jiulinxiri/rocketmq-dashboard
1
0
Fork 0
mirror of https://github.com/apache/rocketmq-dashboard.git synced 2025-09-10 11:40:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

[ISSUE #332] Add configuration options for login information, supporting ACL or file storage (#333)

Browse Source
This commit is contained in:
Crazylychee
2025-07-05 20:51:42 +08:00
committed by GitHub
parent ff73529a75
commit 4b9ed97f8f
11 changed files with 370 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
frontend-new/src/api/remoteApi/remoteApi.js
View File

@@ -77,12 +77,12 @@ const remoteApi = {
listUsers: async (brokerAddress) => {
const params = new URLSearchParams();
if (brokerAddress) params.append('brokerAddress', brokerAddress);
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/listUsers?${params.toString()}`));
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/acls.query?${params.toString()}`));
return await response.json();
},
createUser: async (brokerAddress, userInfo) => {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/createUser'), {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/createUser.do'), {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({brokerAddress, userInfo})
@@ -91,7 +91,7 @@ const remoteApi = {
},
updateUser: async (brokerAddress, userInfo) => {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/updateUser'), {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/updateUser.do'), {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({brokerAddress, userInfo})
@@ -103,7 +103,7 @@ const remoteApi = {
const params = new URLSearchParams();
if (brokerAddress) params.append('brokerAddress', brokerAddress);
params.append('username', username);
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/deleteUser?${params.toString()}`), {
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/deleteUser.do?${params.toString()}`), {
method: 'DELETE'
});
return await response.json();
@@ -114,12 +114,12 @@ const remoteApi = {
const params = new URLSearchParams();
if (brokerAddress) params.append('brokerAddress', brokerAddress);
if (searchParam) params.append('searchParam', searchParam);
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/listAcls?${params.toString()}`));
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/acls.query?${params.toString()}`));
return await response.json();
},
createAcl: async (brokerAddress, subject, policies) => {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/createAcl'), {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/createAcl.do'), {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({brokerAddress, subject, policies})
@@ -128,7 +128,7 @@ const remoteApi = {
},
updateAcl: async (brokerAddress, subject, policies) => {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/updateAcl'), {
const response = await remoteApi._fetch(remoteApi.buildUrl('/acl/updateAcl.do'), {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({brokerAddress, subject, policies})
@@ -141,7 +141,7 @@ const remoteApi = {
if (brokerAddress) params.append('brokerAddress', brokerAddress);
params.append('subject', subject);
if (resource) params.append('resource', resource);
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/deleteAcl?${params.toString()}`), {
const response = await remoteApi._fetch(remoteApi.buildUrl(`/acl/deleteAcl.do?${params.toString()}`), {
method: 'DELETE'
});
return await response.json();

20
src/main/java/org/apache/rocketmq/dashboard/controller/AclController.java
View File

@@ -23,6 +23,7 @@ import org.apache.rocketmq.dashboard.model.request.UserUpdateRequest;
import org.apache.rocketmq.dashboard.service.impl.AclServiceImpl;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@@ -31,24 +32,23 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
@RestController
@Controller
@RequestMapping("/acl")
public class AclController {
@Autowired
private AclServiceImpl aclService;
@GetMapping("/listUsers")
@GetMapping("/users.query")
@ResponseBody
public List<UserInfo> listUsers(@RequestParam(required = false) String brokerAddress) {
return aclService.listUsers(brokerAddress);
}
@GetMapping("/listAcls")
@GetMapping("/acls.query")
@ResponseBody
public Object listAcls(
@RequestParam(required = false) String brokerAddress,
@@ -56,34 +56,34 @@ public class AclController {
return aclService.listAcls(brokerAddress, searchParam);
}
@PostMapping("/createAcl")
@PostMapping("/createAcl.do")
@ResponseBody
public Object createAcl(@RequestBody PolicyRequest request) {
aclService.createAcl(request);
return true;
}
@DeleteMapping("/deleteUser")
@DeleteMapping("/deleteUser.do")
@ResponseBody
public Object deleteUser(@RequestParam(required = false) String brokerAddress, @RequestParam String username) {
aclService.deleteUser(brokerAddress, username);
return true;
}
@RequestMapping(value = "/updateUser", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
@RequestMapping(value = "/updateUser.do", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
@ResponseBody
public Object updateUser(@RequestBody UserUpdateRequest request) {
aclService.updateUser(request.getBrokerAddress(), request.getUserInfo());
return true;
}
@PostMapping("/createUser")
@PostMapping("/createUser.do")
public Object createUser(@RequestBody UserCreateRequest request) {
aclService.createUser(request.getBrokerAddress(), request.getUserInfo());
return true;
}
@DeleteMapping("/deleteAcl")
@DeleteMapping("/deleteAcl.do")
public Object deleteAcl(
@RequestParam(required = false) String brokerAddress,
@RequestParam String subject,
@@ -92,7 +92,7 @@ public class AclController {
return true;
}
@RequestMapping(value = "/updateAcl", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
@RequestMapping(value = "/updateAcl.do", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
@ResponseBody
public Object updateAcl(@RequestBody PolicyRequest request) {
aclService.updateAcl(request);

4
src/main/java/org/apache/rocketmq/dashboard/model/User.java
View File

@@ -19,8 +19,8 @@ package org.apache.rocketmq.dashboard.model;
import org.hibernate.validator.constraints.Range;
public class User {
public static final int ORDINARY = 0;
public static final int ADMIN = 1;
public static final int SUPER = 0;
public static final int NORMAL = 1;
private long id;
private String name;

2
src/main/java/org/apache/rocketmq/dashboard/model/request/UserInfoParam.java
View File

@@ -17,9 +17,11 @@
package org.apache.rocketmq.dashboard.model.request;
import lombok.AllArgsConstructor;
import lombok.Data;
@Data
@AllArgsConstructor
public class UserInfoParam {
private String username;
private String password;

2
src/main/java/org/apache/rocketmq/dashboard/service/impl/AbstractFileStore.java
View File

@@ -58,7 +58,7 @@ public abstract class AbstractFileStore {
}
}
abstract void load(InputStream inputStream);
protected abstract void load(InputStream inputStream);
private void load() {
load(null);

24
src/main/java/org/apache/rocketmq/dashboard/service/impl/LoginServiceImpl.java
View File

@@ -17,13 +17,10 @@
package org.apache.rocketmq.dashboard.service.impl;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.rocketmq.dashboard.config.RMQConfigure;
import org.apache.rocketmq.dashboard.service.LoginService;
import org.apache.rocketmq.dashboard.service.UserService;
import org.apache.rocketmq.dashboard.service.provider.UserInfoProvider;
import org.apache.rocketmq.dashboard.service.strategy.UserContext;
import org.apache.rocketmq.dashboard.util.UserInfoContext;
import org.apache.rocketmq.dashboard.util.WebUtil;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
@@ -33,34 +30,29 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@Service
public class LoginServiceImpl implements LoginService {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Resource
private RMQConfigure rmqConfigure;
@Autowired
private UserService userService;
@Autowired
private UserInfoProvider userInfoProvider;
private UserContext userContext;
@Override
public boolean login(HttpServletRequest request, HttpServletResponse response) {
String username = (String) WebUtil.getValueFromSession(request, WebUtil.USER_NAME);
if (username != null) {
UserInfo userInfo = userInfoProvider.getUserInfoByUsername(username);
UserInfo userInfo = userContext.queryByUsername(username);
if (userInfo == null) {
auth(request, response);
return false;
}
UserInfoContext.set(WebUtil.USER_NAME, userInfo);
return true;
}
auth(request, response);
return false;
@@ -69,11 +61,7 @@ public class LoginServiceImpl implements LoginService {
protected void auth(HttpServletRequest request, HttpServletResponse response) {
try {
String url = WebUtil.getUrl(request);
try {
url = URLEncoder.encode(url, "UTF-8");
} catch (UnsupportedEncodingException e) {
logger.error("url encode:{}", url, e);
}
url = URLEncoder.encode(url, StandardCharsets.UTF_8);
logger.debug("redirect url : {}", url);
WebUtil.redirect(response, request, "/#/login?redirect=" + url);
} catch (IOException e) {

67
src/main/java/org/apache/rocketmq/dashboard/service/strategy/AclUserStrategy.java Normal file
View File

@@ -0,0 +1,67 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rocketmq.dashboard.service.strategy;
import lombok.AllArgsConstructor;
import org.apache.rocketmq.dashboard.service.ClusterInfoService;
import org.apache.rocketmq.remoting.protocol.body.ClusterInfo;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
import org.apache.rocketmq.remoting.protocol.route.BrokerData;
import org.apache.rocketmq.tools.admin.MQAdminExt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@Service
@AllArgsConstructor
public class AclUserStrategy implements UserStrategy {
private static final Logger log = LoggerFactory.getLogger(AclUserStrategy.class);
private final MQAdminExt mqAdminExt;
private final ClusterInfoService clusterInfoService;
@Override
public UserInfo getUserInfoByUsername(String username) {
ClusterInfo clusterInfo = clusterInfoService.get();
if (clusterInfo == null || clusterInfo.getBrokerAddrTable() == null || clusterInfo.getBrokerAddrTable().isEmpty()) {
log.warn("Cluster information is not available or has no broker addresses.");
return null;
}
for (BrokerData brokerLiveInfo : clusterInfo.getBrokerAddrTable().values()) {
if (brokerLiveInfo == null || brokerLiveInfo.getBrokerAddrs() == null || brokerLiveInfo.getBrokerAddrs().isEmpty()) {
continue;
}
String brokerAddr = brokerLiveInfo.getBrokerAddrs().get(0L); // Assuming 0L is the primary address
if (brokerAddr == null) {
continue;
}
try {
UserInfo userInfo = mqAdminExt.getUser(brokerAddr, username);
if (userInfo != null) {
return userInfo;
}
} catch (Exception e) {
log.warn("Failed to get user {} from broker {}. Trying next broker if available. Error: {}", username, brokerAddr, e.getMessage());
}
}
return null;
}
}

119
src/main/java/org/apache/rocketmq/dashboard/service/strategy/FileUserStrategy.java Normal file
View File

@@ -0,0 +1,119 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rocketmq.dashboard.service.strategy;
import jakarta.annotation.Resource;
import jakarta.validation.constraints.NotNull;
import org.apache.rocketmq.dashboard.config.RMQConfigure;
import org.apache.rocketmq.dashboard.exception.ServiceException;
import org.apache.rocketmq.dashboard.model.User;
import org.apache.rocketmq.dashboard.service.impl.AbstractFileStore;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.stereotype.Service;
import java.io.FileReader;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
@Service
public class FileUserStrategy implements UserStrategy, InitializingBean {
@Resource
private RMQConfigure configure;
private FileBasedUserInfoStore fileBasedUserInfoStore;
@Override
public void afterPropertiesSet() throws Exception {
if (configure.isLoginRequired()) {
fileBasedUserInfoStore = new FileBasedUserInfoStore(configure);
}
}
@Override
public UserInfo getUserInfoByUsername(String username) {
User user = fileBasedUserInfoStore.queryByUsernameAndPassword(username);
if (user != null) {
return UserInfo.of(user.getName(), user.getPassword(), user.getType() == 0 ? "normal" : "super");
}
return null;
}
public static class FileBasedUserInfoStore extends AbstractFileStore {
private static final String FILE_NAME = "users.properties";
private static Map<String, User> userMap = new ConcurrentHashMap<>();
public FileBasedUserInfoStore(RMQConfigure configure) {
super(configure, FILE_NAME);
}
@Override
public void load(InputStream inputStream) {
Properties prop = new Properties();
try {
if (inputStream == null) {
prop.load(new FileReader(filePath));
} else {
prop.load(inputStream);
}
} catch (Exception e) {
log.error("load user.properties failed", e);
throw new ServiceException(0, String.format("Failed to load loginUserInfo property file: %s", filePath));
}
Map<String, User> loadUserMap = new HashMap<>();
String[] arrs;
int role;
for (String key : prop.stringPropertyNames()) {
String v = prop.getProperty(key);
if (v == null)
continue;
arrs = v.split(",", 2);
if (arrs.length == 0) {
continue;
} else if (arrs.length == 1) {
role = 0;
} else {
role = Integer.parseInt(arrs[1].trim());
}
loadUserMap.put(key, new User(key, arrs[0].trim(), role));
}
userMap.clear();
userMap.putAll(loadUserMap);
}
public User queryByName(String name) {
return userMap.get(name);
}
public User queryByUsernameAndPassword(@NotNull String username) {
User user = queryByName(username);
if (user != null) {
return user.cloneOne();
}
return null;
}
}
}

54
src/main/java/org/apache/rocketmq/dashboard/service/strategy/UserContext.java Normal file
View File

@@ -0,0 +1,54 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rocketmq.dashboard.service.strategy;
import jakarta.annotation.PostConstruct;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class UserContext {
private UserStrategy userStrategy;
@Autowired
private Map<String, UserStrategy> userStrategies;
@Value("${rocketmq.config.authMode}")
private String authMode;
@PostConstruct
public void init() {
switch (authMode.toLowerCase()) {
case "acl":
this.userStrategy = userStrategies.get("aclUserStrategy");
break;
case "file":
default:
this.userStrategy = userStrategies.get("fileUserStrategy");
break;
}
}
public UserInfo queryByUsername(String username) {
return userStrategy.getUserInfoByUsername(username);
}
}

24
src/main/java/org/apache/rocketmq/dashboard/service/strategy/UserStrategy.java Normal file
View File

@@ -0,0 +1,24 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rocketmq.dashboard.service.strategy;
import org.apache.rocketmq.remoting.protocol.body.UserInfo;
public interface UserStrategy {
UserInfo getUserInfoByUsername(String username);
}

6
src/main/resources/application.yml
View File

@@ -58,6 +58,12 @@ rocketmq:
ticketKey: ticket
# must create userInfo file: ${rocketmq.config.dataPath}/users.properties if the login is required
loginRequired: false
# Authentication mode for RocketMQ Dashboard
# Available options:
# - 'file': Use username/password stored in a file (requires 'auth.file.path')
# - 'acl': Use credentials from ACL system (requires 'acl.access.key' and 'acl.secret.key')
# Default: file
authMode: file
useTLS: false
proxyAddr: 127.0.0.1:8080
proxyAddrs: