This is an automated email from the ASF dual-hosted git repository.
dongeforever pushed a commit to branch feature_acl
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/feature_acl by this push:
new e3d38d7 Rename and polish permission loader
e3d38d7 is described below
commit e3d38d7c3fa71d100fabc7fc3d34a11609ce3f5e
Author: dongeforever <[email protected]>
AuthorDate: Wed Dec 12 11:36:40 2018 +0800
Rename and polish permission loader
---
.../org/apache/rocketmq/acl/common/Permission.java | 18 +-
.../rocketmq/acl/plain/PlainAccessResource.java | 17 ++
.../rocketmq/acl/plain/PlainAccessValidator.java | 2 +-
.../rocketmq/acl/plain/PlainPermissionLoader.java | 198 +++++++++++----------
.../acl/plain/RemoteAddressStrategyFactory.java | 33 ++--
.../apache/rocketmq/acl/common/PermissionTest.java | 28 +--
.../acl/plain/PlainPermissionLoaderTest.java | 20 +--
.../acl/plain/RemoteAddressStrategyTest.java | 36 ++--
acl/src/test/resources/conf/transport.yml | 4 +-
.../java/org/apache/rocketmq/common/UtilAll.java | 12 ++
10 files changed, 201 insertions(+), 167 deletions(-)
diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
index b5e9be2..2fa38b1 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
@@ -55,7 +55,7 @@ public class Permission {
return (neededPerm & ownedPerm) > 0;
}
- public static byte fromStringGetPermission(String permString) {
+ public static byte parsePermFromString(String permString) {
if (permString == null) {
return Permission.DENY;
}
@@ -77,21 +77,21 @@ public class Permission {
}
}
- public static void setTopicPerm(PlainAccessResource plainAccessResource,
Boolean isTopic, List<String> topicArray) {
- if (topicArray == null || topicArray.isEmpty()) {
+ public static void parseResourcePerms(PlainAccessResource
plainAccessResource, Boolean isTopic, List<String> resources) {
+ if (resources == null || resources.isEmpty()) {
return;
}
- for (String topic : topicArray) {
- String[] topicPrem = StringUtils.split(topic, "=");
- if (topicPrem.length == 2) {
- plainAccessResource.addResourceAndPerm(isTopic ? topicPrem[0]
: PlainAccessResource.getRetryTopic(topicPrem[0]),
fromStringGetPermission(topicPrem[1]));
+ for (String resource : resources) {
+ String[] items = StringUtils.split(resource, "=");
+ if (items.length == 2) {
+ plainAccessResource.addResourceAndPerm(isTopic ?
items[0].trim() : PlainAccessResource.getRetryTopic(items[0].trim()),
parsePermFromString(items[1].trim()));
} else {
- throw new AclException(String.format("%s Permission config
erron %s", isTopic ? "topic" : "group", topic));
+ throw new AclException(String.format("Parse resource
permission failed for %s:%s", isTopic ? "topic" : "group", resource));
}
}
}
- public static boolean checkAdminCode(Integer code) {
+ public static boolean needAdminPerm(Integer code) {
return ADMIN_CODE.contains(code);
}
}
diff --git
a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
index 0b2f417..932a7a9 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessResource.java
@@ -59,6 +59,23 @@ public class PlainAccessResource implements AccessResource {
return null != topic &&
topic.startsWith(MixAll.RETRY_GROUP_TOPIC_PREFIX);
}
+ public static String printStr(String resource, boolean isGroup) {
+ if (resource == null) {
+ return null;
+ }
+ if (isGroup) {
+ return String.format("%s:%s", "group",
getGroupFromRetryTopic(resource));
+ } else {
+ return String.format("%s:%s", "topic", resource);
+ }
+ }
+
+ public static String getGroupFromRetryTopic(String retryTopic) {
+ if (retryTopic == null) {
+ return null;
+ }
+ return retryTopic.substring(MixAll.RETRY_GROUP_TOPIC_PREFIX.length());
+ }
public static String getRetryTopic(String group) {
if (group == null) {
return null;
diff --git
a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
index 8a80757..d715098 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainAccessValidator.java
@@ -120,7 +120,7 @@ public class PlainAccessValidator implements
AccessValidator {
@Override
public void validate(AccessResource accessResource) {
- aclPlugEngine.eachCheckPlainAccessResource((PlainAccessResource)
accessResource);
+ aclPlugEngine.validate((PlainAccessResource) accessResource);
}
}
diff --git
a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
index 469c161..36f6522 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionLoader.java
@@ -28,16 +28,15 @@ import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.util.ArrayList;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.acl.common.AclException;
import org.apache.rocketmq.acl.common.AclUtils;
import org.apache.rocketmq.acl.common.Permission;
import org.apache.rocketmq.common.MixAll;
import org.apache.rocketmq.common.ServiceThread;
+import org.apache.rocketmq.common.UtilAll;
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
@@ -46,13 +45,14 @@ public class PlainPermissionLoader {
private static final InternalLogger log =
InternalLoggerFactory.getLogger(LoggerName.ACL_PLUG_LOGGER_NAME);
+
private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
System.getenv(MixAll.ROCKETMQ_HOME_ENV));
- private String fileName =
System.getProperty("romcketmq.acl.plain.fileName", "/conf/transport.yml");
+ //TODO rename transport to plain_acl.yml
+ private String fileName = System.getProperty("rocketmq.acl.plain.file",
"/conf/transport.yml");
- private Map<String/** account **/
- , List<PlainAccessResource>> plainAccessResourceMap = new HashMap<>();
+ private Map<String/** AccessKey **/, PlainAccessResource>
plainAccessResourceMap = new HashMap<>();
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new
ArrayList<>();
@@ -61,6 +61,7 @@ public class PlainPermissionLoader {
private boolean isWatchStart;
public PlainPermissionLoader() {
+ //TODO test what will happen if initialize failed
initialize();
watch();
}
@@ -76,25 +77,24 @@ public class PlainPermissionLoader {
JSONArray globalWhiteRemoteAddressesList =
accessControlTransport.getJSONArray("globalWhiteRemoteAddresses");
if (globalWhiteRemoteAddressesList != null &&
!globalWhiteRemoteAddressesList.isEmpty()) {
for (int i = 0; i < globalWhiteRemoteAddressesList.size(); i++) {
- setGlobalWhite(globalWhiteRemoteAddressesList.getString(i));
+
addGlobalWhiteRemoteAddress(globalWhiteRemoteAddressesList.getString(i));
}
}
JSONArray accounts = accessControlTransport.getJSONArray("accounts");
- List<PlainAccess> plainAccessList =
accounts.toJavaList(PlainAccess.class);
+ List<PlainAccessConfig> plainAccessList =
accounts.toJavaList(PlainAccessConfig.class);
if (plainAccessList != null && !plainAccessList.isEmpty()) {
- for (PlainAccess plainAccess : plainAccessList) {
-
this.setPlainAccessResource(getPlainAccessResource(plainAccess));
+ for (PlainAccessConfig plainAccess : plainAccessList) {
+
this.addPlainAccessResource(getPlainAccessResource(plainAccess));
}
}
}
private void watch() {
String version = System.getProperty("java.version");
- log.info("java.version is : {}", version);
String[] str = StringUtils.split(version, ".");
if (Integer.valueOf(str[1]) < 7) {
- log.warn("wacth need jdk 1.7 support , current version no
support");
+ log.warn("Watch need jdk equal or greater than 1.7, current
version is {}", str[1]);
return;
}
try {
@@ -106,41 +106,41 @@ public class PlainPermissionLoader {
public void run() {
while (true) {
try {
- while (true) {
- WatchKey watchKey = watcher.take();
- List<WatchEvent<?>> watchEvents =
watchKey.pollEvents();
- for (WatchEvent<?> event : watchEvents) {
- if
("transport.yml".equals(event.context().toString())
- &&
(StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind())
- ||
StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) {
- log.info("transprot.yml make a
difference change is : ", event.toString());
-
PlainPermissionLoader.this.cleanAuthenticationInfo();
- initialize();
- }
+ WatchKey watchKey = watcher.take();
+ List<WatchEvent<?>> watchEvents =
watchKey.pollEvents();
+ for (WatchEvent<?> event : watchEvents) {
+ //TODO use variable instead of raw text
+ if
("transport.yml".equals(event.context().toString())
+ &&
(StandardWatchEventKinds.ENTRY_MODIFY.equals(event.kind())
+ ||
StandardWatchEventKinds.ENTRY_CREATE.equals(event.kind()))) {
+ log.info("transprot.yml make a difference
change is : ", event.toString());
+
PlainPermissionLoader.this.clearPermissionInfo();
+ initialize();
}
- watchKey.reset();
}
+ watchKey.reset();
} catch (InterruptedException e) {
log.error(e.getMessage(), e);
+ UtilAll.sleep(3000);
+
}
}
}
-
@Override
public String getServiceName() {
- return "watcherServcie";
+ return "AclWatcherService";
}
};
watcherServcie.start();
- log.info("succeed start watcherServcie");
+ log.info("Succeed to start AclWatcherService");
this.isWatchStart = true;
} catch (IOException e) {
- log.error(e.getMessage(), e);
+ log.error("Failed to start AclWatcherService", e);
}
}
- PlainAccessResource getPlainAccessResource(PlainAccess plainAccess) {
+ PlainAccessResource getPlainAccessResource(PlainAccessConfig plainAccess) {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setAccessKey(plainAccess.getAccessKey());
plainAccessResource.setSecretKey(plainAccess.getSecretKey());
@@ -148,110 +148,114 @@ public class PlainPermissionLoader {
plainAccessResource.setAdmin(plainAccess.isAdmin());
-
plainAccessResource.setDefaultGroupPerm(Permission.fromStringGetPermission(plainAccess.getDefaultGroupPerm()));
-
plainAccessResource.setDefaultTopicPerm(Permission.fromStringGetPermission(plainAccess.getDefaultTopicPerm()));
+
plainAccessResource.setDefaultGroupPerm(Permission.parsePermFromString(plainAccess.getDefaultGroupPerm()));
+
plainAccessResource.setDefaultTopicPerm(Permission.parsePermFromString(plainAccess.getDefaultTopicPerm()));
- Permission.setTopicPerm(plainAccessResource, false,
plainAccess.getGroups());
- Permission.setTopicPerm(plainAccessResource, true,
plainAccess.getTopics());
+ Permission.parseResourcePerms(plainAccessResource, false,
plainAccess.getGroupPerms());
+ Permission.parseResourcePerms(plainAccessResource, true,
plainAccess.getTopicPerms());
return plainAccessResource;
}
- void checkPerm(PlainAccessResource needCheckplainAccessResource,
PlainAccessResource plainAccessResource) {
- if (!plainAccessResource.isAdmin() &&
Permission.checkAdminCode(needCheckplainAccessResource.getRequestCode())) {
- throw new AclException(String.format("accessKey is %s
remoteAddress is %s , is not admin Premission . RequestCode is %d",
plainAccessResource.getAccessKey(),
plainAccessResource.getWhiteRemoteAddress(),
needCheckplainAccessResource.getRequestCode()));
+ void checkPerm(PlainAccessResource needCheckedAccess, PlainAccessResource
ownedAccess) {
+ if (Permission.needAdminPerm(needCheckedAccess.getRequestCode()) &&
!ownedAccess.isAdmin()) {
+ throw new AclException(String.format("Need admin permission for
request code=%d, but accessKey=%s is not", needCheckedAccess.getRequestCode(),
ownedAccess.getAccessKey()));
}
- Map<String, Byte> needCheckTopicAndGourpPerm =
needCheckplainAccessResource.getResourcePermMap();
- Map<String, Byte> topicAndGourpPerm =
plainAccessResource.getResourcePermMap();
-
- Iterator<Entry<String, Byte>> it =
topicAndGourpPerm.entrySet().iterator();
- Byte perm;
- while (it.hasNext()) {
- Entry<String, Byte> e = it.next();
- if ((perm = needCheckTopicAndGourpPerm.get(e.getKey())) != null &&
Permission.checkPermission(perm, e.getValue())) {
+ Map<String, Byte> needCheckedPermMap =
needCheckedAccess.getResourcePermMap();
+ Map<String, Byte> ownedPermMap = ownedAccess.getResourcePermMap();
+
+ for (Map.Entry<String, Byte> needCheckedEntry :
needCheckedPermMap.entrySet()) {
+ String resource = needCheckedEntry.getKey();
+ Byte neededPerm = needCheckedEntry.getValue();
+ boolean isGroup = PlainAccessResource.isRetryTopic(resource);
+
+ if (!ownedPermMap.containsKey(resource)) {
+ //Check the default perm
+ byte ownedPerm = isGroup ?
needCheckedAccess.getDefaultGroupPerm() :
+ needCheckedAccess.getDefaultTopicPerm();
+ if (!Permission.checkPermission(neededPerm, ownedPerm)) {
+ throw new AclException(String.format("No default
permission for %s", PlainAccessResource.printStr(resource, isGroup)));
+ }
continue;
}
- byte neededPerm = PlainAccessResource.isRetryTopic(e.getKey()) ?
needCheckplainAccessResource.getDefaultGroupPerm() :
- needCheckplainAccessResource.getDefaultTopicPerm();
- if (!Permission.checkPermission(neededPerm, e.getValue())) {
- throw new AclException(String.format("", e.toString()));
+ if (!Permission.checkPermission(neededPerm,
ownedPermMap.get(resource))) {
+ throw new AclException(String.format("No default permission
for %s", PlainAccessResource.printStr(resource, isGroup)));
}
}
}
- void cleanAuthenticationInfo() {
+ void clearPermissionInfo() {
this.plainAccessResourceMap.clear();
this.globalWhiteRemoteAddressStrategy.clear();
}
- public void setPlainAccessResource(PlainAccessResource
plainAccessResource) throws AclException {
- if (plainAccessResource.getAccessKey() == null ||
plainAccessResource.getSecretKey() == null
+ public void addPlainAccessResource(PlainAccessResource
plainAccessResource) throws AclException {
+ if (plainAccessResource.getAccessKey() == null
+ || plainAccessResource.getSecretKey() == null
|| plainAccessResource.getAccessKey().length() <= 6
|| plainAccessResource.getSecretKey().length() <= 6) {
throw new AclException(String.format(
- "The account password cannot be null and is longer than 6,
account is %s password is %s",
+ "The accessKey=%s and secretKey=%s cannot be null and length
should longer than 6",
plainAccessResource.getAccessKey(),
plainAccessResource.getSecretKey()));
}
try {
RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory
- .getNetaddressStrategy(plainAccessResource);
- List<PlainAccessResource> accessControlAddressList =
plainAccessResourceMap.get(plainAccessResource.getAccessKey());
- if (accessControlAddressList == null) {
- accessControlAddressList = new ArrayList<>();
- plainAccessResourceMap.put(plainAccessResource.getAccessKey(),
accessControlAddressList);
- }
+ .getRemoteAddressStrategy(plainAccessResource);
plainAccessResource.setRemoteAddressStrategy(remoteAddressStrategy);
- accessControlAddressList.add(plainAccessResource);
- log.info("authenticationInfo is {}",
plainAccessResource.toString());
+ if
(plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) {
+ log.warn("Duplicate acl config for {}, the newly one may
overwrite the old", plainAccessResource.getAccessKey());
+ }
+ plainAccessResourceMap.put(plainAccessResource.getAccessKey(),
plainAccessResource);
} catch (Exception e) {
- throw new AclException(
- String.format("Exception info %s %s", e.getMessage(),
plainAccessResource.toString()), e);
+ throw new AclException(String.format("Load plain access resource
failed %s %s", e.getMessage(), plainAccessResource.toString()), e);
}
}
- private void setGlobalWhite(String remoteAddresses) {
-
globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getNetaddressStrategy(remoteAddresses));
+ private void addGlobalWhiteRemoteAddress(String remoteAddresses) {
+
globalWhiteRemoteAddressStrategy.add(remoteAddressStrategyFactory.getRemoteAddressStrategy(remoteAddresses));
}
- public void eachCheckPlainAccessResource(PlainAccessResource
plainAccessResource) {
+ public void validate(PlainAccessResource plainAccessResource) {
- List<PlainAccessResource> plainAccessResourceAddressList =
plainAccessResourceMap.get(plainAccessResource.getAccessKey());
- boolean isDistinguishAccessKey = false;
- if (plainAccessResourceAddressList != null) {
- for (PlainAccessResource plainAccess :
plainAccessResourceAddressList) {
- if
(!plainAccess.getRemoteAddressStrategy().match(plainAccessResource)) {
- isDistinguishAccessKey = true;
- continue;
- }
- String signature =
AclUtils.calSignature(plainAccessResource.getContent(),
plainAccess.getSecretKey());
- if (signature.equals(plainAccessResource.getSignature())) {
- checkPerm(plainAccess, plainAccessResource);
- return;
- } else {
- throw new AclException(String.format("signature is erron.
erron accessKe is %s , erron reomiteAddress %s", plainAccess.getAccessKey(),
plainAccessResource.getWhiteRemoteAddress()));
- }
+ //Step 1, check the global white remote addr
+ if (plainAccessResource.getAccessKey() == null) {
+ if (globalWhiteRemoteAddressStrategy.isEmpty()) {
+ throw new AclException(String.format("No accessKey is
configured and no global white remote addr is configured"));
}
- }
-
- if (plainAccessResource.getAccessKey() == null &&
!globalWhiteRemoteAddressStrategy.isEmpty()) {
for (RemoteAddressStrategy remoteAddressStrategy :
globalWhiteRemoteAddressStrategy) {
if (remoteAddressStrategy.match(plainAccessResource)) {
return;
}
}
+ throw new AclException(String.format("No accessKey is configured
and no global white remote addr is matched"));
+ }
+
+ if
(!plainAccessResourceMap.containsKey(plainAccessResource.getAccessKey())) {
+ throw new AclException(String.format("No acl config for %s",
plainAccessResource.getAccessKey()));
}
- if (isDistinguishAccessKey) {
- throw new AclException(String.format("client ip not in
WhiteRemoteAddress . erron accessKe is %s , erron reomiteAddress %s",
plainAccessResource.getAccessKey(),
plainAccessResource.getWhiteRemoteAddress()));
- } else {
- throw new AclException(String.format("It is not make Access and
make client ip .erron accessKe is %s , erron reomiteAddress %s",
plainAccessResource.getAccessKey(),
plainAccessResource.getWhiteRemoteAddress()));
+
+ //Step 2, check the white addr for accesskey
+ PlainAccessResource ownedAccess =
plainAccessResourceMap.get(plainAccessResource.getAccessKey());
+ if (ownedAccess.getRemoteAddressStrategy().match(plainAccessResource))
{
+ return;
}
+
+
+ //Step 3, check the signature
+ String signature =
AclUtils.calSignature(plainAccessResource.getContent(),
ownedAccess.getSecretKey());
+ if (!signature.equals(plainAccessResource.getSignature())) {
+ throw new AclException(String.format("Check signature failed for
accessKey=%s", plainAccessResource.getAccessKey()));
+ }
+ //Step 4, check perm of each resource
+
+ checkPerm(plainAccessResource, ownedAccess);
}
public boolean isWatchStart() {
return isWatchStart;
}
- static class PlainAccess {
+ static class PlainAccessConfig {
private String accessKey;
@@ -265,9 +269,9 @@ public class PlainPermissionLoader {
private String defaultGroupPerm;
- private List<String> topics;
+ private List<String> topicPerms;
- private List<String> groups;
+ private List<String> groupPerms;
public String getAccessKey() {
return accessKey;
@@ -317,20 +321,20 @@ public class PlainPermissionLoader {
this.defaultGroupPerm = defaultGroupPerm;
}
- public List<String> getTopics() {
- return topics;
+ public List<String> getTopicPerms() {
+ return topicPerms;
}
- public void setTopics(List<String> topics) {
- this.topics = topics;
+ public void setTopicPerms(List<String> topicPerms) {
+ this.topicPerms = topicPerms;
}
- public List<String> getGroups() {
- return groups;
+ public List<String> getGroupPerms() {
+ return groupPerms;
}
- public void setGroups(List<String> groups) {
- this.groups = groups;
+ public void setGroupPerms(List<String> groupPerms) {
+ this.groupPerms = groupPerms;
}
}
diff --git
a/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
b/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
index 8015b68..679e846 100644
---
a/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
+++
b/acl/src/main/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyFactory.java
@@ -26,28 +26,29 @@ public class RemoteAddressStrategyFactory {
public static final NullRemoteAddressStrategy NULL_NET_ADDRESS_STRATEGY =
new NullRemoteAddressStrategy();
- public RemoteAddressStrategy getNetaddressStrategy(PlainAccessResource
plainAccessResource) {
- return
getNetaddressStrategy(plainAccessResource.getWhiteRemoteAddress());
+ public RemoteAddressStrategy getRemoteAddressStrategy(PlainAccessResource
plainAccessResource) {
+ return
getRemoteAddressStrategy(plainAccessResource.getWhiteRemoteAddress());
}
- public RemoteAddressStrategy getNetaddressStrategy(String netaddress) {
- if (StringUtils.isBlank(netaddress) || "*".equals(netaddress)) {
+ public RemoteAddressStrategy getRemoteAddressStrategy(String remoteAddr) {
+ //TODO if the white addr is not configured, should reject it.
+ if (StringUtils.isBlank(remoteAddr) || "*".equals(remoteAddr)) {
return NULL_NET_ADDRESS_STRATEGY;
}
- if (netaddress.endsWith("}")) {
- String[] strArray = StringUtils.split(netaddress, ".");
+ if (remoteAddr.endsWith("}")) {
+ String[] strArray = StringUtils.split(remoteAddr, ".");
String four = strArray[3];
if (!four.startsWith("{")) {
- throw new
AclException(String.format("MultipleRemoteAddressStrategy netaddress examine
scope Exception netaddress", netaddress));
+ throw new
AclException(String.format("MultipleRemoteAddressStrategy netaddress examine
scope Exception netaddress", remoteAddr));
}
- return new
MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(netaddress, four));
- } else if (AclUtils.isColon(netaddress)) {
- return new
MultipleRemoteAddressStrategy(StringUtils.split(netaddress, ","));
- } else if (AclUtils.isAsterisk(netaddress) ||
AclUtils.isMinus(netaddress)) {
- return new RangeRemoteAddressStrategy(netaddress);
+ return new
MultipleRemoteAddressStrategy(AclUtils.getAddreeStrArray(remoteAddr, four));
+ } else if (AclUtils.isColon(remoteAddr)) {
+ return new
MultipleRemoteAddressStrategy(StringUtils.split(remoteAddr, ","));
+ } else if (AclUtils.isAsterisk(remoteAddr) ||
AclUtils.isMinus(remoteAddr)) {
+ return new RangeRemoteAddressStrategy(remoteAddr);
}
- return new OneRemoteAddressStrategy(netaddress);
+ return new OneRemoteAddressStrategy(remoteAddr);
}
@@ -103,10 +104,10 @@ public class RemoteAddressStrategyFactory {
private int index;
- public RangeRemoteAddressStrategy(String netaddress) {
- String[] strArray = StringUtils.split(netaddress, ".");
+ public RangeRemoteAddressStrategy(String remoteAddr) {
+ String[] strArray = StringUtils.split(remoteAddr, ".");
if (analysis(strArray, 2) || analysis(strArray, 3)) {
- AclUtils.verify(netaddress, index - 1);
+ AclUtils.verify(remoteAddr, index - 1);
StringBuffer sb = new
StringBuffer().append(strArray[0].trim()).append(".").append(strArray[1].trim()).append(".");
if (index == 3) {
sb.append(strArray[2].trim()).append(".");
diff --git
a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
index 04a3f8f..2d998cc 100644
--- a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
@@ -29,28 +29,28 @@ public class PermissionTest {
@Test
public void fromStringGetPermissionTest() {
- byte perm = Permission.fromStringGetPermission("PUB");
+ byte perm = Permission.parsePermFromString("PUB");
Assert.assertEquals(perm, Permission.PUB);
- perm = Permission.fromStringGetPermission("SUB");
+ perm = Permission.parsePermFromString("SUB");
Assert.assertEquals(perm, Permission.SUB);
- perm = Permission.fromStringGetPermission("ANY");
+ perm = Permission.parsePermFromString("ANY");
Assert.assertEquals(perm, Permission.ANY);
- perm = Permission.fromStringGetPermission("PUB|SUB");
+ perm = Permission.parsePermFromString("PUB|SUB");
Assert.assertEquals(perm, Permission.ANY);
- perm = Permission.fromStringGetPermission("SUB|PUB");
+ perm = Permission.parsePermFromString("SUB|PUB");
Assert.assertEquals(perm, Permission.ANY);
- perm = Permission.fromStringGetPermission("DENY");
+ perm = Permission.parsePermFromString("DENY");
Assert.assertEquals(perm, Permission.DENY);
- perm = Permission.fromStringGetPermission("1");
+ perm = Permission.parsePermFromString("1");
Assert.assertEquals(perm, Permission.DENY);
- perm = Permission.fromStringGetPermission(null);
+ perm = Permission.parsePermFromString(null);
Assert.assertEquals(perm, Permission.DENY);
}
@@ -91,17 +91,17 @@ public class PermissionTest {
PlainAccessResource plainAccessResource = new PlainAccessResource();
Map<String, Byte> resourcePermMap =
plainAccessResource.getResourcePermMap();
- Permission.setTopicPerm(plainAccessResource, false, null);
+ Permission.parseResourcePerms(plainAccessResource, false, null);
Assert.assertNull(resourcePermMap);
List<String> groups = new ArrayList<>();
- Permission.setTopicPerm(plainAccessResource, false, groups);
+ Permission.parseResourcePerms(plainAccessResource, false, groups);
Assert.assertNull(resourcePermMap);
groups.add("groupA=DENY");
groups.add("groupB=PUB|SUB");
groups.add("groupC=PUB");
- Permission.setTopicPerm(plainAccessResource, false, groups);
+ Permission.parseResourcePerms(plainAccessResource, false, groups);
resourcePermMap = plainAccessResource.getResourcePermMap();
byte perm =
resourcePermMap.get(PlainAccessResource.getRetryTopic("groupA"));
@@ -118,7 +118,7 @@ public class PermissionTest {
topics.add("topicB=PUB|SUB");
topics.add("topicC=PUB");
- Permission.setTopicPerm(plainAccessResource, true, topics);
+ Permission.parseResourcePerms(plainAccessResource, true, topics);
perm = resourcePermMap.get("topicA");
Assert.assertEquals(perm, Permission.DENY);
@@ -131,7 +131,7 @@ public class PermissionTest {
List<String> erron = new ArrayList<>();
erron.add("");
- Permission.setTopicPerm(plainAccessResource, false, erron);
+ Permission.parseResourcePerms(plainAccessResource, false, erron);
}
@Test
@@ -144,7 +144,7 @@ public class PermissionTest {
code.add(207);
for (int i = 0; i < 400; i++) {
- boolean boo = Permission.checkAdminCode(i);
+ boolean boo = Permission.needAdminPerm(i);
if (boo) {
Assert.assertTrue(code.contains(i));
}
diff --git
a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
index 45004ec..de9b45d 100644
---
a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
+++
b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainPermissionLoaderTest.java
@@ -27,7 +27,7 @@ import java.util.Set;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.rocketmq.acl.common.AclException;
import org.apache.rocketmq.acl.common.Permission;
-import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccess;
+import org.apache.rocketmq.acl.plain.PlainPermissionLoader.PlainAccessConfig;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -90,7 +90,7 @@ public class PlainPermissionLoaderTest {
@Test
public void getPlainAccessResourceTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
- PlainAccess plainAccess = new PlainAccess();
+ PlainAccessConfig plainAccess = new PlainAccessConfig();
plainAccess.setAccessKey("RocketMQ");
plainAccessResource =
plainPermissionLoader.getPlainAccessResource(plainAccess);
@@ -120,7 +120,7 @@ public class PlainPermissionLoaderTest {
groups.add("groupA=DENY");
groups.add("groupB=PUB|SUB");
groups.add("groupC=PUB");
- plainAccess.setGroups(groups);
+ plainAccess.setGroupPerms(groups);
plainAccessResource =
plainPermissionLoader.getPlainAccessResource(plainAccess);
Map<String, Byte> resourcePermMap =
plainAccessResource.getResourcePermMap();
Assert.assertEquals(resourcePermMap.size(), 3);
@@ -133,7 +133,7 @@ public class PlainPermissionLoaderTest {
topics.add("topicA=DENY");
topics.add("topicB=PUB|SUB");
topics.add("topicC=PUB");
- plainAccess.setTopics(topics);
+ plainAccess.setTopicPerms(topics);
plainAccessResource =
plainPermissionLoader.getPlainAccessResource(plainAccess);
resourcePermMap = plainAccessResource.getResourcePermMap();
Assert.assertEquals(resourcePermMap.size(), 6);
@@ -170,25 +170,25 @@ public class PlainPermissionLoaderTest {
@Test(expected = AclException.class)
public void accountNullTest() {
plainAccessResource.setAccessKey(null);
- plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+ plainPermissionLoader.addPlainAccessResource(plainAccessResource);
}
@Test(expected = AclException.class)
public void accountThanTest() {
plainAccessResource.setAccessKey("123");
- plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+ plainPermissionLoader.addPlainAccessResource(plainAccessResource);
}
@Test(expected = AclException.class)
public void passWordtNullTest() {
plainAccessResource.setAccessKey(null);
- plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+ plainPermissionLoader.addPlainAccessResource(plainAccessResource);
}
@Test(expected = AclException.class)
public void passWordThanTest() {
plainAccessResource.setAccessKey("123");
- plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+ plainPermissionLoader.addPlainAccessResource(plainAccessResource);
}
@Test(expected = AclException.class)
@@ -200,11 +200,11 @@ public class PlainPermissionLoaderTest {
@SuppressWarnings("unchecked")
@Test
public void cleanAuthenticationInfoTest() throws IllegalAccessException {
- //plainPermissionLoader.setPlainAccessResource(plainAccessResource);
+ //plainPermissionLoader.addPlainAccessResource(plainAccessResource);
Map<String, List<PlainAccessResource>> plainAccessResourceMap =
(Map<String, List<PlainAccessResource>>)
FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap",
true);
Assert.assertFalse(plainAccessResourceMap.isEmpty());
- plainPermissionLoader.cleanAuthenticationInfo();
+ plainPermissionLoader.clearPermissionInfo();
plainAccessResourceMap = (Map<String, List<PlainAccessResource>>)
FieldUtils.readDeclaredField(plainPermissionLoader, "plainAccessResourceMap",
true);
Assert.assertTrue(plainAccessResourceMap.isEmpty());
}
diff --git
a/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
b/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
index 1d681e0..527c5c2 100644
---
a/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
+++
b/acl/src/test/java/org/apache/rocketmq/acl/plain/RemoteAddressStrategyTest.java
@@ -27,35 +27,35 @@ public class RemoteAddressStrategyTest {
@Test
public void NetaddressStrategyFactoryTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
- RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy,
RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY);
plainAccessResource.setWhiteRemoteAddress("*");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy,
RemoteAddressStrategyFactory.NULL_NET_ADDRESS_STRATEGY);
plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.OneRemoteAddressStrategy.class);
plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class);
plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.MultipleRemoteAddressStrategy.class);
plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
plainAccessResource.setWhiteRemoteAddress("127.0.0.*");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
plainAccessResource.setWhiteRemoteAddress("127.0.1-20.*");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
Assert.assertEquals(remoteAddressStrategy.getClass(),
RemoteAddressStrategyFactory.RangeRemoteAddressStrategy.class);
}
@@ -63,9 +63,9 @@ public class RemoteAddressStrategyTest {
public void verifyTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
-
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
plainAccessResource.setWhiteRemoteAddress("256.0.0.1");
-
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
}
@Test
@@ -77,7 +77,7 @@ public class RemoteAddressStrategyTest {
public void oneNetaddressStrategyTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress("127.0.0.1");
- RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
plainAccessResource.setWhiteRemoteAddress("");
boolean match = remoteAddressStrategy.match(plainAccessResource);
Assert.assertFalse(match);
@@ -95,11 +95,11 @@ public class RemoteAddressStrategyTest {
public void multipleNetaddressStrategyTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress("127.0.0.1,127.0.0.2,127.0.0.3");
- RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
multipleNetaddressStrategyTest(remoteAddressStrategy);
plainAccessResource.setWhiteRemoteAddress("127.0.0.{1,2,3}");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
multipleNetaddressStrategyTest(remoteAddressStrategy);
}
@@ -108,7 +108,7 @@ public class RemoteAddressStrategyTest {
public void multipleNetaddressStrategyExceptionTest() {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress("127.0.0.1,2,3}");
-
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
}
private void multipleNetaddressStrategyTest(RemoteAddressStrategy
remoteAddressStrategy) {
@@ -140,14 +140,14 @@ public class RemoteAddressStrategyTest {
String head = "127.0.0.";
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress("127.0.0.1-200");
- RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ RemoteAddressStrategy remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
rangeNetaddressStrategyTest(remoteAddressStrategy, head, 1, 200, true);
plainAccessResource.setWhiteRemoteAddress("127.0.0.*");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
rangeNetaddressStrategyTest(remoteAddressStrategy, head, 0, 255, true);
plainAccessResource.setWhiteRemoteAddress("127.0.1-200.*");
- remoteAddressStrategy =
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+ remoteAddressStrategy =
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
rangeNetaddressStrategyThirdlyTest(remoteAddressStrategy, head, 1,
200);
}
@@ -196,7 +196,7 @@ public class RemoteAddressStrategyTest {
private void rangeNetaddressStrategyExceptionTest(String netaddress) {
PlainAccessResource plainAccessResource = new PlainAccessResource();
plainAccessResource.setWhiteRemoteAddress(netaddress);
-
remoteAddressStrategyFactory.getNetaddressStrategy(plainAccessResource);
+
remoteAddressStrategyFactory.getRemoteAddressStrategy(plainAccessResource);
}
}
diff --git a/acl/src/test/resources/conf/transport.yml
b/acl/src/test/resources/conf/transport.yml
index 2c3070e..5daefb6 100644
--- a/acl/src/test/resources/conf/transport.yml
+++ b/acl/src/test/resources/conf/transport.yml
@@ -26,11 +26,11 @@ accounts:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
- topics:
+ topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
- groups:
+ groupPerms:
# the group should convert to retry topic
- groupA=DENY
- groupB=SUB
diff --git a/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
b/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
index a846755..dee6ca2 100644
--- a/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
+++ b/common/src/main/java/org/apache/rocketmq/common/UtilAll.java
@@ -60,6 +60,18 @@ public class UtilAll {
}
}
+ public static void sleep(long sleepMs) {
+ if (sleepMs < 0) {
+ return;
+ }
+ try {
+ Thread.sleep(sleepMs);
+ } catch (Throwable ignored) {
+
+ }
+
+ }
+
public static String currentStackTrace() {
StringBuilder sb = new StringBuilder();
StackTraceElement[] stackTrace =
Thread.currentThread().getStackTrace();
