This is an automated email from the ASF dual-hosted git repository.
lizhimin pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/develop by this push:
new d1cc7428da [ISSUE #7955] Don't set default auth metadata provider
(#7956)
d1cc7428da is described below
commit d1cc7428daade1c23046ca776d8bb945a74edf88
Author: dingshuangxi888 <dingshuangxi...@gmail.com>
AuthorDate: Mon Mar 25 17:15:40 2024 +0800
[ISSUE #7955] Don't set default auth metadata provider (#7956)
---
.../chain/DefaultAuthenticationHandler.java | 3 +++
.../authentication/factory/AuthenticationFactory.java | 12 +++++++-----
.../manager/AuthenticationMetadataManagerImpl.java | 12 ++++++------
.../authorization/chain/AclAuthorizationHandler.java | 5 ++++-
.../authorization/chain/UserAuthorizationHandler.java | 3 +++
.../authorization/factory/AuthorizationFactory.java | 18 ++++++++++--------
.../manager/AuthorizationMetadataManagerImpl.java | 14 +++++++-------
7 files changed, 40 insertions(+), 27 deletions(-)
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/chain/DefaultAuthenticationHandler.java
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/chain/DefaultAuthenticationHandler.java
index 109a728aa1..04f1316450 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/chain/DefaultAuthenticationHandler.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/chain/DefaultAuthenticationHandler.java
@@ -45,6 +45,9 @@ public class DefaultAuthenticationHandler implements
Handler<DefaultAuthenticati
}
protected CompletableFuture<User> getUser(DefaultAuthenticationContext
context) {
+ if (this.authenticationMetadataProvider == null) {
+ throw new AuthenticationException("The
authenticationMetadataProvider is not configured");
+ }
if (StringUtils.isEmpty(context.getUsername())) {
throw new AuthenticationException("username cannot be null.");
}
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/factory/AuthenticationFactory.java
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/factory/AuthenticationFactory.java
index 3788496dda..3ba82add5a 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/factory/AuthenticationFactory.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/factory/AuthenticationFactory.java
@@ -31,7 +31,6 @@ import
org.apache.rocketmq.auth.authentication.manager.AuthenticationMetadataMan
import
org.apache.rocketmq.auth.authentication.provider.AuthenticationMetadataProvider;
import org.apache.rocketmq.auth.authentication.provider.AuthenticationProvider;
import
org.apache.rocketmq.auth.authentication.provider.DefaultAuthenticationProvider;
-import
org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider;
import org.apache.rocketmq.auth.authentication.strategy.AuthenticationStrategy;
import
org.apache.rocketmq.auth.authentication.strategy.StatelessAuthenticationStrategy;
import org.apache.rocketmq.auth.config.AuthConfig;
@@ -78,10 +77,11 @@ public class AuthenticationFactory {
}
return computeIfAbsent(METADATA_PROVIDER_PREFIX +
config.getConfigName(), key -> {
try {
- Class<? extends AuthenticationMetadataProvider> clazz =
LocalAuthenticationMetadataProvider.class;
- if
(StringUtils.isNotBlank(config.getAuthenticationMetadataProvider())) {
- clazz = (Class<? extends AuthenticationMetadataProvider>)
Class.forName(config.getAuthenticationMetadataProvider());
+ if
(StringUtils.isBlank(config.getAuthenticationMetadataProvider())) {
+ return null;
}
+ Class<? extends AuthenticationMetadataProvider> clazz =
(Class<? extends AuthenticationMetadataProvider>)
+ Class.forName(config.getAuthenticationMetadataProvider());
AuthenticationMetadataProvider result =
clazz.getDeclaredConstructor().newInstance();
result.initialize(config, metadataService);
return result;
@@ -142,7 +142,9 @@ public class AuthenticationFactory {
}
if (result == null) {
result = function.apply(key);
- INSTANCE_MAP.put(key, result);
+ if (result != null) {
+ INSTANCE_MAP.put(key, result);
+ }
}
}
}
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerImpl.java
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerImpl.java
index 3634a10cb8..6eabe69f45 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerImpl.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerImpl.java
@@ -206,17 +206,17 @@ public class AuthenticationMetadataManagerImpl implements
AuthenticationMetadata
result.completeExceptionally(throwable);
}
- private AuthorizationMetadataProvider getAuthorizationMetadataProvider() {
- if (authenticationMetadataProvider == null) {
+ private AuthenticationMetadataProvider getAuthenticationMetadataProvider()
{
+ if (authorizationMetadataProvider == null) {
throw new IllegalStateException("The
authenticationMetadataProvider is not configured");
}
- return authorizationMetadataProvider;
+ return authenticationMetadataProvider;
}
- private AuthenticationMetadataProvider getAuthenticationMetadataProvider()
{
- if (authorizationMetadataProvider == null) {
+ private AuthorizationMetadataProvider getAuthorizationMetadataProvider() {
+ if (authenticationMetadataProvider == null) {
throw new IllegalStateException("The authorizationMetadataProvider
is not configured");
}
- return authenticationMetadataProvider;
+ return authorizationMetadataProvider;
}
}
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/AclAuthorizationHandler.java
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/AclAuthorizationHandler.java
index 23c57655e7..06a130b2e0 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/AclAuthorizationHandler.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/AclAuthorizationHandler.java
@@ -54,7 +54,10 @@ public class AclAuthorizationHandler implements
Handler<DefaultAuthorizationCont
@Override
public CompletableFuture<Void> handle(DefaultAuthorizationContext context,
HandlerChain<DefaultAuthorizationContext, CompletableFuture<Void>>
chain) {
- return
authorizationMetadataProvider.getAcl(context.getSubject()).thenAccept(acl -> {
+ if (this.authorizationMetadataProvider == null) {
+ throw new AuthorizationException("The
authorizationMetadataProvider is not configured");
+ }
+ return
this.authorizationMetadataProvider.getAcl(context.getSubject()).thenAccept(acl
-> {
if (acl == null) {
throwException(context, "no matched policies.");
}
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.java
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.java
index 87ea477f56..1c391df54f 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.java
@@ -54,6 +54,9 @@ public class UserAuthorizationHandler implements
Handler<DefaultAuthorizationCon
}
private CompletableFuture<User> getUser(Subject subject) {
+ if (this.authenticationMetadataProvider == null) {
+ throw new AuthorizationException("The
authenticationMetadataProvider is not configured");
+ }
User user = (User) subject;
return
authenticationMetadataProvider.getUser(user.getUsername()).thenApply(result -> {
if (result == null) {
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
index 9d72f4cba8..f87a5304cb 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
@@ -19,9 +19,9 @@ package org.apache.rocketmq.auth.authorization.factory;
import com.google.protobuf.GeneratedMessageV3;
import io.grpc.Metadata;
import io.netty.channel.ChannelHandlerContext;
+import java.util.HashMap;
import java.util.List;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
+import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import org.apache.commons.lang3.StringUtils;
@@ -32,7 +32,6 @@ import
org.apache.rocketmq.auth.authorization.manager.AuthorizationMetadataManag
import
org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider;
import org.apache.rocketmq.auth.authorization.provider.AuthorizationProvider;
import
org.apache.rocketmq.auth.authorization.provider.DefaultAuthorizationProvider;
-import
org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider;
import org.apache.rocketmq.auth.authorization.strategy.AuthorizationStrategy;
import
org.apache.rocketmq.auth.authorization.strategy.StatelessAuthorizationStrategy;
import org.apache.rocketmq.auth.config.AuthConfig;
@@ -40,7 +39,7 @@ import org.apache.rocketmq.remoting.protocol.RemotingCommand;
public class AuthorizationFactory {
- private static final ConcurrentMap<String, Object> INSTANCE_MAP = new
ConcurrentHashMap<>();
+ private static final Map<String, Object> INSTANCE_MAP = new HashMap<>();
private static final String PROVIDER_PREFIX = "PROVIDER_";
private static final String METADATA_PROVIDER_PREFIX =
"METADATA_PROVIDER_";
private static final String EVALUATOR_PREFIX = "EVALUATOR_";
@@ -80,10 +79,11 @@ public class AuthorizationFactory {
}
return computeIfAbsent(METADATA_PROVIDER_PREFIX +
config.getConfigName(), key -> {
try {
- Class<? extends AuthorizationMetadataProvider> clazz =
LocalAuthorizationMetadataProvider.class;
- if
(StringUtils.isNotBlank(config.getAuthorizationMetadataProvider())) {
- clazz = (Class<? extends AuthorizationMetadataProvider>)
Class.forName(config.getAuthorizationMetadataProvider());
+ if
(StringUtils.isBlank(config.getAuthorizationMetadataProvider())) {
+ return null;
}
+ Class<? extends AuthorizationMetadataProvider> clazz =
(Class<? extends AuthorizationMetadataProvider>)
+ Class.forName(config.getAuthorizationMetadataProvider());
AuthorizationMetadataProvider result =
clazz.getDeclaredConstructor().newInstance();
result.initialize(config, metadataService);
return result;
@@ -145,7 +145,9 @@ public class AuthorizationFactory {
}
if (result == null) {
result = function.apply(key);
- INSTANCE_MAP.put(key, result);
+ if (result != null) {
+ INSTANCE_MAP.put(key, result);
+ }
}
}
}
diff --git
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerImpl.java
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerImpl.java
index 74fe9d339d..52b62f72b3 100644
---
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerImpl.java
+++
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerImpl.java
@@ -268,17 +268,17 @@ public class AuthorizationMetadataManagerImpl implements
AuthorizationMetadataMa
return result;
}
- private AuthorizationMetadataProvider getAuthorizationMetadataProvider() {
- if (authenticationMetadataProvider == null) {
+ private AuthenticationMetadataProvider getAuthenticationMetadataProvider()
{
+ if (authorizationMetadataProvider == null) {
throw new IllegalStateException("The
authenticationMetadataProvider is not configured.");
}
- return authorizationMetadataProvider;
+ return authenticationMetadataProvider;
}
- private AuthenticationMetadataProvider getAuthenticationMetadataProvider()
{
- if (authorizationMetadataProvider == null) {
- throw new IllegalStateException("The authorizationMetadataProvider
is not configured.");
+ private AuthorizationMetadataProvider getAuthorizationMetadataProvider() {
+ if (authenticationMetadataProvider == null) {
+ throw new IllegalStateException("The
authenticationMetadataProvider is not configured.");
}
- return authenticationMetadataProvider;
+ return authorizationMetadataProvider;
}
}
