(rocketmq) branch develop updated: [ISSUE #9758] Fix resource filter does not take effect in the listAcl (#9759)

lizhimin Fri, 17 Oct 2025 20:30:09 -0700

This is an automated email from the ASF dual-hosted git repository.

lizhimin pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git



The following commit(s) were added to refs/heads/develop by this push:
     new e6ec760eaa [ISSUE #9758] Fix resource filter does not take effect in 
the listAcl (#9759)
e6ec760eaa is described below

commit e6ec760eaaff493041f5a61bccc71f19d7585682
Author: majialong <[email protected]>
AuthorDate: Thu Oct 16 10:19:08 2025 +0800

    [ISSUE #9758] Fix resource filter does not take effect in the listAcl 
(#9759)
---
 .../provider/LocalAuthorizationMetadataProvider.java      |  2 +-
 .../manager/AuthorizationMetadataManagerTest.java         | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git 
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java
 
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java
index bc63178108..54d88708d5 100644
--- 
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java
+++ 
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java
@@ -148,7 +148,7 @@ public class LocalAuthorizationMetadataProvider implements 
AuthorizationMetadata
                     if (CollectionUtils.isEmpty(entries)) {
                         continue;
                     }
-                    if (StringUtils.isNotBlank(resourceFilter) && 
!subjectKey.contains(resourceFilter)) {
+                    if (StringUtils.isNotBlank(resourceFilter)) {
                         entries.removeIf(entry -> 
!entry.toResourceStr().contains(resourceFilter));
                     }
                     if (CollectionUtils.isEmpty(entries)) {
diff --git 
a/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java
 
b/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java
index 21ae30aca9..b6bcfa7488 100644
--- 
a/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java
+++ 
b/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java
@@ -28,6 +28,7 @@ import 
org.apache.rocketmq.auth.authorization.exception.AuthorizationException;
 import org.apache.rocketmq.auth.authorization.factory.AuthorizationFactory;
 import org.apache.rocketmq.auth.authorization.model.Acl;
 import org.apache.rocketmq.auth.authorization.model.Policy;
+import org.apache.rocketmq.auth.authorization.model.PolicyEntry;
 import org.apache.rocketmq.auth.authorization.model.Resource;
 import org.apache.rocketmq.auth.config.AuthConfig;
 import org.apache.rocketmq.auth.helper.AuthTestHelper;
@@ -220,6 +221,10 @@ public class AuthorizationMetadataManagerTest {
             "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW);
         this.authorizationMetadataManager.createAcl(acl2).join();
 
+        Acl acl3 = AuthTestHelper.buildAcl("User:test-2", 
"Topic:acl-2,Group:acl-2", "PUB,SUB",
+            "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW);
+        this.authorizationMetadataManager.createAcl(acl3).join();
+
         List<Acl> acls1 = this.authorizationMetadataManager.listAcl(null, 
null).join();
         Assert.assertEquals(acls1.size(), 2);
 
@@ -235,13 +240,21 @@ public class AuthorizationMetadataManagerTest {
 
         List<Acl> acls5 = this.authorizationMetadataManager.listAcl(null, 
"test-1").join();
         Assert.assertEquals(acls5.size(), 1);
-        
Assert.assertEquals(acls4.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(),
 1);
+        
Assert.assertEquals(acls5.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(),
 2);
 
         List<Acl> acls6 = 
this.authorizationMetadataManager.listAcl("User:abc", null).join();
         Assert.assertTrue(CollectionUtils.isEmpty(acls6));
 
         List<Acl> acls7 = this.authorizationMetadataManager.listAcl(null, 
"Topic:abc").join();
         Assert.assertTrue(CollectionUtils.isEmpty(acls7));
+
+        List<Acl> acls8 = this.authorizationMetadataManager.listAcl("test-2", 
"test-2").join();
+        Assert.assertEquals(acls8.size(), 1);
+        List<PolicyEntry> policyEntries = 
acls8.get(0).getPolicy(PolicyType.CUSTOM).getEntries();
+        Assert.assertEquals(policyEntries.size(), 2);
+        for (PolicyEntry policyEntry : policyEntries) {
+            Assert.assertTrue(policyEntry.toResourceStr().contains("test-2"));
+        }
     }
 
     private void clearAllUsers() {

(rocketmq) branch develop updated: [ISSUE #9758] Fix resource filter does not take effect in the listAcl (#9759)

Reply via email to