提交 b11ccc5c 编写于 作者: H hujie

admin

上级 fb606838
...@@ -56,6 +56,8 @@ public class PlainAclPlugEngine { ...@@ -56,6 +56,8 @@ public class PlainAclPlugEngine {
private Class<?> accessContralAnalysisClass = RequestCode.class; private Class<?> accessContralAnalysisClass = RequestCode.class;
private boolean isWatchStart;
public PlainAclPlugEngine() { public PlainAclPlugEngine() {
initialize(); initialize();
watch(); watch();
...@@ -95,6 +97,7 @@ public class PlainAclPlugEngine { ...@@ -95,6 +97,7 @@ public class PlainAclPlugEngine {
if ("transport.yml".equals(event.context().toString()) && if ("transport.yml".equals(event.context().toString()) &&
(StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind()) || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) { (StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind()) || StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) {
log.info("transprot.yml make a difference change is : ", event.toString()); log.info("transprot.yml make a difference change is : ", event.toString());
PlainAclPlugEngine.this.cleanAuthenticationInfo();
initialize(); initialize();
} }
} }
...@@ -114,11 +117,30 @@ public class PlainAclPlugEngine { ...@@ -114,11 +117,30 @@ public class PlainAclPlugEngine {
}; };
watcherServcie.start(); watcherServcie.start();
log.info("succeed start watcherServcie"); log.info("succeed start watcherServcie");
this.isWatchStart = true;
} catch (IOException e) { } catch (IOException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
} }
} }
private void handleAccessControl(AccessControl accessControl) {
if (accessControl instanceof BrokerAccessControl) {
BrokerAccessControl brokerAccessControl = (BrokerAccessControl) accessControl;
if (brokerAccessControl.isAdmin()) {
brokerAccessControl.setUpdateAndCreateSubscriptiongroup(true);
brokerAccessControl.setDeleteSubscriptiongroup(true);
brokerAccessControl.setUpdateAndCreateTopic(true);
brokerAccessControl.setDeleteTopicInbroker(true);
brokerAccessControl.setUpdateBrokerConfig(true);
}
}
}
void cleanAuthenticationInfo() {
accessControlMap.clear();
authenticationInfo = null;
}
public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException {
if (accessControl.getAccount() == null || accessControl.getPassword() == null if (accessControl.getAccount() == null || accessControl.getPassword() == null
|| accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) {
...@@ -127,6 +149,7 @@ public class PlainAclPlugEngine { ...@@ -127,6 +149,7 @@ public class PlainAclPlugEngine {
accessControl.getAccount(), accessControl.getPassword())); accessControl.getAccount(), accessControl.getPassword()));
} }
try { try {
handleAccessControl(accessControl);
NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl);
List<AuthenticationInfo> accessControlAddressList = accessControlMap.get(accessControl.getAccount()); List<AuthenticationInfo> accessControlAddressList = accessControlMap.get(accessControl.getAccount());
if (accessControlAddressList == null) { if (accessControlAddressList == null) {
...@@ -198,13 +221,6 @@ public class PlainAclPlugEngine { ...@@ -198,13 +221,6 @@ public class PlainAclPlugEngine {
} }
if (transport.getList() != null || transport.getList().size() > 0) { if (transport.getList() != null || transport.getList().size() > 0) {
for (BrokerAccessControl accessControl : transport.getList()) { for (BrokerAccessControl accessControl : transport.getList()) {
if (accessControl.isAdmin()) {
accessControl.setUpdateAndCreateSubscriptiongroup(true);
accessControl.setDeleteSubscriptiongroup(true);
accessControl.setUpdateAndCreateTopic(true);
accessControl.setDeleteTopicInbroker(true);
accessControl.setUpdateBrokerConfig(true);
}
this.setAccessControl(accessControl); this.setAccessControl(accessControl);
} }
} }
...@@ -244,6 +260,10 @@ public class PlainAclPlugEngine { ...@@ -244,6 +260,10 @@ public class PlainAclPlugEngine {
return true; return true;
} }
public boolean isWatchStart() {
return isWatchStart;
}
public static class AccessContralAnalysis { public static class AccessContralAnalysis {
private Map<Class<?>, Map<Integer, Field>> classTocodeAndMentod = new HashMap<>(); private Map<Class<?>, Map<Integer, Field>> classTocodeAndMentod = new HashMap<>();
......
...@@ -16,6 +16,8 @@ ...@@ -16,6 +16,8 @@
*/ */
package org.apache.rocketmq.acl.plug; package org.apache.rocketmq.acl.plug;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
...@@ -46,38 +48,50 @@ public class PlainAclPlugEngineTest { ...@@ -46,38 +48,50 @@ public class PlainAclPlugEngineTest {
AuthenticationInfo authenticationInfo; AuthenticationInfo authenticationInfo;
BrokerAccessControl BrokerAccessControl; BrokerAccessControl brokerAccessControl;
Set<Integer> adminCode = new HashSet<>();
@Before @Before
public void init() throws NoSuchFieldException, SecurityException, IOException { public void init() throws NoSuchFieldException, SecurityException, IOException {
// UPDATE_AND_CREATE_TOPIC
adminCode.add(17);
// UPDATE_BROKER_CONFIG
adminCode.add(25);
// DELETE_TOPIC_IN_BROKER
adminCode.add(215);
// UPDATE_AND_CREATE_SUBSCRIPTIONGROUP
adminCode.add(200);
// DELETE_SUBSCRIPTIONGROUP
adminCode.add(207);
accessContralAnalysis.analysisClass(RequestCode.class); accessContralAnalysis.analysisClass(RequestCode.class);
BrokerAccessControl = new BrokerAccessControl(); brokerAccessControl = new BrokerAccessControl();
// 321 // 321
BrokerAccessControl.setQueryConsumeQueue(false); brokerAccessControl.setQueryConsumeQueue(false);
Set<String> permitSendTopic = new HashSet<>(); Set<String> permitSendTopic = new HashSet<>();
permitSendTopic.add("permitSendTopic"); permitSendTopic.add("permitSendTopic");
BrokerAccessControl.setPermitSendTopic(permitSendTopic); brokerAccessControl.setPermitSendTopic(permitSendTopic);
Set<String> noPermitSendTopic = new HashSet<>(); Set<String> noPermitSendTopic = new HashSet<>();
noPermitSendTopic.add("noPermitSendTopic"); noPermitSendTopic.add("noPermitSendTopic");
BrokerAccessControl.setNoPermitSendTopic(noPermitSendTopic); brokerAccessControl.setNoPermitSendTopic(noPermitSendTopic);
Set<String> permitPullTopic = new HashSet<>(); Set<String> permitPullTopic = new HashSet<>();
permitPullTopic.add("permitPullTopic"); permitPullTopic.add("permitPullTopic");
BrokerAccessControl.setPermitPullTopic(permitPullTopic); brokerAccessControl.setPermitPullTopic(permitPullTopic);
Set<String> noPermitPullTopic = new HashSet<>(); Set<String> noPermitPullTopic = new HashSet<>();
noPermitPullTopic.add("noPermitPullTopic"); noPermitPullTopic.add("noPermitPullTopic");
BrokerAccessControl.setNoPermitPullTopic(noPermitPullTopic); brokerAccessControl.setNoPermitPullTopic(noPermitPullTopic);
AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis(); AccessContralAnalysis accessContralAnalysis = new AccessContralAnalysis();
accessContralAnalysis.analysisClass(RequestCode.class); accessContralAnalysis.analysisClass(RequestCode.class);
Map<Integer, Boolean> map = accessContralAnalysis.analysis(BrokerAccessControl); Map<Integer, Boolean> map = accessContralAnalysis.analysis(brokerAccessControl);
authenticationInfo = new AuthenticationInfo(map, BrokerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); authenticationInfo = new AuthenticationInfo(map, brokerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY);
System.setProperty("rocketmq.home.dir", "src/test/resources"); System.setProperty("rocketmq.home.dir", "src/test/resources");
plainAclPlugEngine = new PlainAclPlugEngine(); plainAclPlugEngine = new PlainAclPlugEngine();
...@@ -280,7 +294,7 @@ public class PlainAclPlugEngineTest { ...@@ -280,7 +294,7 @@ public class PlainAclPlugEngineTest {
Assert.assertFalse(isReturn); Assert.assertFalse(isReturn);
Set<String> permitSendTopic = new HashSet<>(); Set<String> permitSendTopic = new HashSet<>();
BrokerAccessControl.setPermitSendTopic(permitSendTopic); brokerAccessControl.setPermitSendTopic(permitSendTopic);
isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult);
Assert.assertTrue(isReturn); Assert.assertTrue(isReturn);
...@@ -288,11 +302,111 @@ public class PlainAclPlugEngineTest { ...@@ -288,11 +302,111 @@ public class PlainAclPlugEngineTest {
isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult);
Assert.assertFalse(isReturn); Assert.assertFalse(isReturn);
BrokerAccessControl.setPermitPullTopic(permitSendTopic); brokerAccessControl.setPermitPullTopic(permitSendTopic);
isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult); isReturn = plainAclPlugEngine.authentication(authenticationInfo, accessControl, authenticationResult);
Assert.assertTrue(isReturn); Assert.assertTrue(isReturn);
} }
@Test
public void adminBrokerAccessControlTest() {
BrokerAccessControl admin = new BrokerAccessControl();
admin.setAccount("adminTest");
admin.setPassword("adminTest");
admin.setNetaddress("127.0.0.1");
plainAclPlugEngine.setAccessControl(admin);
Assert.assertFalse(admin.isUpdateAndCreateTopic());
admin.setAdmin(true);
plainAclPlugEngine.setAccessControl(admin);
Assert.assertTrue(admin.isUpdateAndCreateTopic());
}
@Test
public void adminEachCheckAuthentication() {
BrokerAccessControl accessControl = new BrokerAccessControl();
accessControl.setAccount("RocketMQ1");
accessControl.setPassword("1234567");
accessControl.setNetaddress("127.0.0.1");
plainAclPlugEngine.setAccessControl(accessControl);
for (Integer code : adminCode) {
accessControl.setCode(code);
AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl);
Assert.assertFalse(authenticationResult.isSucceed());
}
plainAclPlugEngine.cleanAuthenticationInfo();
accessControl.setAdmin(true);
plainAclPlugEngine.setAccessControl(accessControl);
for (Integer code : adminCode) {
accessControl.setCode(code);
AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl);
Assert.assertTrue(authenticationResult.isSucceed());
}
}
@Test
public void cleanAuthenticationInfoTest() {
plainAclPlugEngine.setAccessControl(accessControl);
accessControl.setCode(202);
AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl);
Assert.assertTrue(authenticationResult.isSucceed());
plainAclPlugEngine.cleanAuthenticationInfo();
authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl);
Assert.assertFalse(authenticationResult.isSucceed());
}
@Test
public void isWatchStartTest() {
PlainAclPlugEngine plainAclPlugEngine = new PlainAclPlugEngine();
Assert.assertTrue(plainAclPlugEngine.isWatchStart());
System.setProperty("java.version", "1.6.11");
plainAclPlugEngine = new PlainAclPlugEngine();
Assert.assertFalse(plainAclPlugEngine.isWatchStart());
}
@Test
public void watchTest() throws IOException {
System.setProperty("rocketmq.home.dir", "src/test/resources/watch");
File file = new File("src/test/resources/watch/conf");
file.mkdirs();
File transport = new File("src/test/resources/watch/conf/transport.yml");
transport.createNewFile();
FileWriter writer = new FileWriter(transport);
writer.write("list:\r\n");
writer.write("- account: rokcetmq\r\n");
writer.write(" password: aliyun11\r\n");
writer.write(" netaddress: 127.0.0.1\r\n");
writer.flush();
writer.close();
PlainAclPlugEngine plainAclPlugEngine = new PlainAclPlugEngine();
accessControl.setCode(203);
AuthenticationResult authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControl);
Assert.assertTrue(authenticationResult.isSucceed());
writer = new FileWriter(new File("src/test/resources/watch/conf/transport.yml"), true);
writer.write("- account: rokcet1\r\n");
writer.write(" password: aliyun1\r\n");
writer.write(" netaddress: 127.0.0.1\r\n");
writer.flush();
writer.close();
try {
Thread.sleep(100);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
accessControlTwo.setCode(203);
authenticationResult = plainAclPlugEngine.eachCheckAuthentication(accessControlTwo);
Assert.assertTrue(authenticationResult.isSucceed());
transport.delete();
file.delete();
file = new File("src/test/resources/watch");
file.delete();
}
@Test @Test
public void analysisTest() { public void analysisTest() {
BrokerAccessControl accessControl = new BrokerAccessControl(); BrokerAccessControl accessControl = new BrokerAccessControl();
...@@ -304,6 +418,9 @@ public class PlainAclPlugEngineTest { ...@@ -304,6 +418,9 @@ public class PlainAclPlugEngineTest {
while (it.hasNext()) { while (it.hasNext()) {
Entry<Integer, Boolean> e = it.next(); Entry<Integer, Boolean> e = it.next();
if (!e.getValue()) { if (!e.getValue()) {
if (adminCode.contains(e.getKey())) {
continue;
}
Assert.assertEquals(e.getKey(), Integer.valueOf(10)); Assert.assertEquals(e.getKey(), Integer.valueOf(10));
num++; num++;
} }
......
org.apache.rocketmq.acl.PlainAccessValidator
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册