Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
s920243400
Rocketmq
提交
59718fd9
R
Rocketmq
项目概览
s920243400
/
Rocketmq
与 Fork 源项目一致
Fork自
Apache RocketMQ / Rocketmq
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
Rocketmq
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
未验证
提交
59718fd9
编写于
5月 23, 2021
作者:
H
Heng Du
提交者:
GitHub
5月 23, 2021
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #2418 from Git-Yang/enhanced_acl
[ISSUE #2328] Add parameter validation to ACL
上级
d21f4d3c
7848895e
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
82 addition
and
6 deletion
+82
-6
acl/src/main/java/org/apache/rocketmq/acl/common/AclConstants.java
...ain/java/org/apache/rocketmq/acl/common/AclConstants.java
+10
-0
acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
.../main/java/org/apache/rocketmq/acl/common/Permission.java
+24
-5
acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
...org/apache/rocketmq/acl/plain/PlainPermissionManager.java
+4
-1
acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
...t/java/org/apache/rocketmq/acl/common/PermissionTest.java
+24
-0
acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
...g/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
+20
-0
未找到文件。
acl/src/main/java/org/apache/rocketmq/acl/common/AclConstants.java
浏览文件 @
59718fd9
...
...
@@ -44,6 +44,16 @@ public class AclConstants {
public
static
final
String
CONFIG_TIME_STAMP
=
"timestamp"
;
public
static
final
String
PUB
=
"PUB"
;
public
static
final
String
SUB
=
"SUB"
;
public
static
final
String
DENY
=
"DENY"
;
public
static
final
String
PUB_SUB
=
"PUB|SUB"
;
public
static
final
String
SUB_PUB
=
"SUB|PUB"
;
public
static
final
int
ACCESS_KEY_MIN_LENGTH
=
6
;
public
static
final
int
SECRET_KEY_MIN_LENGTH
=
6
;
...
...
acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
浏览文件 @
59718fd9
...
...
@@ -60,14 +60,14 @@ public class Permission {
return
Permission
.
DENY
;
}
switch
(
permString
.
trim
())
{
case
"PUB"
:
case
AclConstants
.
PUB
:
return
Permission
.
PUB
;
case
"SUB"
:
case
AclConstants
.
SUB
:
return
Permission
.
SUB
;
case
"PUB|SUB"
:
case
"SUB|PUB"
:
case
AclConstants
.
PUB_SUB
:
case
AclConstants
.
SUB_PUB
:
return
Permission
.
PUB
|
Permission
.
SUB
;
case
"DENY"
:
case
AclConstants
.
DENY
:
return
Permission
.
DENY
;
default
:
return
Permission
.
DENY
;
...
...
@@ -89,6 +89,25 @@ public class Permission {
}
}
public
static
void
checkResourcePerms
(
List
<
String
>
resources
)
{
if
(
resources
==
null
||
resources
.
isEmpty
())
{
return
;
}
for
(
String
resource
:
resources
)
{
String
[]
items
=
StringUtils
.
split
(
resource
,
"="
);
if
(
items
.
length
!=
2
)
{
throw
new
AclException
(
String
.
format
(
"Parse Resource format error for %s.\n"
+
"The expected resource format is 'Res=Perm'. For example: topicA=SUB"
,
resource
));
}
if
(!
AclConstants
.
DENY
.
equals
(
items
[
1
].
trim
())
&&
Permission
.
DENY
==
Permission
.
parsePermFromString
(
items
[
1
].
trim
()))
{
throw
new
AclException
(
String
.
format
(
"Parse resource permission error for %s.\n"
+
"The expected permissions are 'SUB' or 'PUB' or 'SUB|PUB' or 'PUB|SUB'."
,
resource
));
}
}
}
public
static
boolean
needAdminPerm
(
Integer
code
)
{
return
ADMIN_CODE
.
contains
(
code
);
}
...
...
acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
浏览文件 @
59718fd9
...
...
@@ -128,9 +128,12 @@ public class PlainPermissionManager {
if
(
plainAccessConfig
==
null
)
{
log
.
error
(
"Parameter value plainAccessConfig is null,Please check your parameter"
);
return
false
;
throw
new
AclException
(
"Parameter value plainAccessConfig is null, Please check your parameter"
)
;
}
Permission
.
checkResourcePerms
(
plainAccessConfig
.
getTopicPerms
());
Permission
.
checkResourcePerms
(
plainAccessConfig
.
getGroupPerms
());
Map
<
String
,
Object
>
aclAccessConfigMap
=
AclUtils
.
getYamlDataObject
(
fileHome
+
File
.
separator
+
fileName
,
Map
.
class
);
if
(
aclAccessConfigMap
==
null
||
aclAccessConfigMap
.
isEmpty
())
{
...
...
acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
浏览文件 @
59718fd9
...
...
@@ -17,6 +17,7 @@
package
org.apache.rocketmq.acl.common
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.HashSet
;
import
java.util.List
;
import
java.util.Map
;
...
...
@@ -165,4 +166,27 @@ public class PermissionTest {
aclException
.
setStatus
(
"netaddress examine scope Exception netaddress"
);
Assert
.
assertEquals
(
aclException
.
getStatus
(),
"netaddress examine scope Exception netaddress"
);
}
@Test
public
void
checkResourcePermsNormalTest
()
{
Permission
.
checkResourcePerms
(
null
);
Permission
.
checkResourcePerms
(
new
ArrayList
<>());
Permission
.
checkResourcePerms
(
Arrays
.
asList
(
"topicA=PUB"
));
Permission
.
checkResourcePerms
(
Arrays
.
asList
(
"topicA=PUB"
,
"topicB=SUB"
,
"topicC=PUB|SUB"
));
}
@Test
(
expected
=
AclException
.
class
)
public
void
checkResourcePermsExceptionTest1
()
{
Permission
.
checkResourcePerms
(
Arrays
.
asList
(
"topicA"
));
}
@Test
(
expected
=
AclException
.
class
)
public
void
checkResourcePermsExceptionTest2
()
{
Permission
.
checkResourcePerms
(
Arrays
.
asList
(
"topicA="
));
}
@Test
(
expected
=
AclException
.
class
)
public
void
checkResourcePermsExceptionTest3
()
{
Permission
.
checkResourcePerms
(
Arrays
.
asList
(
"topicA=DENY1"
));
}
}
acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
浏览文件 @
59718fd9
...
...
@@ -546,6 +546,26 @@ public class PlainAccessValidatorTest {
Assert
.
assertEquals
(
plainAccessValidator
.
updateAccessConfig
(
plainAccessConfig
),
false
);
}
@Test
(
expected
=
AclException
.
class
)
public
void
createAndUpdateAccessAclYamlConfigExceptionTest
()
{
System
.
setProperty
(
"rocketmq.home.dir"
,
"src/test/resources"
);
System
.
setProperty
(
"rocketmq.acl.plain.file"
,
"/conf/plain_acl_update_create.yml"
);
PlainAccessConfig
plainAccessConfig
=
new
PlainAccessConfig
();
plainAccessConfig
.
setAccessKey
(
"RocketMQ33"
);
plainAccessConfig
.
setSecretKey
(
"123456789111"
);
List
<
String
>
topicPerms
=
new
ArrayList
<
String
>();
topicPerms
.
add
(
"topicB=PUB"
);
plainAccessConfig
.
setTopicPerms
(
topicPerms
);
List
<
String
>
groupPerms
=
new
ArrayList
<
String
>();
groupPerms
.
add
(
"groupC=DENY1"
);
plainAccessConfig
.
setGroupPerms
(
groupPerms
);
PlainAccessValidator
plainAccessValidator
=
new
PlainAccessValidator
();
// Create element in the acl access yaml config file
plainAccessValidator
.
updateAccessConfig
(
plainAccessConfig
);
}
@Test
public
void
updateGlobalWhiteAddrsNormalTest
()
{
System
.
setProperty
(
"rocketmq.home.dir"
,
"src/test/resources"
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录