From 1e3c1841b093df912ce44a8acde7f4a5a0d00830 Mon Sep 17 00:00:00 2001 From: hujie Date: Wed, 10 Oct 2018 22:10:48 +0800 Subject: [PATCH] clear --- acl-plug/pom.xml | 5 + .../acl/plug/AccessContralAnalysis.java | 10 +- .../rocketmq/acl/plug/AclPlugController.java | 6 +- .../rocketmq/acl/plug/AclPlugServer.java | 21 --- .../rocketmq/acl/plug/AclRemotingServer.java | 4 +- .../apache/rocketmq/acl/plug/AclUtils.java | 7 + .../rocketmq/acl/plug/Authentication.java | 10 +- .../plug/DefaultAclRemotingServerImpl.java | 10 +- .../acl/plug/engine/AclPlugEngine.java | 3 +- ...enticationInfoManagementAclPlugEngine.java | 21 ++- .../plug/engine/LoginInfoAclPlugEngine.java | 3 +- .../acl/plug/engine/PlainAclPlugEngine.java | 12 +- .../acl/plug/entity/AccessControl.java | 27 +++- .../entity/LoginOrRequestAccessControl.java | 48 ------- .../AclPlugAccountAnalysisException.java | 31 ----- .../AclPlugAuthenticationException.java | 30 ----- .../acl/plug/exception/AclPlugException.java | 30 ----- .../plug/exception/AclPlugLoginException.java | 31 ----- .../plug/exception/AclPlugStartException.java | 30 ----- .../strategy/AbstractNetaddressStrategy.java | 30 ----- .../strategy/MultipleNetaddressStrategy.java | 39 ------ .../strategy/NetaddressStrategyFactory.java | 120 +++++++++++++++++- .../plug/strategy/NullNetaddressStrategy.java | 30 ----- .../plug/strategy/OneNetaddressStrategy.java | 35 ----- .../strategy/RangeNetaddressStrategy.java | 89 ------------- .../acl/plug/AccessContralAnalysisTest.java | 4 +- .../rocketmq/acl/plug/AuthenticationTest.java | 67 +++++----- .../plug/engine/PlainAclPlugEngineTest.java | 29 ++--- .../plug/strategy/NetaddressStrategyTest.java | 42 +++--- .../src/test/resources/conf/transport.yml | 26 ++-- .../rocketmq/broker/BrokerController.java | 5 +- pom.xml | 9 +- 32 files changed, 283 insertions(+), 581 deletions(-) delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugServer.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginOrRequestAccessControl.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAccountAnalysisException.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAuthenticationException.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugException.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugLoginException.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugStartException.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/AbstractNetaddressStrategy.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/MultipleNetaddressStrategy.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NullNetaddressStrategy.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/OneNetaddressStrategy.java delete mode 100644 acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/RangeNetaddressStrategy.java diff --git a/acl-plug/pom.xml b/acl-plug/pom.xml index 3ca98ec7..1cdc4a29 100644 --- a/acl-plug/pom.xml +++ b/acl-plug/pom.xml @@ -26,6 +26,11 @@ UTF-8 + + ${project.groupId} + rocketmq-remoting + + ${project.groupId} rocketmq-logging diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java index 62a25dc7..75c907d8 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AccessContralAnalysis.java @@ -23,7 +23,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; public class AccessContralAnalysis { @@ -42,7 +42,7 @@ public class AccessContralAnalysis { } } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugAccountAnalysisException(String.format("analysis on failure Class is %s", clazz.getName()), e); + throw new AclPlugRuntimeException(String.format("analysis on failure Class is %s", clazz.getName()), e); } } @@ -57,14 +57,14 @@ public class AccessContralAnalysis { continue; Integer code = fieldNameAndCode.get(field.getName().toLowerCase()); if (code == null) { - throw new AclPlugAccountAnalysisException(String.format("field nonexistent in code fieldName is %s", field.getName())); + throw new AclPlugRuntimeException(String.format("field nonexistent in code fieldName is %s", field.getName())); } field.setAccessible(true); codeAndField.put(code, field); } if (codeAndField.isEmpty()) { - throw new AclPlugAccountAnalysisException(String.format("AccessControl nonexistent code , name %s", accessControl.getClass().getName())); + throw new AclPlugRuntimeException(String.format("AccessControl nonexistent code , name %s", accessControl.getClass().getName())); } classTocodeAndMentod.put(clazz, codeAndField); } @@ -76,7 +76,7 @@ public class AccessContralAnalysis { authority.put(e.getKey(), (Boolean) e.getValue().get(accessControl)); } } catch (IllegalArgumentException | IllegalAccessException e) { - throw new AclPlugAccountAnalysisException(String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); + throw new AclPlugRuntimeException(String.format("analysis on failure AccessControl is %s", AccessControl.class.getName()), e); } return authority; } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java index d3781059..c32ec733 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugController.java @@ -19,7 +19,7 @@ package org.apache.rocketmq.acl.plug; import org.apache.rocketmq.acl.plug.engine.AclPlugEngine; import org.apache.rocketmq.acl.plug.engine.PlainAclPlugEngine; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; -import org.apache.rocketmq.acl.plug.exception.AclPlugStartException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; public class AclPlugController { @@ -31,14 +31,14 @@ public class AclPlugController { private boolean startSucceed = false; - public AclPlugController(ControllerParametersEntity controllerParametersEntity) throws AclPlugStartException { + public AclPlugController(ControllerParametersEntity controllerParametersEntity) throws AclPlugRuntimeException { try { this.controllerParametersEntity = controllerParametersEntity; aclPlugEngine = new PlainAclPlugEngine(controllerParametersEntity); aclRemotingServer = new DefaultAclRemotingServerImpl(aclPlugEngine); this.startSucceed = true; } catch (Exception e) { - throw new AclPlugStartException(String.format("Start the abnormal , Launch parameters is %s", this.controllerParametersEntity.toString()), e); + throw new AclPlugRuntimeException(String.format("Start the abnormal , Launch parameters is %s", this.controllerParametersEntity.toString()), e); } } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugServer.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugServer.java deleted file mode 100644 index c1bb8472..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclPlugServer.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug; - -public class AclPlugServer { - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingServer.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingServer.java index 4eeb2a54..30df3814 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingServer.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclRemotingServer.java @@ -16,11 +16,11 @@ */ package org.apache.rocketmq.acl.plug; +import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; public interface AclRemotingServer { - public AuthenticationResult eachCheck(LoginOrRequestAccessControl accessControl); + public AuthenticationResult eachCheck(AccessControl accessControl); } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java index 17a54412..df997b59 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/AclUtils.java @@ -17,9 +17,16 @@ package org.apache.rocketmq.acl.plug; import org.apache.commons.lang3.StringUtils; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; public class AclUtils { + public static void verify(String netaddress, int index) { + if (!AclUtils.isScope(netaddress, index)) { + throw new AclPlugRuntimeException(String.format("netaddress examine scope Exception netaddress is %s", netaddress)); + } + } + public static String[] getAddreeStrArray(String netaddress, String four) { String[] fourStrArray = StringUtils.split(four.substring(1, four.length() - 1), ","); String address = netaddress.substring(0, netaddress.indexOf("{")); diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java index 283466b5..901cc409 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/Authentication.java @@ -20,23 +20,21 @@ import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; public class Authentication { public boolean authentication(AuthenticationInfo authenticationInfo, - LoginOrRequestAccessControl loginOrRequestAccessControl, AuthenticationResult authenticationResult) { - int code = loginOrRequestAccessControl.getCode(); + AccessControl accessControl, AuthenticationResult authenticationResult) { + int code = accessControl.getCode(); if (!authenticationInfo.getAuthority().get(code)) { authenticationResult.setResultString(String.format("code is %d Authentication failed", code)); return false; } - AccessControl accessControl = authenticationInfo.getAccessControl(); - if (!(accessControl instanceof BorkerAccessControl)) { + if (!(authenticationInfo.getAccessControl() instanceof BorkerAccessControl)) { return true; } BorkerAccessControl borker = (BorkerAccessControl) authenticationInfo.getAccessControl(); - String topicName = loginOrRequestAccessControl.getTopic(); + String topicName = accessControl.getTopic(); if (code == 10 || code == 310 || code == 320) { if (borker.getPermitSendTopic().contains(topicName)) { return true; diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/DefaultAclRemotingServerImpl.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/DefaultAclRemotingServerImpl.java index 325ffab8..0e8be9f7 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/DefaultAclRemotingServerImpl.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/DefaultAclRemotingServerImpl.java @@ -17,10 +17,8 @@ package org.apache.rocketmq.acl.plug; import org.apache.rocketmq.acl.plug.engine.AclPlugEngine; +import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAuthenticationException; -import org.apache.rocketmq.acl.plug.exception.AclPlugLoginException; import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; public class DefaultAclRemotingServerImpl implements AclRemotingServer { @@ -32,16 +30,16 @@ public class DefaultAclRemotingServerImpl implements AclRemotingServer { } @Override - public AuthenticationResult eachCheck(LoginOrRequestAccessControl accessControl) { + public AuthenticationResult eachCheck(AccessControl accessControl) { AuthenticationResult authenticationResult = aclPlugEngine.eachCheckLoginAndAuthentication(accessControl); if (authenticationResult.getException() != null) { throw new AclPlugRuntimeException(String.format("eachCheck the inspection appear exception, accessControl data is %s", accessControl.toString()), authenticationResult.getException()); } if (authenticationResult.getAccessControl() == null) { - throw new AclPlugLoginException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessControl.toString())); + throw new AclPlugRuntimeException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessControl.toString())); } if (!authenticationResult.isSucceed()) { - throw new AclPlugAuthenticationException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessControl.toString())); + throw new AclPlugRuntimeException(String.format("%s accessControl data is %s", authenticationResult.getResultString(), accessControl.toString())); } return authenticationResult; } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java index 38766a75..687c4a01 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AclPlugEngine.java @@ -20,7 +20,6 @@ import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; import org.apache.rocketmq.acl.plug.entity.LoginInfo; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; public interface AclPlugEngine { @@ -30,5 +29,5 @@ public interface AclPlugEngine { public void deleteLoginInfo(String remoteAddr); - public AuthenticationResult eachCheckLoginAndAuthentication(LoginOrRequestAccessControl accessControl); + public AuthenticationResult eachCheckLoginAndAuthentication(AccessControl accessControl); } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java index 7346bc91..a6c73930 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/AuthenticationInfoManagementAclPlugEngine.java @@ -26,8 +26,7 @@ import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategy; import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; import org.apache.rocketmq.common.constant.LoggerName; @@ -49,9 +48,9 @@ public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPl accessContralAnalysis.analysisClass(controllerParametersEntity.getAccessContralAnalysisClass()); } - public void setAccessControl(AccessControl accessControl) throws AclPlugAccountAnalysisException { + public void setAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { if (accessControl.getAccount() == null || accessControl.getPassword() == null || accessControl.getAccount().length() <= 6 || accessControl.getPassword().length() <= 6) { - throw new AclPlugAccountAnalysisException(String.format("The account password cannot be null and is longer than 6, account is %s password is %s", accessControl.getAccount(), accessControl.getPassword())); + throw new AclPlugRuntimeException(String.format("The account password cannot be null and is longer than 6, account is %s password is %s", accessControl.getAccount(), accessControl.getPassword())); } try { NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); @@ -64,22 +63,22 @@ public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPl accessControlAddressMap.put(accessControl.getNetaddress(), authenticationInfo); log.info("authenticationInfo is {}", authenticationInfo.toString()); } catch (Exception e) { - throw new AclPlugAccountAnalysisException(accessControl.toString(), e); + throw new AclPlugRuntimeException(accessControl.toString(), e); } } - public void setAccessControlList(List accessControlList) throws AclPlugAccountAnalysisException { + public void setAccessControlList(List accessControlList) throws AclPlugRuntimeException { for (AccessControl accessControl : accessControlList) { setAccessControl(accessControl); } } - public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugAccountAnalysisException { + public void setNetaddressAccessControl(AccessControl accessControl) throws AclPlugRuntimeException { try { authenticationInfo = new AuthenticationInfo(accessContralAnalysis.analysis(accessControl), accessControl, netaddressStrategyFactory.getNetaddressStrategy(accessControl)); log.info("default authenticationInfo is {}", authenticationInfo.toString()); } catch (Exception e) { - throw new AclPlugAccountAnalysisException(accessControl.toString(), e); + throw new AclPlugRuntimeException(accessControl.toString(), e); } } @@ -106,7 +105,7 @@ public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPl } @Override - public AuthenticationResult eachCheckLoginAndAuthentication(LoginOrRequestAccessControl accessControl) { + public AuthenticationResult eachCheckLoginAndAuthentication(AccessControl accessControl) { AuthenticationResult authenticationResult = new AuthenticationResult(); try { AuthenticationInfo authenticationInfo = getAuthenticationInfo(accessControl, authenticationResult); @@ -122,7 +121,7 @@ public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPl void setBorkerAccessControlTransport(BorkerAccessControlTransport transport) { if (transport.getOnlyNetAddress() == null && (transport.getList() == null || transport.getList().size() == 0)) { - throw new AclPlugAccountAnalysisException("onlyNetAddress and list can't be all empty"); + throw new AclPlugRuntimeException("onlyNetAddress and list can't be all empty"); } if (transport.getOnlyNetAddress() != null) { @@ -135,6 +134,6 @@ public abstract class AuthenticationInfoManagementAclPlugEngine implements AclPl } } - protected abstract AuthenticationInfo getAuthenticationInfo(LoginOrRequestAccessControl accessControl, + protected abstract AuthenticationInfo getAuthenticationInfo(AccessControl accessControl, AuthenticationResult authenticationResult); } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java index b0ad2e0d..4ce9f6a4 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/LoginInfoAclPlugEngine.java @@ -23,7 +23,6 @@ import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; import org.apache.rocketmq.acl.plug.entity.LoginInfo; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; public abstract class LoginInfoAclPlugEngine extends AuthenticationInfoManagementAclPlugEngine { @@ -53,7 +52,7 @@ public abstract class LoginInfoAclPlugEngine extends AuthenticationInfoManagemen loginInfoMap.remove(remoteAddr); } - protected AuthenticationInfo getAuthenticationInfo(LoginOrRequestAccessControl accessControl, + protected AuthenticationInfo getAuthenticationInfo(AccessControl accessControl, AuthenticationResult authenticationResult) { LoginInfo loginInfo = getLoginInfo(accessControl); if (loginInfo != null && loginInfo.getAuthenticationInfo() != null) { diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java index 1d505eab..2917e723 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngine.java @@ -21,18 +21,18 @@ import java.io.FileInputStream; import java.io.IOException; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.yaml.snakeyaml.Yaml; public class PlainAclPlugEngine extends LoginInfoAclPlugEngine { public PlainAclPlugEngine( - ControllerParametersEntity controllerParametersEntity) throws AclPlugAccountAnalysisException { + ControllerParametersEntity controllerParametersEntity) throws AclPlugRuntimeException { super(controllerParametersEntity); init(); } - void init() throws AclPlugAccountAnalysisException { + void init() throws AclPlugRuntimeException { String filePath = controllerParametersEntity.getFileHome() + "/conf/transport.yml"; Yaml ymal = new Yaml(); FileInputStream fis = null; @@ -41,18 +41,18 @@ public class PlainAclPlugEngine extends LoginInfoAclPlugEngine { fis = new FileInputStream(new File(filePath)); transport = ymal.loadAs(fis, BorkerAccessControlTransport.class); } catch (Exception e) { - throw new AclPlugAccountAnalysisException("The transport.yml file for Plain mode was not found", e); + throw new AclPlugRuntimeException("The transport.yml file for Plain mode was not found", e); } finally { if (fis != null) { try { fis.close(); } catch (IOException e) { - throw new AclPlugAccountAnalysisException("close transport fileInputStream Exception", e); + throw new AclPlugRuntimeException("close transport fileInputStream Exception", e); } } } if (transport == null) { - throw new AclPlugAccountAnalysisException("transport.yml file is no data"); + throw new AclPlugRuntimeException("transport.yml file is no data"); } super.setBorkerAccessControlTransport(transport); } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java index acda9477..cf3a736a 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/AccessControl.java @@ -26,6 +26,10 @@ public class AccessControl { private String recognition; + private int code; + + private String topic; + public AccessControl() { } @@ -61,10 +65,29 @@ public class AccessControl { this.recognition = recognition; } + public int getCode() { + return code; + } + + public void setCode(int code) { + this.code = code; + } + + public String getTopic() { + return topic; + } + + public void setTopic(String topic) { + this.topic = topic; + } + @Override public String toString() { - return "AccessControl [account=" + account + ", password=" + password + ", netaddress=" + netaddress - + ", recognition=" + recognition + "]"; + StringBuilder builder = new StringBuilder(); + builder.append("AccessControl [account=").append(account).append(", password=").append(password) + .append(", netaddress=").append(netaddress).append(", recognition=").append(recognition) + .append(", code=").append(code).append(", topic=").append(topic).append("]"); + return builder.toString(); } } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginOrRequestAccessControl.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginOrRequestAccessControl.java deleted file mode 100644 index ca070e26..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/entity/LoginOrRequestAccessControl.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.entity; - -public class LoginOrRequestAccessControl extends AccessControl { - - private int code; - - private String topic; - - public int getCode() { - return code; - } - - public void setCode(int code) { - this.code = code; - } - - public String getTopic() { - return topic; - } - - public void setTopic(String topic) { - this.topic = topic; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("LoginOrRequestAccessControl [code=").append(code).append(", topic=").append(topic).append("]"); - return builder.toString(); - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAccountAnalysisException.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAccountAnalysisException.java deleted file mode 100644 index 145557fa..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAccountAnalysisException.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.exception; - -public class AclPlugAccountAnalysisException extends AclPlugRuntimeException { - - private static final long serialVersionUID = -7286948517911075176L; - - public AclPlugAccountAnalysisException(String message) { - super(message); - } - - public AclPlugAccountAnalysisException(String message, Throwable cause) { - super(message, cause); - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAuthenticationException.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAuthenticationException.java deleted file mode 100644 index 613b76e8..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugAuthenticationException.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.exception; - -public class AclPlugAuthenticationException extends AclPlugRuntimeException { - - private static final long serialVersionUID = 6365666045084521516L; - - public AclPlugAuthenticationException(String message) { - super(message); - } - - public AclPlugAuthenticationException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugException.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugException.java deleted file mode 100644 index 33ac9689..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugException.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.exception; - -public class AclPlugException extends Exception { - - private static final long serialVersionUID = 6843154847463800519L; - - public AclPlugException(String message) { - super(message); - } - - public AclPlugException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugLoginException.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugLoginException.java deleted file mode 100644 index 071d2ccc..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugLoginException.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.exception; - -public class AclPlugLoginException extends AclPlugRuntimeException { - - private static final long serialVersionUID = 4593661700080106122L; - - public AclPlugLoginException(String message) { - super(message); - } - - public AclPlugLoginException(String message, Throwable cause) { - super(message, cause); - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugStartException.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugStartException.java deleted file mode 100644 index eaef556c..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/exception/AclPlugStartException.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.exception; - -public class AclPlugStartException extends AclPlugException { - - private static final long serialVersionUID = 5118936374739373693L; - - public AclPlugStartException(String message) { - super(message); - } - - public AclPlugStartException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/AbstractNetaddressStrategy.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/AbstractNetaddressStrategy.java deleted file mode 100644 index 0947733e..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/AbstractNetaddressStrategy.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.rocketmq.acl.plug.AclUtils; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; - -public abstract class AbstractNetaddressStrategy implements NetaddressStrategy { - - public void verify(String netaddress, int index) { - if (!AclUtils.isScope(netaddress, index)) { - throw new AclPlugAccountAnalysisException(String.format("netaddress examine scope Exception netaddress is %s", netaddress)); - } - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/MultipleNetaddressStrategy.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/MultipleNetaddressStrategy.java deleted file mode 100644 index fd49cc86..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/MultipleNetaddressStrategy.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import java.util.HashSet; -import java.util.Set; -import org.apache.rocketmq.acl.plug.entity.AccessControl; - -public class MultipleNetaddressStrategy extends AbstractNetaddressStrategy { - - private final Set multipleSet = new HashSet<>(); - - public MultipleNetaddressStrategy(String[] strArray) { - for (String netaddress : strArray) { - verify(netaddress, 4); - multipleSet.add(netaddress); - } - } - - @Override - public boolean match(AccessControl accessControl) { - return multipleSet.contains(accessControl.getNetaddress()); - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java index 040d2cbf..cdb78675 100644 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java +++ b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyFactory.java @@ -16,23 +16,27 @@ */ package org.apache.rocketmq.acl.plug.strategy; +import java.util.HashSet; +import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.acl.plug.AclUtils; import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; public class NetaddressStrategyFactory { + public static final NullNetaddressStrategy NULL_NET_ADDRESS_STRATEGY = new NullNetaddressStrategy(); + public NetaddressStrategy getNetaddressStrategy(AccessControl accessControl) { String netaddress = accessControl.getNetaddress(); if (StringUtils.isBlank(netaddress) || "*".equals(netaddress)) { - return NullNetaddressStrategy.NULL_NET_ADDRESS_STRATEGY; + return NULL_NET_ADDRESS_STRATEGY; } if (netaddress.endsWith("}")) { String[] strArray = StringUtils.split(netaddress, "."); String four = strArray[3]; if (!four.startsWith("{")) { - throw new AclPlugAccountAnalysisException(String.format("MultipleNetaddressStrategy netaddress examine scope Exception netaddress", netaddress)); + throw new AclPlugRuntimeException(String.format("MultipleNetaddressStrategy netaddress examine scope Exception netaddress", netaddress)); } return new MultipleNetaddressStrategy(AclUtils.getAddreeStrArray(netaddress, four)); } else if (AclUtils.isColon(netaddress)) { @@ -43,4 +47,114 @@ public class NetaddressStrategyFactory { return new OneNetaddressStrategy(netaddress); } + + public static class NullNetaddressStrategy implements NetaddressStrategy { + @Override + public boolean match(AccessControl accessControl) { + return true; + } + + } + + public static class MultipleNetaddressStrategy implements NetaddressStrategy { + + private final Set multipleSet = new HashSet<>(); + + public MultipleNetaddressStrategy(String[] strArray) { + for (String netaddress : strArray) { + AclUtils.verify(netaddress, 4); + multipleSet.add(netaddress); + } + } + + @Override + public boolean match(AccessControl accessControl) { + return multipleSet.contains(accessControl.getNetaddress()); + } + + } + + public static class OneNetaddressStrategy implements NetaddressStrategy { + + private String netaddress; + + public OneNetaddressStrategy(String netaddress) { + this.netaddress = netaddress; + AclUtils.verify(netaddress, 4); + } + + @Override + public boolean match(AccessControl accessControl) { + return netaddress.equals(accessControl.getNetaddress()); + } + + } + + public static class RangeNetaddressStrategy implements NetaddressStrategy { + + private String head; + + private int start; + + private int end; + + private int index; + + public RangeNetaddressStrategy(String netaddress) { + String[] strArray = StringUtils.split(netaddress, "."); + if (analysis(strArray, 2) || analysis(strArray, 3)) { + AclUtils.verify(netaddress, index - 1); + StringBuffer sb = new StringBuffer().append(strArray[0].trim()).append(".").append(strArray[1].trim()).append("."); + if (index == 3) { + sb.append(strArray[2].trim()).append("."); + } + this.head = sb.toString(); + } + } + + private boolean analysis(String[] strArray, int index) { + String value = strArray[index].trim(); + this.index = index; + if ("*".equals(value)) { + setValue(0, 255); + } else if (AclUtils.isMinus(value)) { + if (value.indexOf("-") == 0) { + throw new AclPlugRuntimeException(String.format("RangeNetaddressStrategy netaddress examine scope Exception value %s ", value)); + + } + String[] valueArray = StringUtils.split(value, "-"); + this.start = Integer.valueOf(valueArray[0]); + this.end = Integer.valueOf(valueArray[1]); + if (!(AclUtils.isScope(end) && AclUtils.isScope(start) && start <= end)) { + throw new AclPlugRuntimeException(String.format("RangeNetaddressStrategy netaddress examine scope Exception start is %s , end is %s", start, end)); + } + } + return this.end > 0 ? true : false; + } + + private void setValue(int start, int end) { + this.start = start; + this.end = end; + } + + @Override + public boolean match(AccessControl accessControl) { + String netAddress = accessControl.getNetaddress(); + if (netAddress.startsWith(this.head)) { + String value; + if (index == 3) { + value = netAddress.substring(this.head.length()); + } else { + value = netAddress.substring(this.head.length(), netAddress.lastIndexOf('.')); + } + Integer address = Integer.valueOf(value); + if (address >= this.start && address <= this.end) { + return true; + } + } + return false; + } + + } + } diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NullNetaddressStrategy.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NullNetaddressStrategy.java deleted file mode 100644 index 476eaa15..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/NullNetaddressStrategy.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; - -public class NullNetaddressStrategy implements NetaddressStrategy { - - public static final NullNetaddressStrategy NULL_NET_ADDRESS_STRATEGY = new NullNetaddressStrategy(); - - @Override - public boolean match(AccessControl accessControl) { - return true; - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/OneNetaddressStrategy.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/OneNetaddressStrategy.java deleted file mode 100644 index 51f803fb..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/OneNetaddressStrategy.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.rocketmq.acl.plug.entity.AccessControl; - -public class OneNetaddressStrategy extends AbstractNetaddressStrategy { - - private String netaddress; - - public OneNetaddressStrategy(String netaddress) { - this.netaddress = netaddress; - verify(netaddress, 4); - } - - @Override - public boolean match(AccessControl accessControl) { - return netaddress.equals(accessControl.getNetaddress()); - } - -} diff --git a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/RangeNetaddressStrategy.java b/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/RangeNetaddressStrategy.java deleted file mode 100644 index 895822b2..00000000 --- a/acl-plug/src/main/java/org/apache/rocketmq/acl/plug/strategy/RangeNetaddressStrategy.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.rocketmq.acl.plug.strategy; - -import org.apache.commons.lang3.StringUtils; -import org.apache.rocketmq.acl.plug.AclUtils; -import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; - -public class RangeNetaddressStrategy extends AbstractNetaddressStrategy { - - private String head; - - private int start; - - private int end; - - private int index; - - public RangeNetaddressStrategy(String netaddress) { - String[] strArray = StringUtils.split(netaddress, "."); - if (analysis(strArray, 2) || analysis(strArray, 3)) { - verify(netaddress, index - 1); - StringBuffer sb = new StringBuffer().append(strArray[0].trim()).append(".").append(strArray[1].trim()).append("."); - if (index == 3) { - sb.append(strArray[2].trim()).append("."); - } - this.head = sb.toString(); - } - } - - private boolean analysis(String[] strArray, int index) { - String value = strArray[index].trim(); - this.index = index; - if ("*".equals(value)) { - setValue(0, 255); - } else if (AclUtils.isMinus(value)) { - if (value.indexOf("-") == 0) { - throw new AclPlugAccountAnalysisException(String.format("RangeNetaddressStrategy netaddress examine scope Exception value %s ", value)); - - } - String[] valueArray = StringUtils.split(value, "-"); - this.start = Integer.valueOf(valueArray[0]); - this.end = Integer.valueOf(valueArray[1]); - if (!(AclUtils.isScope(end) && AclUtils.isScope(start) && start <= end)) { - throw new AclPlugAccountAnalysisException(String.format("RangeNetaddressStrategy netaddress examine scope Exception start is %s , end is %s", start, end)); - } - } - return this.end > 0 ? true : false; - } - - private void setValue(int start, int end) { - this.start = start; - this.end = end; - } - - @Override - public boolean match(AccessControl accessControl) { - String netAddress = accessControl.getNetaddress(); - if (netAddress.startsWith(this.head)) { - String value; - if (index == 3) { - value = netAddress.substring(this.head.length()); - } else { - value = netAddress.substring(this.head.length(), netAddress.lastIndexOf('.')); - } - Integer address = Integer.valueOf(value); - if (address >= this.start && address <= this.end) { - return true; - } - } - return false; - } - -} diff --git a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java index c269cc4d..b7896b13 100644 --- a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java +++ b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AccessContralAnalysisTest.java @@ -21,7 +21,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.apache.rocketmq.common.protocol.RequestCode; import org.junit.Assert; import org.junit.Before; @@ -54,7 +54,7 @@ public class AccessContralAnalysisTest { Assert.assertEquals(num, 1); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void analysisExceptionTest() { AccessControl accessControl = new AccessControl(); accessContralAnalysis.analysis(accessControl); diff --git a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java index 18669fe9..6e5d1444 100644 --- a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java +++ b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/AuthenticationTest.java @@ -19,11 +19,11 @@ package org.apache.rocketmq.acl.plug; import java.util.HashSet; import java.util.Map; import java.util.Set; +import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.AuthenticationInfo; import org.apache.rocketmq.acl.plug.entity.AuthenticationResult; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; -import org.apache.rocketmq.acl.plug.strategy.OneNetaddressStrategy; +import org.apache.rocketmq.acl.plug.strategy.NetaddressStrategyFactory; import org.apache.rocketmq.common.protocol.RequestCode; import org.junit.Assert; import org.junit.Before; @@ -38,11 +38,10 @@ public class AuthenticationTest { BorkerAccessControl borkerAccessControl; AuthenticationResult authenticationResult = new AuthenticationResult(); - LoginOrRequestAccessControl loginOrRequestAccessControl = new LoginOrRequestAccessControl(); + AccessControl accessControl = new AccessControl(); @Before public void init() { - OneNetaddressStrategy netaddressStrategy = new OneNetaddressStrategy("127.0.0.1"); borkerAccessControl = new BorkerAccessControl(); //321 borkerAccessControl.setQueryConsumeQueue(false); @@ -67,75 +66,75 @@ public class AuthenticationTest { accessContralAnalysis.analysisClass(RequestCode.class); Map map = accessContralAnalysis.analysis(borkerAccessControl); - authenticationInfo = new AuthenticationInfo(map, borkerAccessControl, netaddressStrategy); + authenticationInfo = new AuthenticationInfo(map, borkerAccessControl, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); } @Test public void authenticationTest() { - loginOrRequestAccessControl.setCode(317); + accessControl.setCode(317); - boolean isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setCode(321); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(321); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); - loginOrRequestAccessControl.setCode(10); - loginOrRequestAccessControl.setTopic("permitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(10); + accessControl.setTopic("permitSendTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setCode(310); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(310); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setCode(320); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(320); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setTopic("noPermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setTopic("noPermitSendTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); - loginOrRequestAccessControl.setTopic("nopermitSendTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setTopic("nopermitSendTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); - loginOrRequestAccessControl.setCode(11); - loginOrRequestAccessControl.setTopic("permitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(11); + accessControl.setTopic("permitPullTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setTopic("noPermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setTopic("noPermitPullTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); - loginOrRequestAccessControl.setTopic("nopermitPullTopic"); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setTopic("nopermitPullTopic"); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); } @Test public void isEmptyTest() { - loginOrRequestAccessControl.setCode(10); - loginOrRequestAccessControl.setTopic("absentTopic"); - boolean isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(10); + accessControl.setTopic("absentTopic"); + boolean isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); Set permitSendTopic = new HashSet<>(); borkerAccessControl.setPermitSendTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); - loginOrRequestAccessControl.setCode(11); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + accessControl.setCode(11); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertFalse(isReturn); borkerAccessControl.setPermitPullTopic(permitSendTopic); - isReturn = authentication.authentication(authenticationInfo, loginOrRequestAccessControl, authenticationResult); + isReturn = authentication.authentication(authenticationInfo, accessControl, authenticationResult); Assert.assertTrue(isReturn); } diff --git a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java index 982bb527..45755a0e 100644 --- a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java +++ b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/engine/PlainAclPlugEngineTest.java @@ -30,8 +30,7 @@ import org.apache.rocketmq.acl.plug.entity.BorkerAccessControl; import org.apache.rocketmq.acl.plug.entity.BorkerAccessControlTransport; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; import org.apache.rocketmq.acl.plug.entity.LoginInfo; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.apache.rocketmq.common.MixAll; import org.junit.Assert; import org.junit.Before; @@ -83,31 +82,31 @@ public class PlainAclPlugEngineTest { } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void accountNullTest() { accessControl.setAccount(null); plainAclPlugEngine.setAccessControl(accessControl); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void accountThanTest() { accessControl.setAccount("123"); plainAclPlugEngine.setAccessControl(accessControl); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void passWordtNullTest() { accessControl.setAccount(null); plainAclPlugEngine.setAccessControl(accessControl); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void passWordThanTest() { accessControl.setAccount("123"); plainAclPlugEngine.setAccessControl(accessControl); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void testPlainAclPlugEngineInit() { ControllerParametersEntity controllerParametersEntity = new ControllerParametersEntity(); new PlainAclPlugEngine(controllerParametersEntity); @@ -186,7 +185,7 @@ public class PlainAclPlugEngineTest { } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void borkerAccessControlTransportTestNull() { plainAclPlugEngine.setBorkerAccessControlTransport(new BorkerAccessControlTransport()); } @@ -241,18 +240,18 @@ public class PlainAclPlugEngineTest { @Test public void getAuthenticationInfo() { - LoginOrRequestAccessControl loginOrRequestAccessControl = new LoginOrRequestAccessControl(); - loginOrRequestAccessControl.setAccount("rokcetmq"); - loginOrRequestAccessControl.setPassword("aliyun11"); - loginOrRequestAccessControl.setNetaddress("127.0.0.1"); - loginOrRequestAccessControl.setRecognition("127.0.0.1:1"); + AccessControl AccessControl = new AccessControl(); + AccessControl.setAccount("rokcetmq"); + AccessControl.setPassword("aliyun11"); + AccessControl.setNetaddress("127.0.0.1"); + AccessControl.setRecognition("127.0.0.1:1"); AuthenticationResult authenticationResult = new AuthenticationResult(); - plainAclPlugEngine.getAuthenticationInfo(loginOrRequestAccessControl, authenticationResult); + plainAclPlugEngine.getAuthenticationInfo(AccessControl, authenticationResult); Assert.assertEquals("Login information does not exist, Please check login, password, IP", authenticationResult.getResultString()); plainAclPlugEngine.setAccessControl(accessControl); - AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAuthenticationInfo(loginOrRequestAccessControl, authenticationResult); + AuthenticationInfo authenticationInfo = plainAclPlugEngine.getAuthenticationInfo(AccessControl, authenticationResult); Assert.assertNotNull(authenticationInfo); } diff --git a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java index f670b31e..3f21b678 100644 --- a/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java +++ b/acl-plug/src/test/java/org/apache/rocketmq/acl/plug/strategy/NetaddressStrategyTest.java @@ -17,7 +17,7 @@ package org.apache.rocketmq.acl.plug.strategy; import org.apache.rocketmq.acl.plug.entity.AccessControl; -import org.apache.rocketmq.acl.plug.exception.AclPlugAccountAnalysisException; +import org.apache.rocketmq.acl.plug.exception.AclPlugRuntimeException; import org.junit.Assert; import org.junit.Test; @@ -29,53 +29,57 @@ public class NetaddressStrategyTest { public void NetaddressStrategyFactoryTest() { AccessControl accessControl = new AccessControl(); NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy, NullNetaddressStrategy.NULL_NET_ADDRESS_STRATEGY); + Assert.assertEquals(netaddressStrategy, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); accessControl.setNetaddress("*"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy, NullNetaddressStrategy.NULL_NET_ADDRESS_STRATEGY); + Assert.assertEquals(netaddressStrategy, NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY); accessControl.setNetaddress("127.0.0.1"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), OneNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.OneNetaddressStrategy.class); accessControl.setNetaddress("127.0.0.1,127.0.0.2,127.0.0.3"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), MultipleNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.MultipleNetaddressStrategy.class); accessControl.setNetaddress("127.0.0.{1,2,3}"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), MultipleNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.MultipleNetaddressStrategy.class); accessControl.setNetaddress("127.0.0.1-200"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), RangeNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.RangeNetaddressStrategy.class); accessControl.setNetaddress("127.0.0.*"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), RangeNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.RangeNetaddressStrategy.class); accessControl.setNetaddress("127.0.1-20.*"); netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); - Assert.assertEquals(netaddressStrategy.getClass(), RangeNetaddressStrategy.class); + Assert.assertEquals(netaddressStrategy.getClass(), NetaddressStrategyFactory.RangeNetaddressStrategy.class); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void verifyTest() { - new OneNetaddressStrategy("127.0.0.1"); - - new OneNetaddressStrategy("256.0.0.1"); + AccessControl accessControl = new AccessControl(); + accessControl.setNetaddress("127.0.0.1"); + netaddressStrategyFactory.getNetaddressStrategy(accessControl); + accessControl.setNetaddress("256.0.0.1"); + netaddressStrategyFactory.getNetaddressStrategy(accessControl); } @Test public void nullNetaddressStrategyTest() { - boolean isMatch = NullNetaddressStrategy.NULL_NET_ADDRESS_STRATEGY.match(new AccessControl()); + boolean isMatch = NetaddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY.match(new AccessControl()); Assert.assertTrue(isMatch); } public void oneNetaddressStrategyTest() { - OneNetaddressStrategy netaddressStrategy = new OneNetaddressStrategy("127.0.0.1"); AccessControl accessControl = new AccessControl(); + accessControl.setNetaddress("127.0.0.1"); + NetaddressStrategy netaddressStrategy = netaddressStrategyFactory.getNetaddressStrategy(accessControl); + accessControl.setNetaddress(""); boolean match = netaddressStrategy.match(accessControl); Assert.assertFalse(match); @@ -101,7 +105,7 @@ public class NetaddressStrategyTest { } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void multipleNetaddressStrategyExceptionTest() { AccessControl accessControl = new AccessControl(); accessControl.setNetaddress("127.0.0.1,2,3}"); @@ -174,17 +178,17 @@ public class NetaddressStrategyTest { } } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void rangeNetaddressStrategyExceptionStartGreaterEndTest() { rangeNetaddressStrategyExceptionTest("127.0.0.2-1"); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void rangeNetaddressStrategyExceptionScopeTest() { rangeNetaddressStrategyExceptionTest("127.0.0.-1-200"); } - @Test(expected = AclPlugAccountAnalysisException.class) + @Test(expected = AclPlugRuntimeException.class) public void rangeNetaddressStrategyExceptionScopeTwoTest() { rangeNetaddressStrategyExceptionTest("127.0.0.0-256"); } diff --git a/acl-plug/src/test/resources/conf/transport.yml b/acl-plug/src/test/resources/conf/transport.yml index 25d4902a..99d26fd8 100644 --- a/acl-plug/src/test/resources/conf/transport.yml +++ b/acl-plug/src/test/resources/conf/transport.yml @@ -16,19 +16,19 @@ onlyNetAddress: netaddress: 10.10.103.* noPermitPullTopic: - - broker-a + - broker-a list: - - account: RocketMQ - password: 1234567 - netaddress: 192.0.0.* - permitSendTopic: - - test1 - - test2 - - account: RocketMQ - password: 1234567 - netaddress: 192.0.2.1 - permitSendTopic: - - test3 - - test4 +- account: RocketMQ + password: 1234567 + netaddress: 192.0.0.* + permitSendTopic: + - test1 + - test2 +- account: RocketMQ + password: 1234567 + netaddress: 192.0.2.1 + permitSendTopic: + - test3 + - test4 \ No newline at end of file diff --git a/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java b/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java index 4f3b736f..5c8fe236 100644 --- a/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java +++ b/broker/src/main/java/org/apache/rocketmq/broker/BrokerController.java @@ -32,11 +32,12 @@ import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; + import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.acl.plug.AclPlugController; import org.apache.rocketmq.acl.plug.AclRemotingServer; +import org.apache.rocketmq.acl.plug.entity.AccessControl; import org.apache.rocketmq.acl.plug.entity.ControllerParametersEntity; -import org.apache.rocketmq.acl.plug.entity.LoginOrRequestAccessControl; import org.apache.rocketmq.broker.client.ClientHousekeepingService; import org.apache.rocketmq.broker.client.ConsumerIdsChangeListener; import org.apache.rocketmq.broker.client.ConsumerManager; @@ -515,7 +516,7 @@ public class BrokerController { @Override public void doBeforeRequest(String remoteAddr, RemotingCommand request) { HashMap extFields = request.getExtFields(); - LoginOrRequestAccessControl accessControl = new LoginOrRequestAccessControl(); + AccessControl accessControl = new AccessControl(); accessControl.setCode(request.getCode()); accessControl.setRecognition(remoteAddr); if (extFields != null) { diff --git a/pom.xml b/pom.xml index ed2c3d90..1c2c7146 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,8 @@ limitations under the License. --> - + org.apache @@ -158,7 +159,7 @@ - + true @@ -215,9 +216,9 @@ generate-effective-dependencies-pom generate-resources - + ${project.build.directory}/effective-pom/effective-dependencies.xml -- GitLab