You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2018/12/26 08:08:27 UTC

[GitHub] dongeforever closed pull request #634: [ISSUE#403] add the conf/plain_acl.yml file for acl_feature.

dongeforever closed pull request #634: [ISSUE#403] add the conf/plain_acl.yml file for acl_feature.
URL: https://github.com/apache/rocketmq/pull/634
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java b/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
index 71bbe0696..dae133554 100644
--- a/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
+++ b/broker/src/test/java/org/apache/rocketmq/broker/BrokerControllerTest.java
@@ -24,6 +24,7 @@
 import org.apache.rocketmq.remoting.netty.NettyServerConfig;
 import org.apache.rocketmq.store.config.MessageStoreConfig;
 import org.junit.After;
+import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -42,21 +43,6 @@ public void testBrokerRestart() throws Exception {
         brokerController.shutdown();
     }
 
-    @Test
-    public void testBrokerStartAclEnabled() throws Exception {
-        BrokerConfig brokerConfigAclEnabled = new BrokerConfig();
-        brokerConfigAclEnabled.setEnableAcl(true);
-        
-        BrokerController brokerController = new BrokerController(
-            brokerConfigAclEnabled,
-            new NettyServerConfig(),
-            new NettyClientConfig(),
-            new MessageStoreConfig());
-        assertThat(brokerController.initialize());
-        brokerController.start();
-        brokerController.shutdown();
-    }
-
     @After
     public void destroy() {
         UtilAll.deleteFile(new File(new MessageStoreConfig().getStorePathRootDir()));
diff --git a/distribution/conf/plain_acl.yml b/distribution/conf/plain_acl.yml
index ccebd8f9e..9043b0dd8 100644
--- a/distribution/conf/plain_acl.yml
+++ b/distribution/conf/plain_acl.yml
@@ -13,22 +13,28 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-onlyNetAddress:
-  remoteAddr: 192.168.0.*
-  noPermitPullTopic:
-    - broker-a
+globalWhiteRemoteAddresses:
 
-list:
-  - accessKey: RocketMQ
-    signature: 1234567
-    remoteAddr: 192.168.0.*
-    permitSendTopic:
-      - TopicTest
-      - test2
-  - accessKey: RocketMQ
-    signature: 1234567
-    remoteAddr: 192.168.2.1
-    permitSendTopic:
-      - test3
-      - test4
+accounts:
+- accessKey: RocketMQ
+  secretKey: 12345678
+  whiteRemoteAddress:
+  admin: false
+  defaultTopicPerm: DENY
+  defaultGroupPerm: SUB
+  topicPerms:
+  - topicA=DENY
+  - topicB=PUB|SUB
+  - topicC=SUB
+  groupPerms:
+  # the group should convert to retry topic
+  - groupA=DENY
+  - groupB=PUB|SUB
+  - groupC=SUB
+
+- accessKey: aliyun.com
+  secretKey: 12345678
+  whiteRemoteAddress: 192.168.1.*
+  # if it is admin, it could access all resources
+  admin: true
     
diff --git a/example/pom.xml b/example/pom.xml
index 28dfe922f..1a4065770 100644
--- a/example/pom.xml
+++ b/example/pom.xml
@@ -53,5 +53,10 @@
             <artifactId>rocketmq-openmessaging</artifactId>
             <version>4.4.0-SNAPSHOT</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.rocketmq</groupId>
+            <artifactId>rocketmq-acl</artifactId>
+            <version>4.4.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 </project>
diff --git a/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java b/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
index fa0bf0a1e..898051704 100644
--- a/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
+++ b/example/src/main/java/org/apache/rocketmq/example/simple/AclClient.java
@@ -20,6 +20,9 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+
+import org.apache.rocketmq.acl.common.AclClientRPCHook;
+import org.apache.rocketmq.acl.common.SessionCredentials;
 import org.apache.rocketmq.client.consumer.DefaultMQPullConsumer;
 import org.apache.rocketmq.client.consumer.DefaultMQPushConsumer;
 import org.apache.rocketmq.client.consumer.PullResult;
@@ -36,25 +39,22 @@
 import org.apache.rocketmq.common.message.MessageQueue;
 import org.apache.rocketmq.remoting.RPCHook;
 import org.apache.rocketmq.remoting.common.RemotingHelper;
-import org.apache.rocketmq.remoting.protocol.RemotingCommand;
 
 /**
  *
- * English explain
- * 1. broker module src/test/resources/META-INF/service/org.apache.rocketmq.acl.AccessValidator copy to src/java/resources/META-INF/service.
- *
- * 2. view the /conf/transport.yml file under the distribution module, pay attention to the account password, IP.
+ * 1. view the /conf/plain_acl.yml file under the distribution module, pay attention to the accessKey,secretKey,
+ * globalWhiteRemoteAddresses and whiteRemoteAddress and some other attributes.
  *
- * 3. Modify ALC_RCP_HOOK_ACCOUT and ACL_RCP_HOOK_PASSWORD to the corresponding account password in transport.yml
+ * 2. Modify ACL_ACCESS_KEY and ACL_SECRET_KEY to the corresponding accessKey and secretKey in plain_acl.yml
  *
  */
 public class AclClient {
 
     private static final Map<MessageQueue, Long> OFFSE_TABLE = new HashMap<MessageQueue, Long>();
 
-    private static final String ACL_RCPHOOK_ACCOUT = "RocketMQ";
+    private static final String ACL_ACCESS_KEY = "RocketMQ";
 
-    private static final String ACL_RCPHOOK_PASSWORD = "1234567";
+    private static final String ACL_SECRET_KEY = "1234567";
 
     public static void main(String[] args) throws MQClientException, InterruptedException {
         producer();
@@ -170,37 +170,6 @@ private static void putMessageQueueOffset(MessageQueue mq, long offset) {
     }
 
     static RPCHook getAclRPCHook() {
-        return new AclRPCHook(ACL_RCPHOOK_ACCOUT, ACL_RCPHOOK_PASSWORD);
-    }
-
-    static class AclRPCHook implements RPCHook {
-
-        private String account;
-
-        private String password;
-
-        public AclRPCHook(String account, String password) {
-            this.account = account;
-            this.password = password;
-        }
-
-        @Override
-        public void doBeforeRequest(String remoteAddr, RemotingCommand request) {
-
-            HashMap<String, String> ext = request.getExtFields();
-            if (ext == null) {
-                ext = new HashMap<>();
-                request.setExtFields(ext);
-            }
-            ext.put("account", this.account);
-            ext.put("password", this.password);
-        }
-
-        @Override
-        public void doAfterResponse(String remoteAddr, RemotingCommand request, RemotingCommand response) {
-            //do nothing
-
-        }
-
+        return new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY,ACL_SECRET_KEY));
     }
 }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services