[ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. (#632)

* [ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. * [ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. * Update MQAdminStartup.java * Update MQAdminStartup.java

[ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. (#632)
* [ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. * [ISSUE#403] fix some bugs and Optimization code for rocketmq's acl feature. * Update MQAdminStartup.java * Update MQAdminStartup.java
459b246d · wangshaojie4039 · Zhendong Liu · 04726187 · 459b246d · 459b246d
7 changed file
--- a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
@@ -64,12 +64,10 @@ public class Permission {
                return Permission.PUB;
            case "SUB":
                return Permission.SUB;
-            case "ANY":
-                return Permission.ANY;
            case "PUB|SUB":
-                return Permission.ANY;
+                return Permission.PUB | Permission.SUB;
            case "SUB|PUB":
-                return Permission.ANY;
+                return Permission.PUB | Permission.SUB;
            case "DENY":
                return Permission.DENY;
            default:

--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
@@ -47,7 +47,11 @@ public class PlainAccessValidator implements AccessValidator {
    @Override
    public AccessResource parse(RemotingCommand request, String remoteAddr) {
        PlainAccessResource accessResource = new PlainAccessResource();
-        accessResource.setWhiteRemoteAddress(remoteAddr);
+        if (remoteAddr != null && remoteAddr.contains(":")) {
+            accessResource.setWhiteRemoteAddress(remoteAddr.split(":")[0]);
+        } else {
+            accessResource.setWhiteRemoteAddress(remoteAddr);
+        }
        accessResource.setRequestCode(request.getCode());
        accessResource.setAccessKey(request.getExtFields().get(SessionCredentials.ACCESS_KEY));
        accessResource.setSignature(request.getExtFields().get(SessionCredentials.SIGNATURE));

--- a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
@@ -35,14 +35,11 @@ public class PermissionTest {
        perm = Permission.parsePermFromString("SUB");
        Assert.assertEquals(perm, Permission.SUB);

-        perm = Permission.parsePermFromString("ANY");
-        Assert.assertEquals(perm, Permission.ANY);
-
        perm = Permission.parsePermFromString("PUB|SUB");
-        Assert.assertEquals(perm, Permission.ANY);
+        Assert.assertEquals(perm, Permission.PUB|Permission.SUB);

        perm = Permission.parsePermFromString("SUB|PUB");
-        Assert.assertEquals(perm, Permission.ANY);
+        Assert.assertEquals(perm, Permission.PUB|Permission.SUB);

        perm = Permission.parsePermFromString("DENY");
        Assert.assertEquals(perm, Permission.DENY);
@@ -66,8 +63,14 @@ public class PermissionTest {
        boo = Permission.checkPermission(Permission.SUB, Permission.SUB);
        Assert.assertTrue(boo);

-        boo = Permission.checkPermission(Permission.ANY, Permission.ANY);
-        Assert.assertFalse(boo);
+        boo = Permission.checkPermission(Permission.PUB, (byte) (Permission.PUB|Permission.SUB));
+        Assert.assertTrue(boo);
+
+        boo = Permission.checkPermission(Permission.SUB, (byte) (Permission.PUB|Permission.SUB));
+        Assert.assertTrue(boo);
+
+        boo = Permission.checkPermission(Permission.ANY, (byte) (Permission.PUB|Permission.SUB));
+        Assert.assertTrue(boo);

        boo = Permission.checkPermission(Permission.ANY, Permission.SUB);
        Assert.assertTrue(boo);
@@ -108,7 +111,7 @@ public class PermissionTest {
        Assert.assertEquals(perm, Permission.DENY);

        perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupB"));
-        Assert.assertEquals(perm, Permission.ANY);
+        Assert.assertEquals(perm,Permission.PUB|Permission.SUB);

        perm = resourcePermMap.get(PlainAccessResource.getRetryTopic("groupC"));
        Assert.assertEquals(perm, Permission.PUB);
@@ -124,7 +127,7 @@ public class PermissionTest {
        Assert.assertEquals(perm, Permission.DENY);

        perm = resourcePermMap.get("topicB");
-        Assert.assertEquals(perm, Permission.ANY);
+        Assert.assertEquals(perm, Permission.PUB|Permission.SUB);

        perm = resourcePermMap.get("topicC");
        Assert.assertEquals(perm, Permission.PUB);

--- a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
@@ -108,14 +108,6 @@ public class PlainPermissionLoaderTest {
        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
        Assert.assertEquals(plainAccessResource.isAdmin(), true);

-        plainAccess.setDefaultGroupPerm("ANY");
-        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
-        Assert.assertEquals(plainAccessResource.getDefaultGroupPerm(), Permission.ANY);
-
-        plainAccess.setDefaultTopicPerm("ANY");
-        plainAccessResource = plainPermissionLoader.getPlainAccessResource(plainAccess);
-        Assert.assertEquals(plainAccessResource.getDefaultTopicPerm(), Permission.ANY);
-
        List<String> groups = new ArrayList<String>();
        groups.add("groupA=DENY");
        groups.add("groupB=PUB|SUB");
@@ -126,7 +118,7 @@ public class PlainPermissionLoaderTest {
        Assert.assertEquals(resourcePermMap.size(), 3);

        Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupA")).byteValue(), Permission.DENY);
-        Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupB")).byteValue(), Permission.ANY);
+        Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupB")).byteValue(), Permission.PUB|Permission.SUB);
        Assert.assertEquals(resourcePermMap.get(PlainAccessResource.getRetryTopic("groupC")).byteValue(), Permission.PUB);

        List<String> topics = new ArrayList<String>();
@@ -139,7 +131,7 @@ public class PlainPermissionLoaderTest {
        Assert.assertEquals(resourcePermMap.size(), 6);

        Assert.assertEquals(resourcePermMap.get("topicA").byteValue(), Permission.DENY);
-        Assert.assertEquals(resourcePermMap.get("topicB").byteValue(), Permission.ANY);
+        Assert.assertEquals(resourcePermMap.get("topicB").byteValue(), Permission.PUB|Permission.SUB);
        Assert.assertEquals(resourcePermMap.get("topicC").byteValue(), Permission.PUB);
    }


--- a/distribution/conf/tools.yml
+++ b/distribution/conf/tools.yml
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+
+accessKey: aliyun.com
+secretKey: 12345678
+    
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -37,6 +37,10 @@
            <groupId>${project.groupId}</groupId>
            <artifactId>rocketmq-client</artifactId>
        </dependency>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>rocketmq-acl</artifactId>
+        </dependency>
        <dependency>
            <groupId>${project.groupId}</groupId>
            <artifactId>rocketmq-store</artifactId>

--- a/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java
+++ b/tools/src/main/java/org/apache/rocketmq/tools/command/MQAdminStartup.java
@@ -19,17 +19,16 @@ package org.apache.rocketmq.tools.command;
 import ch.qos.logback.classic.LoggerContext;
 import ch.qos.logback.classic.joran.JoranConfigurator;
 import ch.qos.logback.core.joran.spi.JoranException;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
+import com.alibaba.fastjson.JSONObject;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.PosixParser;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.rocketmq.acl.common.AclClientRPCHook;
+import org.apache.rocketmq.acl.common.AclUtils;
+import org.apache.rocketmq.acl.common.SessionCredentials;
 import org.apache.rocketmq.common.MQVersion;
 import org.apache.rocketmq.common.MixAll;
 import org.apache.rocketmq.remoting.RPCHook;
@@ -79,7 +78,6 @@ import org.apache.rocketmq.tools.command.topic.UpdateOrderConfCommand;
 import org.apache.rocketmq.tools.command.topic.UpdateTopicPermSubCommand;
 import org.apache.rocketmq.tools.command.topic.UpdateTopicSubCommand;
 import org.slf4j.LoggerFactory;
-import org.yaml.snakeyaml.Yaml;

 public class MQAdminStartup {
    protected static List<SubCommand> subCommandList = new ArrayList<SubCommand>();
@@ -250,62 +248,22 @@ public class MQAdminStartup {

    public static RPCHook getAclRPCHook(CommandLine commandLine) {
        String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY, System.getenv(MixAll.ROCKETMQ_HOME_ENV));
-        File file = new File(fileHome + "/conf/tools.yml");
-        if (!file.exists()) {
-            System.out.printf("file %s is not exist \n", file.getPath());
+        String fileName = "/conf/tools.yml";
+        JSONObject yamlDataObject = AclUtils.getYamlDataObject(fileHome + fileName ,
+                JSONObject.class);
+
+        if (yamlDataObject == null || yamlDataObject.isEmpty()) {
+            System.out.printf(" Cannot find conf file %s, acl is not be enabled.%n" ,fileHome + fileName);
            return null;
        }
-        Yaml ymal = new Yaml();
-        FileInputStream fis = null;
-        Map<String, Map<String, Object>> map = null;
-        try {
-            fis = new FileInputStream(file);
-            map = ymal.loadAs(fis, Map.class);
-        } catch (Exception e) {
-            e.printStackTrace();
-        } finally {
-            if (fis != null) {
-                try {
-                    fis.close();
-                } catch (IOException e) {
-                    e.printStackTrace();
-                }
-            }
-        }
-        if (map == null || map.isEmpty()) {
-            System.out.printf("file %s is no data", file.getPath());
+        // admin ak sk
+        String accessKey = yamlDataObject.getString("accessKey");
+        String secretKey = yamlDataObject.getString("secretKey");
+
+        if (StringUtils.isBlank(accessKey) || StringUtils.isBlank(secretKey)) {
+            System.out.printf("AccessKey or secretKey is blank, the acl is not enabled.%n");
            return null;
        }
-
-        final Map<String, Map<String, Object>> newMap = map;
-        return new RPCHook() {
-
-            @Override
-            public void doBeforeRequest(String remoteAddr, RemotingCommand request) {
-                System.out.printf("remoteAddr is %s code %d \n", remoteAddr, request.getCode());
-                String fastRemoteAddr = null;
-                if (remoteAddr != null) {
-                    String[] ipAndPost = StringUtils.split(remoteAddr, ":");
-                    Integer fastPost = Integer.valueOf(ipAndPost[1]) + 2;
-                    fastRemoteAddr = ipAndPost[0] + ":" + fastPost.toString();
-                }
-                Map<String, Object> map;
-                if ((map = newMap.get(remoteAddr)) != null || (map = newMap.get(fastRemoteAddr)) != null || (map = newMap.get("all")) != null) {
-                    HashMap<String, String> ext = request.getExtFields();
-                    if (ext == null) {
-                        ext = new HashMap<>();
-                        request.setExtFields(ext);
-                    }
-                    ext.put("account", map.get("account").toString());
-                    ext.put("password", map.get("password").toString());
-                }
-
-            }
-
-            @Override
-            public void doAfterResponse(String remoteAddr, RemotingCommand request, RemotingCommand response) {
-            }
-        };
-
+        return new AclClientRPCHook(new SessionCredentials(accessKey,secretKey));
    }
 }