Merge branch 'develop' into dev-tofastjson2

# Conflicts:
#	broker/src/main/java/org/apache/rocketmq/broker/config/v1/RocksDBConfigManager.java
#	broker/src/main/java/org/apache/rocketmq/broker/config/v1/RocksDBConsumerOffsetManager.java
#	broker/src/main/java/org/apache/rocketmq/broker/config/v1/RocksDBSubscriptionGroupManager.java
#	broker/src/main/java/org/apache/rocketmq/broker/config/v1/RocksDBTopicConfigManager.java
#	broker/src/main/java/org/apache/rocketmq/broker/processor/PopMessageProcessor.java

Author: yx9o

BUILDING

@@ -4,7 +4,7 @@ Build Instructions for Apache RocketMQ
 
 (1) Prerequisites
 
-    JDK 1.7+ is required in order to compile and run RocketMQ.
+    JDK 1.8+ is required in order to compile and run RocketMQ.
 
     RocketMQ utilizes Maven as a distribution management and packaging tool. Version 3.0.3 or later is required.
     Maven installation and configuration instructions can be found here:

auth/src/main/java/org/apache/rocketmq/auth/authentication/provider/LocalAuthenticationMetadataProvider.java

@@ -35,22 +35,27 @@
 import org.apache.rocketmq.auth.config.AuthConfig;
 import org.apache.rocketmq.common.config.ConfigRocksDBStorage;
 import org.apache.rocketmq.common.thread.ThreadPoolMonitor;
-import org.rocksdb.RocksIterator;
+import org.rocksdb.RocksDB;
 
 public class LocalAuthenticationMetadataProvider implements AuthenticationMetadataProvider {
 
+    private final static String AUTH_METADATA_COLUMN_FAMILY = new String(RocksDB.DEFAULT_COLUMN_FAMILY,
+        StandardCharsets.UTF_8);
+
     private ConfigRocksDBStorage storage;
 
     private LoadingCache<String, User> userCache;
 
+    protected ThreadPoolExecutor cacheRefreshExecutor;
+
     @Override
     public void initialize(AuthConfig authConfig, Supplier<?> metadataService) {
-        this.storage = new ConfigRocksDBStorage(authConfig.getAuthConfigPath() + File.separator + "users");
+        this.storage = ConfigRocksDBStorage.getStore(authConfig.getAuthConfigPath() + File.separator + "users", false);
         if (!this.storage.start()) {
             throw new RuntimeException("Failed to load rocksdb for auth_user, please check whether it is occupied");
         }
 
-        ThreadPoolExecutor cacheRefreshExecutor = ThreadPoolMonitor.createAndMonitor(
+        this.cacheRefreshExecutor = ThreadPoolMonitor.createAndMonitor(
             1,
             1,
             1000 * 60,
@@ -72,7 +77,7 @@ public CompletableFuture<Void> createUser(User user) {
         try {
             byte[] keyBytes = user.getUsername().getBytes(StandardCharsets.UTF_8);
             byte[] valueBytes = JSON.toJSONBytes(user);
-            this.storage.put(keyBytes, keyBytes.length, valueBytes);
+            this.storage.put(AUTH_METADATA_COLUMN_FAMILY, keyBytes, keyBytes.length, valueBytes);
             this.storage.flushWAL();
             this.userCache.invalidate(user.getUsername());
         } catch (Exception e) {
@@ -84,7 +89,7 @@ public CompletableFuture<Void> createUser(User user) {
     @Override
     public CompletableFuture<Void> deleteUser(String username) {
         try {
-            this.storage.delete(username.getBytes(StandardCharsets.UTF_8));
+            this.storage.delete(AUTH_METADATA_COLUMN_FAMILY, username.getBytes(StandardCharsets.UTF_8));
             this.storage.flushWAL();
             this.userCache.invalidate(username);
         } catch (Exception e) {
@@ -98,7 +103,7 @@ public CompletableFuture<Void> updateUser(User user) {
         try {
             byte[] keyBytes = user.getUsername().getBytes(StandardCharsets.UTF_8);
             byte[] valueBytes = JSON.toJSONBytes(user);
-            this.storage.put(keyBytes, keyBytes.length, valueBytes);
+            this.storage.put(AUTH_METADATA_COLUMN_FAMILY, keyBytes, keyBytes.length, valueBytes);
             this.storage.flushWAL();
             this.userCache.invalidate(user.getUsername());
         } catch (Exception e) {
@@ -119,27 +124,31 @@ public CompletableFuture<User> getUser(String username) {
     @Override
     public CompletableFuture<List<User>> listUser(String filter) {
         List<User> result = new ArrayList<>();
-        try (RocksIterator iterator = this.storage.iterator()) {
-            iterator.seekToFirst();
-            while (iterator.isValid()) {
-                String username = new String(iterator.key(), StandardCharsets.UTF_8);
+        CompletableFuture<List<User>> future = new CompletableFuture<>();
+        try {
+            this.storage.iterate(AUTH_METADATA_COLUMN_FAMILY, (key, value) -> {
+                String username = new String(key, StandardCharsets.UTF_8);
                 if (StringUtils.isNotBlank(filter) && !username.contains(filter)) {
-                    iterator.next();
-                    continue;
+                    return;
                 }
-                User user = JSON.parseObject(new String(iterator.value(), StandardCharsets.UTF_8), User.class);
+                User user = JSON.parseObject(new String(value, StandardCharsets.UTF_8), User.class);
                 result.add(user);
-                iterator.next();
-            }
+            });
+        } catch (Exception e) {
+            future.completeExceptionally(e);
         }
-        return CompletableFuture.completedFuture(result);
+        future.complete(result);
+        return future;
     }
 
     @Override
     public void shutdown() {
         if (this.storage != null) {
             this.storage.shutdown();
         }
+        if (this.cacheRefreshExecutor != null) {
+            this.cacheRefreshExecutor.shutdown();
+        }
     }
 
     private static class UserCacheLoader implements CacheLoader<String, User> {
@@ -154,7 +163,7 @@ public UserCacheLoader(ConfigRocksDBStorage storage) {
         public User load(String username) {
             try {
                 byte[] keyBytes = username.getBytes(StandardCharsets.UTF_8);
-                byte[] valueBytes = storage.get(keyBytes);
+                byte[] valueBytes = storage.get(AUTH_METADATA_COLUMN_FAMILY, keyBytes);
                 if (ArrayUtils.isEmpty(valueBytes)) {
                     return EMPTY_USER;
                 }

auth/src/main/java/org/apache/rocketmq/auth/authorization/builder/DefaultAuthorizationContextBuilder.java

@@ -306,7 +306,7 @@ public List<DefaultAuthorizationContext> build(ChannelHandlerContext context, Re
                     }
                     break;
                 case RequestCode.UNLOCK_BATCH_MQ:
-                    UnlockBatchRequestBody unlockBatchRequestBody = LockBatchRequestBody.decode(command.getBody(), UnlockBatchRequestBody.class);
+                    UnlockBatchRequestBody unlockBatchRequestBody = UnlockBatchRequestBody.decode(command.getBody(), UnlockBatchRequestBody.class);
                     group = Resource.ofGroup(unlockBatchRequestBody.getConsumerGroup());
                     result.add(DefaultAuthorizationContext.of(subject, group, Action.SUB, sourceIp));
                     if (CollectionUtils.isNotEmpty(unlockBatchRequestBody.getMqSet())) {

auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/AclAuthorizationHandler.java

@@ -154,7 +154,11 @@ private int comparePolicyEntries(PolicyEntry o1, PolicyEntry o2) {
         // the decision deny has higher priority
         Decision d1 = o1.getDecision();
         Decision d2 = o2.getDecision();
-        return d1 == Decision.DENY ? 1 : d2 == Decision.DENY ? -1 : 0;
+
+        if (d1 != d2) {
+            return d1 == Decision.DENY ? -1 : 1;
+        }
+        return 0;
     }
 
     private static void throwException(DefaultAuthorizationContext context, String detail) {

auth/src/main/java/org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.java

@@ -21,7 +21,6 @@
 import org.apache.rocketmq.auth.authentication.enums.SubjectType;
 import org.apache.rocketmq.auth.authentication.enums.UserStatus;
 import org.apache.rocketmq.auth.authentication.enums.UserType;
-import org.apache.rocketmq.auth.authentication.exception.AuthenticationException;
 import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
 import org.apache.rocketmq.auth.authentication.model.Subject;
 import org.apache.rocketmq.auth.authentication.model.User;
@@ -62,8 +61,8 @@ private CompletableFuture<User> getUser(Subject subject) {
             if (result == null) {
                 throw new AuthorizationException("User:{} not found.", user.getUsername());
             }
-            if (user.getUserStatus() == UserStatus.DISABLE) {
-                throw new AuthenticationException("User:{} is disabled.", user.getUsername());
+            if (result.getUserStatus() == UserStatus.DISABLE) {
+                throw new AuthorizationException("User:{} is disabled.", result.getUsername());
             }
             return result;
         });

auth/src/main/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerImpl.java

@@ -176,19 +176,26 @@ public CompletableFuture<Void> deleteAcl(Subject subject, PolicyType policyType,
 
     @Override
     public CompletableFuture<Acl> getAcl(Subject subject) {
-        CompletableFuture<? extends Subject> subjectFuture;
-        if (subject.isSubject(SubjectType.USER)) {
-            User user = (User) subject;
-            subjectFuture = this.getAuthenticationMetadataProvider().getUser(user.getUsername());
-        } else {
-            subjectFuture = CompletableFuture.completedFuture(subject);
-        }
-        return subjectFuture.thenCompose(sub -> {
-            if (sub == null) {
-                throw new AuthorizationException("The subject is not exist.");
+        try {
+            if (subject == null) {
+                throw new AuthorizationException("The subject is null.");
             }
-            return this.getAuthorizationMetadataProvider().getAcl(subject);
-        });
+            CompletableFuture<? extends Subject> subjectFuture;
+            if (subject.isSubject(SubjectType.USER)) {
+                User user = (User) subject;
+                subjectFuture = this.getAuthenticationMetadataProvider().getUser(user.getUsername());
+            } else {
+                subjectFuture = CompletableFuture.completedFuture(subject);
+            }
+            return subjectFuture.thenCompose(sub -> {
+                if (sub == null) {
+                    throw new AuthorizationException("The subject is not exist.");
+                }
+                return this.getAuthorizationMetadataProvider().getAcl(sub);
+            });
+        } catch (Exception e) {
+            return this.handleException(e);
+        }
     }
 
     @Override

auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java

@@ -40,21 +40,26 @@
 import org.apache.rocketmq.auth.config.AuthConfig;
 import org.apache.rocketmq.common.config.ConfigRocksDBStorage;
 import org.apache.rocketmq.common.thread.ThreadPoolMonitor;
-import org.rocksdb.RocksIterator;
+import org.rocksdb.RocksDB;
 
 public class LocalAuthorizationMetadataProvider implements AuthorizationMetadataProvider {
 
+    private final static String AUTH_METADATA_COLUMN_FAMILY = new String(RocksDB.DEFAULT_COLUMN_FAMILY,
+        StandardCharsets.UTF_8);
+
     private ConfigRocksDBStorage storage;
 
     private LoadingCache<String, Acl> aclCache;
 
+    protected ThreadPoolExecutor cacheRefreshExecutor;
+
     @Override
     public void initialize(AuthConfig authConfig, Supplier<?> metadataService) {
-        this.storage = new ConfigRocksDBStorage(authConfig.getAuthConfigPath() + File.separator + "acls");
+        this.storage = ConfigRocksDBStorage.getStore(authConfig.getAuthConfigPath() + File.separator + "acls", false);
         if (!this.storage.start()) {
             throw new RuntimeException("Failed to load rocksdb for auth_acl, please check whether it is occupied.");
         }
-        ThreadPoolExecutor cacheRefreshExecutor = ThreadPoolMonitor.createAndMonitor(
+        this.cacheRefreshExecutor = ThreadPoolMonitor.createAndMonitor(
             1,
             1,
             1000 * 60,
@@ -77,7 +82,7 @@ public CompletableFuture<Void> createAcl(Acl acl) {
             Subject subject = acl.getSubject();
             byte[] keyBytes = subject.getSubjectKey().getBytes(StandardCharsets.UTF_8);
             byte[] valueBytes = JSON.toJSONBytes(acl);
-            this.storage.put(keyBytes, keyBytes.length, valueBytes);
+            this.storage.put(AUTH_METADATA_COLUMN_FAMILY, keyBytes, keyBytes.length, valueBytes);
             this.storage.flushWAL();
             this.aclCache.invalidate(subject.getSubjectKey());
         } catch (Exception e) {
@@ -90,7 +95,7 @@ public CompletableFuture<Void> createAcl(Acl acl) {
     public CompletableFuture<Void> deleteAcl(Subject subject) {
         try {
             byte[] keyBytes = subject.getSubjectKey().getBytes(StandardCharsets.UTF_8);
-            this.storage.delete(keyBytes);
+            this.storage.delete(AUTH_METADATA_COLUMN_FAMILY, keyBytes);
             this.storage.flushWAL();
             this.aclCache.invalidate(subject.getSubjectKey());
         } catch (Exception e) {
@@ -105,7 +110,7 @@ public CompletableFuture<Void> updateAcl(Acl acl) {
             Subject subject = acl.getSubject();
             byte[] keyBytes = subject.getSubjectKey().getBytes(StandardCharsets.UTF_8);
             byte[] valueBytes = JSON.toJSONBytes(acl);
-            this.storage.put(keyBytes, keyBytes.length, valueBytes);
+            this.storage.put(AUTH_METADATA_COLUMN_FAMILY, keyBytes, keyBytes.length, valueBytes);
             this.storage.flushWAL();
             this.aclCache.invalidate(subject.getSubjectKey());
         } catch (Exception e) {
@@ -126,20 +131,18 @@ public CompletableFuture<Acl> getAcl(Subject subject) {
     @Override
     public CompletableFuture<List<Acl>> listAcl(String subjectFilter, String resourceFilter) {
         List<Acl> result = new ArrayList<>();
-        try (RocksIterator iterator = this.storage.iterator()) {
-            iterator.seekToFirst();
-            while (iterator.isValid()) {
-                String subjectKey = new String(iterator.key(), StandardCharsets.UTF_8);
+        CompletableFuture<List<Acl>> future = new CompletableFuture<>();
+        try {
+            this.storage.iterate(AUTH_METADATA_COLUMN_FAMILY, (key, value) -> {
+                String subjectKey = new String(key, StandardCharsets.UTF_8);
                 if (StringUtils.isNotBlank(subjectFilter) && !subjectKey.contains(subjectFilter)) {
-                    iterator.next();
-                    continue;
+                    return;
                 }
                 Subject subject = Subject.of(subjectKey);
-                Acl acl = JSON.parseObject(new String(iterator.value(), StandardCharsets.UTF_8), Acl.class);
+                Acl acl = JSON.parseObject(new String(value, StandardCharsets.UTF_8), Acl.class);
                 List<Policy> policies = acl.getPolicies();
                 if (!CollectionUtils.isNotEmpty(policies)) {
-                    iterator.next();
-                    continue;
+                    return;
                 }
                 Iterator<Policy> policyIterator = policies.iterator();
                 while (policyIterator.hasNext()) {
@@ -158,17 +161,22 @@ public CompletableFuture<List<Acl>> listAcl(String subjectFilter, String resourc
                 if (CollectionUtils.isNotEmpty(policies)) {
                     result.add(Acl.of(subject, policies));
                 }
-                iterator.next();
-            }
+            });
+        } catch (Exception e) {
+            future.completeExceptionally(e);
         }
-        return CompletableFuture.completedFuture(result);
+        future.complete(result);
+        return future;
     }
 
     @Override
     public void shutdown() {
         if (this.storage != null) {
             this.storage.shutdown();
         }
+        if (this.cacheRefreshExecutor != null) {
+            this.cacheRefreshExecutor.shutdown();
+        }
     }
 
     private static class AclCacheLoader implements CacheLoader<String, Acl> {
@@ -185,7 +193,7 @@ public Acl load(String subjectKey) {
                 byte[] keyBytes = subjectKey.getBytes(StandardCharsets.UTF_8);
                 Subject subject = Subject.of(subjectKey);
 
-                byte[] valueBytes = this.storage.get(keyBytes);
+                byte[] valueBytes = this.storage.get(AUTH_METADATA_COLUMN_FAMILY, keyBytes);
                 if (ArrayUtils.isEmpty(valueBytes)) {
                     return EMPTY_ACL;
                 }

auth/src/main/java/org/apache/rocketmq/auth/authorization/strategy/AbstractAuthorizationStrategy.java

@@ -16,8 +16,8 @@
  */
 package org.apache.rocketmq.auth.authorization.strategy;
 
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.function.Supplier;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.rocketmq.auth.authorization.context.AuthorizationContext;
@@ -30,7 +30,7 @@
 public abstract class AbstractAuthorizationStrategy implements AuthorizationStrategy {
 
     protected final AuthConfig authConfig;
-    protected final List<String> authorizationWhitelist = new ArrayList<>();
+    protected final Set<String> authorizationWhiteSet = new HashSet<>();
     protected final AuthorizationProvider<AuthorizationContext> authorizationProvider;
 
     public AbstractAuthorizationStrategy(AuthConfig authConfig, Supplier<?> metadataService) {
@@ -42,7 +42,7 @@ public AbstractAuthorizationStrategy(AuthConfig authConfig, Supplier<?> metadata
         if (StringUtils.isNotBlank(authConfig.getAuthorizationWhitelist())) {
             String[] whitelist = StringUtils.split(authConfig.getAuthorizationWhitelist(), ",");
             for (String rpcCode : whitelist) {
-                this.authorizationWhitelist.add(StringUtils.trim(rpcCode));
+                this.authorizationWhiteSet.add(StringUtils.trim(rpcCode));
             }
         }
     }
@@ -57,7 +57,7 @@ public void doEvaluate(AuthorizationContext context) {
         if (this.authorizationProvider == null) {
             return;
         }
-        if (this.authorizationWhitelist.contains(context.getRpcCode())) {
+        if (this.authorizationWhiteSet.contains(context.getRpcCode())) {
             return;
         }
         try {