccessControl.setNoPermitSendTopic(noPermitSendTopic); + + Set permitPullTopic = new HashSet<>(); + permitPullTopic.add("permitPullTopic"); + brokerAccessControl.setPermitPullTopic(permitPullTopic); + + Set noPermitPullTopic = new HashSet<>(); + noPermitPullTopic.add("noPermitPullTopic"); + brokerAccessControl.setNoPermitPullTopic(noPermitPullTopic); + + AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); + accessContralAnalysis.analysisClass(RequestCode.class); + Map map = accessContralAnalysis.analysis(brokerAccessControl); + + authenticationInfo = new AuthenticationInfo(map, brokerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); + + System.setProperty("rocketmq.home.dir", "src/test/resources"); + plainAclPlugEngine = new PlainAclPlugEngine(); + + accessControl = new BrokerAccessControl(); + accessControl.setAccount("rokcetmq"); + accessControl.setPassword("aliyun11"); + accessControl.setNetaddress("127.0.0.1"); + accessControl.setRecognition("127.0.0.1:1"); + + accessControlTwo = new BrokerAccessControl(); + accessControlTwo.setAccount("rokcet1"); + accessControlTwo.setPassword("aliyun1"); + accessControlTwo.setNetaddress("127.0.0.1"); + accessControlTwo.setRecognition("127.0.0.1:2"); + + } + + @Test(expected = AclPlugRuntimeException.class) + public void accountNullTest() { + accessControl.setAccount(null); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void accountThanTest() { + accessControl.setAccount("123"); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void passWordtNullTest() { + accessControl.setAccount(null); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void passWordThanTest() { + accessControl.setAccount("123"); + plainAclPlugEngine.setAccessControl(accessControl); + } + + @Test(expected = AclPlugRuntimeException.class) + public void testPlainAclPlugEngineInit() { + System.setProperty("rocketmq.home.dir", ""); + new PlainAclPlugEngine().initialize(); + } + + @Test + public void authenticationInfoOfSetAccessControl() { + plainAclPlugEngine.setAccessControl(accessControl); + + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + + AccessControl getAccessControl = authenticationInfo.getAccessControl(); + Assert.assertEquals(accessControl, getAccessControl); + + AccessControl testAccessControl = new AccessControl(); + testAccessControl.setAccount("rokcetmq"); + testAccessControl.setPassword("aliyun11"); + testAccessControl.setNetaddress("127.0.0.1"); + testAccessControl.setRecognition("127.0.0.1:1"); + + testAccessControl.setAccount("rokcetmq1"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + + testAccessControl.setAccount("rokcetmq"); + testAccessControl.setPassword("1234567"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + + testAccessControl.setNetaddress("127.0.0.2"); + authenticationInfo = plainAclPlugEngine.getAccessControl(testAccessControl); + Assert.assertNull(authenticationInfo); + } + + @Test + public void setAccessControlList() { + List accessControlList = new ArrayList<>(); + accessControlList.add(accessControl); + + accessControlList.add(accessControlTwo); + + plainAclPlugEngine.setAccessControlList(accessControlList); + + AuthenticationInfo newAccessControl = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertEquals(accessControl, newAccessControl.getAccessControl()); + + newAccessControl = plainAclPlugEngine.getAccessControl(accessControlTwo); + Assert.assertEquals(accessControlTwo, newAccessControl.getAccessControl()); + + } + + @Test + public void setNetaddressAccessControl() { + AccessControl accessControl = new BrokerAccessControl(); + accessControl.setAccount("RocketMQ"); + accessControl.setPassword("RocketMQ"); + accessControl.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(accessControl); + plainAclPlugEngine.setNetaddressAccessControl(accessControl); + + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + + AccessControl getAccessControl = authenticationInfo.getAccessControl(); + Assert.assertEquals(accessControl, getAccessControl); + + accessControl.setNetaddress("127.0.0.2"); + authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertNull(authenticationInfo); + } + + public void eachCheckLoginAndAuthentication() { + + } + + @Test(expected = AclPlugRuntimeException.class) + public void BrokerAccessControlTransportTestNull() { + BrokerAccessControlTransport accessControlTransport = new BrokerAccessControlTransport(); + plainAclPlugEngine.setBrokerAccessControlTransport(accessControlTransport); + } + + @Test + public void BrokerAccessControlTransportTest() { + BrokerAccessControlTransport accessControlTransport = new BrokerAccessControlTransport(); + List list = new ArrayList<>(); + list.add((BrokerAccessControl) this.accessControlTwo); + accessControlTransport.setOnlyNetAddress((BrokerAccessControl) this.accessControl); + accessControlTransport.setList(list); + plainAclPlugEngine.setBrokerAccessControlTransport(accessControlTransport); + + AccessControl accessControl = new BrokerAccessControl(); + accessControl.setAccount("RocketMQ"); + accessControl.setPassword("RocketMQ"); + accessControl.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(accessControl); + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAccessControl(accessControl); + Assert.assertNotNull(authenticationInfo.getAccessControl()); + + authenticationInfo = plainAclPlugEngine.getAccessControl(accessControlTwo); + Assert.assertEquals(accessControlTwo, authenticationInfo.getAccessControl()); + + } + + @Test + public void authenticationTest() { + AuthenticationResult authenticationResult = new AuthenticationResult(); + accessControl.setCode(317); + + boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(321); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setCode(10); + accessControl.setTopic("permitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(310); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(320); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setTopic("noPermitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setTopic("nopermitSendTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setCode(11); + accessControl.setTopic("permitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setTopic("noPermitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + accessControl.setTopic("nopermitPullTopic"); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + } + + @Test + public void isEmptyTest() { + AuthenticationResult authenticationResult = new AuthenticationResult(); + accessControl.setCode(10); + accessControl.setTopic("absentTopic"); + boolean isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + Set permitSendTopic = new HashSet<>(); + brokerAccessControl.setPermitSendTopic(permitSendTopic); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + + accessControl.setCode(11); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertFalse(isReturn); + + brokerAccessControl.setPermitPullTopic(permitSendTopic); + isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); + Assert.assertTrue(isReturn); + } + + @Test + public void adminBrokerAccessControlTest() { + BrokerAccessControl admin = new BrokerAccessControl(); + admin.setAccount("adminTest"); + admin.setPassword("adminTest"); + admin.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(admin); + Assert.assertFalse(admin.isUpdateAndCreateTopic()); + + admin.setAdmin(true); + plainAclPlugEngine.setAccessControl(admin); + Assert.assertTrue(admin.isUpdateAndCreateTopic()); + } + + @Test + public void adminEachCheckAuthentication() { + BrokerAccessControl accessControl = new BrokerAccessControl(); + accessControl.setAccount("RocketMQ1"); + accessControl.setPassword("1234567"); + accessControl.setNetaddress("127.0.0.1"); + plainAclPlugEngine.setAccessControl(accessControl); + for (Integer code : adminCode) { + accessControl.setCode(code); + AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl); + Assert.assertFalse(authenticationResult.isSucceed()); + + } + plainAclPlugEngine.cleanAuthenticationInfo(); + accessControl.setAdmin(true); + plainAclPlugEngine.setAccessControl(accessControl); + for (Integer code : adminCode) { + accessControl.setCode(code); + AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl); + Assert.assertTrue(authenticationResult.isSucceed()); + } + } + + @Test + public void cleanAuthenticationInfoTest() { + plainAclPlugEngine.setAccessControl(accessControl); + accessControl.setCode(202); + AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl); + Assert.assertTrue(authenticationResult.isSucceed()); + plainAclPlugEngine.cleanAuthenticationInfo(); + authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl); + Assert.assertFalse(authenticationResult.isSucceed()); + } + + @Test + public void isWatchStartTest() { + PlainAclPlugEngine plainAclPlugEngine = new PlainAclPlugEngine(); + Assert.assertTrue(plainAclPlugEngine.isWatchStart()); + System.setProperty("java.version", "1.6.11"); + plainAclPlugEngine = new PlainAclPlugEngine(); + Assert.assertFalse(plainAclPlugEngine.isWatchStart()); + } + + @Test + public void watchTest() throws IOException { + System.setProperty("rocketmq.home.dir", "src/test/resources/watch"); + File file = new File("src/test/resources/watch/conf"); + file.mkdirs(); + File transport = new File("src/test/resources/watch/conf/transport.yml"); + transport.createNewFile(); + + FileWriter writer = new FileWriter(transport); + writer.write("list:\r\n"); + writer.write("- account: rokcetmq\r\n"); + writer.write(" password: aliyun11\r\n"); + writer.write(" netaddress: 127.0.0.1\r\n"); + writer.flush(); + writer.close(); + PlainAclPlugEngine plainAclPlugEngine = new PlainAclPlugEngine(); + accessControl.setCode(203); + AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl); + Assert.assertTrue(authenticationResult.isSucceed()); + + writer = new FileWriter(new File("src/test/resources/watch/conf/transport.yml"), true); + writer.write("- account: rokcet1\r\n"); + writer.write(" password: aliyun1\r\n"); + writer.write(" netaddress: 127.0.0.1\r\n"); + writer.flush(); + writer.close(); + try { + Thread.sleep(100); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + accessControlTwo.setCode(203); + authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControlTwo); + Assert.assertTrue(authenticationResult.isSucceed()); + + transport.delete(); + file.delete(); + file = new File("src/test/resources/watch"); + file.delete(); + + } + + @Test + public void analysisTest() { + BrokerAccessControl accessControl = new BrokerAccessControl(); + accessControl.setSendMessage(false); + Map map = accessContralAnalysis.analysis(accessControl); + + Iterator> it = map.entrySet().iterator(); + long num = 0; + while (it.hasNext()) { + Entry e = it.next(); + if (!e.getValue()) { + if (adminCode.contains(e.getKey())) { + continue; + } + Assert.assertEquals(e.getKey(), Integer.valueOf(10)); + num++; + } + } + Assert.assertEquals(num, 1); + } + + @Test(expected = AclPlugRuntimeException.class) + public void analysisExceptionTest() { + AccessControl accessControl = new AccessControl(); + accessContralAnalysis.analysis(accessControl); + } +} diff --git a/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java b/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java deleted file mode 100644 index 83004bc2c269f93ba774bbee184f625f2f54bbd6..0000000000000000000000000000000000000000 --- a/acl/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java +++ /dev/null @@ -1,260 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.engine; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; -import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; -import org.apache.rocketmq.acl.plug.entity.ControllerParameters; -import org.apache.rocketmq.acl.plug.entity.LoginInfo; -import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; -import org.apache.rocketmq.common.MixAll; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.internal.util.reflection.FieldSetter; -import org.mockito.junit.MockitoJUnitRunner; -import org.yaml.snakeyaml.Yaml; - -@RunWith(MockitoJUnitRunner.class) -public class PlainAclPlugEngineTest { - - PlainAclPlugEngine plainAclPlugEngine; - - BorkerAccessControlTransport transport; - - AccessControl accessControl; - - AccessControl accessControlTwo; - - Map loginInfoMap; - - @Before - public void init() throws NoSuchFieldException, SecurityException, IOException { - System.setProperty("rocketmq.home.dir", "src/test/resources"); - ControllerParameters controllerParametersEntity = new ControllerParameters(); - Yaml ymal = new Yaml(); - transport = ymal.loadAs(new FileInputStream(new File(controllerParametersEntity.getFileHome()+"/conf/transport.yml")), BorkerAccessControlTransport.class); - - plainAclPlugEngine = new PlainAclPlugEngine(controllerParametersEntity); - plainAclPlugEngine.initialize(); - - - accessControl = new BorkerAccessControl(); - accessControl.setAccount("rokcetmq"); - accessControl.setPassword("aliyun11"); - accessControl.setNetaddress("127.0.0.1"); - accessControl.setRecognition("127.0.0.1:1"); - - accessControlTwo = new BorkerAccessControl(); - accessControlTwo.setAccount("rokcet1"); - accessControlTwo.setPassword("aliyun1"); - accessControlTwo.setNetaddress("127.0.0.1"); - accessControlTwo.setRecognition("127.0.0.1:2"); - - loginInfoMap = new ConcurrentHashMap<>(); - FieldSetter.setField(plainAclPlugEngine, plainAclPlugEngine.getClass().getSuperclass().getDeclaredField("loginInfoMap"), loginInfoMap); - - } - - @Test(expected = AclPlugRuntimeException.class) - public void accountNullTest() { - accessControl.setAccount(null); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void accountThanTest() { - accessControl.setAccount("123"); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void passWordtNullTest() { - accessControl.setAccount(null); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void passWordThanTest() { - accessControl.setAccount("123"); - plainAclPlugEngine.setAccessControl(accessControl); - } - - @Test(expected = AclPlugRuntimeException.class) - public void testPlainAclPlugEngineInit() { - ControllerParameters controllerParametersEntity = new ControllerParameters(); - controllerParametersEntity.setFileHome(""); - new PlainAclPlugEngine(controllerParametersEntity).initialize(); - - } - - @Test - public void authenticationInfoOfSetAccessControl() { - AuthenticationInfoManagementAclPlugEngine aclPlugEngine = (AuthenticationInfoManagementAclPlugEngine) plainAclPlugEngine; - aclPlugEngine.setAccessControl(accessControl); - - AuthenticationInfo authenticationInfo = aclPlugEngine.getAccessControl(accessControl); - - AccessControl getAccessControl = authenticationInfo.getAccessControl(); - Assert.assertEquals(accessControl, getAccessControl); - - AccessControl testAccessControl = new AccessControl(); - testAccessControl.setAccount("rokcetmq"); - testAccessControl.setPassword("aliyun11"); - testAccessControl.setNetaddress("127.0.0.1"); - testAccessControl.setRecognition("127.0.0.1:1"); - - testAccessControl.setAccount("rokcetmq1"); - authenticationInfo = aclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - - testAccessControl.setAccount("rokcetmq"); - testAccessControl.setPassword("1234567"); - authenticationInfo = aclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - - testAccessControl.setNetaddress("127.0.0.2"); - authenticationInfo = aclPlugEngine.getAccessControl(testAccessControl); - Assert.assertNull(authenticationInfo); - } - - @Test - public void setAccessControlList() { - List accessControlList = new ArrayList<>(); - accessControlList.add(accessControl); - - accessControlList.add(accessControlTwo); - - plainAclPlugEngine.setAccessControlList(accessControlList); - - AuthenticationInfoManagementAclPlugEngine aclPlugEngine = (AuthenticationInfoManagementAclPlugEngine) plainAclPlugEngine; - AuthenticationInfo newAccessControl = aclPlugEngine.getAccessControl(accessControl); - Assert.assertEquals(accessControl, newAccessControl.getAccessControl()); - - newAccessControl = aclPlugEngine.getAccessControl(accessControlTwo); - Assert.assertEquals(accessControlTwo, newAccessControl.getAccessControl()); - - } - - @Test - public void setNetaddressAccessControl() { - AuthenticationInfoManagementAclPlugEngine aclPlugEngine = (AuthenticationInfoManagementAclPlugEngine) plainAclPlugEngine; - AccessControl accessControl = new BorkerAccessControl(); - accessControl.setAccount("RocketMQ"); - accessControl.setPassword("RocketMQ"); - accessControl.setNetaddress("127.0.0.1"); - aclPlugEngine.setAccessControl(accessControl); - aclPlugEngine.setNetaddressAccessControl(accessControl); - - AuthenticationInfo authenticationInfo = aclPlugEngine.getAccessControl(accessControl); - - AccessControl getAccessControl = authenticationInfo.getAccessControl(); - Assert.assertEquals(accessControl, getAccessControl); - - accessControl.setNetaddress("127.0.0.2"); - authenticationInfo = aclPlugEngine.getAccessControl(accessControl); - Assert.assertNull(authenticationInfo); - } - - public void eachCheckLoginAndAuthentication() { - - } - - @Test(expected = AclPlugRuntimeException.class) - public void borkerAccessControlTransportTestNull() { - plainAclPlugEngine.setBorkerAccessControlTransport(new BorkerAccessControlTransport()); - } - - @Test - public void borkerAccessControlTransportTest() { - BorkerAccessControlTransport borkerAccessControlTransprt = new BorkerAccessControlTransport(); - borkerAccessControlTransprt.setOnlyNetAddress((BorkerAccessControl) this.accessControl); - List list = new ArrayList<>(); - list.add((BorkerAccessControl) this.accessControlTwo); - borkerAccessControlTransprt.setList(list); - plainAclPlugEngine.setBorkerAccessControlTransport(borkerAccessControlTransprt); - - AuthenticationInfoManagementAclPlugEngine aclPlugEngine = (AuthenticationInfoManagementAclPlugEngine) plainAclPlugEngine; - AccessControl accessControl = new BorkerAccessControl(); - accessControl.setAccount("RocketMQ"); - accessControl.setPassword("RocketMQ"); - accessControl.setNetaddress("127.0.0.1"); - aclPlugEngine.setAccessControl(accessControl); - AuthenticationInfo authenticationInfo = aclPlugEngine.getAccessControl(accessControl); - Assert.assertNotNull(authenticationInfo.getAccessControl()); - - authenticationInfo = aclPlugEngine.getAccessControl(accessControlTwo); - Assert.assertEquals(accessControlTwo, authenticationInfo.getAccessControl()); - - } - - @Test - public void getLoginInfo() { - plainAclPlugEngine.setAccessControl(accessControl); - LoginInfo loginInfo = plainAclPlugEngine.getLoginInfo(accessControl); - Assert.assertNotNull(loginInfo); - - loginInfo = plainAclPlugEngine.getLoginInfo(accessControlTwo); - Assert.assertNull(loginInfo); - - } - - @Test - public void deleteLoginInfo() { - plainAclPlugEngine.setAccessControl(accessControl); - plainAclPlugEngine.getLoginInfo(accessControl); - - LoginInfo loginInfo = loginInfoMap.get(accessControl.getRecognition()); - Assert.assertNotNull(loginInfo); - - plainAclPlugEngine.deleteLoginInfo(accessControl.getRecognition()); - - loginInfo = loginInfoMap.get(accessControl.getRecognition()); - Assert.assertNull(loginInfo); - } - - @Test - public void getAuthenticationInfo() { - AccessControl newAccessControl = new AccessControl(); - newAccessControl.setAccount("rokcetmq"); - newAccessControl.setPassword("aliyun11"); - newAccessControl.setNetaddress("127.0.0.1"); - newAccessControl.setRecognition("127.0.0.1:1"); - - AuthenticationResult authenticationResult = new AuthenticationResult(); - plainAclPlugEngine.getAuthenticationInfo(newAccessControl, authenticationResult); - Assert.assertEquals("Login information does not exist, Please check login, password, IP", authenticationResult.getResultString()); - - plainAclPlugEngine.setAccessControl(accessControl); - AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAuthenticationInfo(newAccessControl, authenticationResult); - Assert.assertNotNull(authenticationInfo); - - } -} diff --git a/acl/src/test/resources/conf/transport.yml b/acl/src/test/resources/conf/transport.yml index 99d26fd8eb4427b7842ad75e7b84490baf7a4cf9..6b1450ef952c181abd03cb4c3840b3647271a4ae 100644 --- a/acl/src/test/resources/conf/transport.yml +++ b/acl/src/test/resources/conf/transport.yml @@ -22,6 +22,7 @@ list: - account: RocketMQ password: 1234567 netaddress: 192.0.0.* + admin: true permitSendTopic: - test1 - test2 diff --git a/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java b/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java index a6da44b641dcb57ffff36544c5218f4bbd5daf92..796b72ef273abe22ca74819f0946b678293a367c 100644 --- a/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java +++ b/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java @@ -1033,6 +1033,7 @@ public class BrokerController { public void registerServerRPCHook(RPCHook rpcHook) { getRemotingServer().registerRPCHook(rpcHook); + this.fastRemotingServer.registerRPCHook(rpcHook); } public RemotingServer getRemotingServer() { diff --git a/srvutil/src/main/java/org/apache/rocketmq/srvutil/ServerUtil.java b/srvutil/src/main/java/org/apache/rocketmq/srvutil/ServerUtil.java index 066d36cedd981390ea816e6661b2ddc489168024..ea8047a2ff12f077e59797587e7da6b9c79c949b 100644 --- a/srvutil/src/main/java/org/apache/rocketmq/srvutil/ServerUtil.java +++ b/srvutil/src/main/java/org/apache/rocketmq/srvutil/ServerUtil.java @@ -35,8 +35,8 @@ public class ServerUtil { new Option("n", "namesrvAddr", true, "Name server address list, eg: 192.168.0.1:9876;192.168.0.2:9876"); opt.setRequired(false); - options.addOption(opt); - + options.addOption(opt); + return options; } diff --git a/tools/pom.xml b/tools/pom.xml index dc0e256ed462186bf01bee17bd38d89be1e70a90..086c3e64c13ec767571e36b73747064726e1a2e5 100644 --- a/tools/pom.xml +++ b/tools/pom.xml @@ -15,7 +15,8 @@ limitations under the License. --> - + org.apache.rocketmq rocketmq-all @@ -60,5 +61,9 @@ org.apache.commons commons-lang3 + + org.yaml + snakeyaml + diff --git a/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java b/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java index 6a51b7b4b924963657cf76413e7c38054a09b58a..34e9f451a2e0ecda8982e92dbd56660fc8545aec 100644 --- a/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java +++ b/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java @@ -19,13 +19,17 @@ package org.apache.rocketmq.tools.command; import ch.qos.logback.classic.LoggerContext; import ch.qos.logback.classic.joran.JoranConfigurator; import ch.qos.logback.core.joran.spi.JoranException; - +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; - +import java.util.Map; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Options; import org.apache.commons.cli.PosixParser; +import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.common.MQVersion; import org.apache.rocketmq.common.MixAll; import org.apache.rocketmq.remoting.RPCHook; @@ -75,6 +79,7 @@ import org.apache.rocketmq.tools.command.topic.UpdateOrderConfCommand; import org.apache.rocketmq.tools.command.topic.UpdateTopicPermSubCommand; import org.apache.rocketmq.tools.command.topic.UpdateTopicSubCommand; import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; public class MQAdminStartup { protected static List subCommandList = new ArrayList(); @@ -129,7 +134,7 @@ public class MQAdminStartup { System.setProperty(MixAll.NAMESRV_ADDR_PROPERTY, namesrvAddr); } - cmd.execute(commandLine, options, rpcHook); + cmd.execute(commandLine, options, getAclRPCHook(commandLine)); } else { System.out.printf("The sub command %s not exist.%n", args[0]); } @@ -157,7 +162,7 @@ public class MQAdminStartup { initCommand(new QueryMsgByKeySubCommand()); initCommand(new QueryMsgByUniqueKeySubCommand()); initCommand(new QueryMsgByOffsetSubCommand()); - + initCommand(new PrintMessageSubCommand()); initCommand(new PrintMessageByQueueCommand()); initCommand(new SendMsgStatusCommand()); @@ -211,7 +216,6 @@ public class MQAdminStartup { private static void printHelp() { System.out.printf("The most commonly used mqadmin commands are:%n"); - for (SubCommand cmd : subCommandList) { System.out.printf(" %-20s %s%n", cmd.commandName(), cmd.commandDesc()); } @@ -243,4 +247,65 @@ public class MQAdminStartup { public static void initCommand(SubCommand command) { subCommandList.add(command); } + + public static RPCHook getAclRPCHook(CommandLine commandLine) { + String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, System.getenv(MixAll.ROCKETMQ_HOME_ENV)); + File file = new File(fileHome + "/conf/tools.yml"); + if (!file.exists()) { + System.out.printf("file %s is not exist \n", file.getPath()); + return null; + } + Yaml ymal = new Yaml(); + FileInputStream fis = null; + Map> map = null; + try { + fis = new FileInputStream(file); + map = ymal.loadAs(fis, Map.class); + } catch (Exception e) { + e.printStackTrace(); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + } + if (map == null || map.isEmpty()) { + System.out.printf("file %s is no data", file.getPath()); + return null; + } + + final Map> newMap = map; + return new RPCHook() { + + @Override + public void doBeforeRequest(String remoteAddr, RemotingCommand request) { + System.out.printf("remoteAddr is %s code %d \n", remoteAddr, request.getCode()); + String fastRemoteAddr = null; + if (remoteAddr != null) { + String[] ipAndPost = StringUtils.split(remoteAddr, ":"); + Integer fastPost = Integer.valueOf(ipAndPost[1]) + 2; + fastRemoteAddr = ipAndPost[0] + ":" + fastPost.toString(); + } + Map map; + if ((map = newMap.get(remoteAddr)) != null || (map = newMap.get(fastRemoteAddr)) != null || (map = newMap.get("all")) != null) { + HashMap ext = request.getExtFields(); + if (ext == null) { + ext = new HashMap<>(); + request.setExtFields(ext); + } + ext.put("account", map.get("account").toString()); + ext.put("password", map.get("password").toString()); + } + + } + + @Override + public void doAfterResponse(String remoteAddr, RemotingCommand request, RemotingCommand response) { + } + }; + + } }