diff --git a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java index bc631781084..54d88708d51 100644 --- a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java +++ b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java @@ -148,7 +148,7 @@ public CompletableFuture> listAcl(String subjectFilter, String resourc if (CollectionUtils.isEmpty(entries)) { continue; } - if (StringUtils.isNotBlank(resourceFilter) && !subjectKey.contains(resourceFilter)) { + if (StringUtils.isNotBlank(resourceFilter)) { entries.removeIf(entry -> !entry.toResourceStr().contains(resourceFilter)); } if (CollectionUtils.isEmpty(entries)) { diff --git a/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java b/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java index 21ae30aca94..b6bcfa74886 100644 --- a/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java +++ b/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java @@ -28,6 +28,7 @@ import org.apache.rocketmq.auth.authorization.factory.AuthorizationFactory; import org.apache.rocketmq.auth.authorization.model.Acl; import org.apache.rocketmq.auth.authorization.model.Policy; +import org.apache.rocketmq.auth.authorization.model.PolicyEntry; import org.apache.rocketmq.auth.authorization.model.Resource; import org.apache.rocketmq.auth.config.AuthConfig; import org.apache.rocketmq.auth.helper.AuthTestHelper; @@ -220,6 +221,10 @@ public void listAcl() { "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW); this.authorizationMetadataManager.createAcl(acl2).join(); + Acl acl3 = AuthTestHelper.buildAcl("User:test-2", "Topic:acl-2,Group:acl-2", "PUB,SUB", + "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW); + this.authorizationMetadataManager.createAcl(acl3).join(); + List acls1 = this.authorizationMetadataManager.listAcl(null, null).join(); Assert.assertEquals(acls1.size(), 2); @@ -235,13 +240,21 @@ public void listAcl() { List acls5 = this.authorizationMetadataManager.listAcl(null, "test-1").join(); Assert.assertEquals(acls5.size(), 1); - Assert.assertEquals(acls4.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(), 1); + Assert.assertEquals(acls5.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(), 2); List acls6 = this.authorizationMetadataManager.listAcl("User:abc", null).join(); Assert.assertTrue(CollectionUtils.isEmpty(acls6)); List acls7 = this.authorizationMetadataManager.listAcl(null, "Topic:abc").join(); Assert.assertTrue(CollectionUtils.isEmpty(acls7)); + + List acls8 = this.authorizationMetadataManager.listAcl("test-2", "test-2").join(); + Assert.assertEquals(acls8.size(), 1); + List policyEntries = acls8.get(0).getPolicy(PolicyType.CUSTOM).getEntries(); + Assert.assertEquals(policyEntries.size(), 2); + for (PolicyEntry policyEntry : policyEntries) { + Assert.assertTrue(policyEntry.toResourceStr().contains("test-2")); + } } private void clearAllUsers() {