生产端acl鉴权9

eventmesh-common/src/test/java/org/apache/eventmesh/common/file/WatchFileManagerTest.java

@@ -17,6 +17,8 @@
 
 package org.apache.eventmesh.common.file;
 
+import org.apache.eventmesh.common.Constants;
+import org.apache.eventmesh.common.config.CommonConfiguration;
 import org.apache.eventmesh.common.utils.ThreadUtils;
 
 import java.io.BufferedReader;
@@ -55,13 +57,13 @@ public boolean support(FileChangeContext changeContext) {
 
         Path path = Paths.get(resourceUrl);
         Properties properties = new Properties();
-        try (BufferedReader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
+        try (BufferedReader reader = Files.newBufferedReader(path, Constants.DEFAULT_CHARSET)) {
             properties.load(reader);
         } catch (IOException e) {
             Assert.fail("Test failed to load from file");
         }
         properties.setProperty("eventMesh.server.newAdd", "newAdd");
-        try (BufferedWriter writer = Files.newBufferedWriter(path, StandardCharsets.UTF_8)) {
+        try (BufferedWriter writer = Files.newBufferedWriter(path, Constants.DEFAULT_CHARSET)) {
             properties.store(writer, "newAdd");
         } catch (IOException e) {
             Assert.fail("Test failed to write to file");

eventmesh-registry-plugin/eventmesh-registry-api/src/main/java/org/apache/eventmesh/api/registry/bo/EventMeshServicePubTopicInfo.java

@@ -56,4 +56,5 @@ public String toString() {
             + ", topics=" + topics
             + '}';
     }
+
 }

eventmesh-registry-plugin/eventmesh-registry-etcd/src/main/java/org/apache/eventmesh/registry/etcd/service/EtcdCustomService.java

@@ -28,6 +28,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.annotation.Nullable;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,6 +45,7 @@ public class EtcdCustomService extends EtcdRegistryService {
     private static final String KEY_SERVICE = "service";
     private static final Logger logger = LoggerFactory.getLogger(EtcdCustomService.class);
 
+    @Nullable
     public List<EventMeshServicePubTopicInfo> findEventMeshServicePubTopicInfos() throws RegistryException {
 
         Client client = getEtcdClient();

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/acl/Acl.java

@@ -189,7 +189,6 @@ private AclProperties buildHttpAclProperties(String remoteAddr, String token, St
         if (obj instanceof EventMeshServicePubTopicInfo) {
             aclProperties.setExtendedField("group", ((EventMeshServicePubTopicInfo) obj).getService());
             aclProperties.setExtendedField("topics", ((EventMeshServicePubTopicInfo) obj).getTopics());
-            aclProperties.setExtendedField("token", ((EventMeshServicePubTopicInfo) obj).getToken());
         }
         return aclProperties;
     }

eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java

@@ -17,7 +17,6 @@
 
 package org.apache.eventmesh.auth.token.impl.auth;
 
-
 import org.apache.eventmesh.api.acl.AclProperties;
 import org.apache.eventmesh.api.exception.AclException;
 import org.apache.eventmesh.common.config.CommonConfiguration;
@@ -35,6 +34,8 @@
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Set;
 
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
@@ -68,7 +69,12 @@ public static void authTokenByPublicKey(AclProperties aclProperties) {
                 KeyFactory kf = KeyFactory.getInstance("RSA");
                 Key validationKey = kf.generatePublic(spec);
                 JwtParser signedParser = Jwts.parserBuilder().setSigningKey(validationKey).build();
-                signedParser.parseClaimsJws(token);
+                Jws<Claims> signJwt = signedParser.parseClaimsJws(token);
+                String sub = signJwt.getBody().get("sub", String.class);
+                if (!sub.contains(aclProperties.getExtendedField("group").toString()) && !sub.contains("pulsar-admin")) {
+                    throw new AclException("group:" + aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+                        + aclProperties.getTopic());
+                }
             } catch (IOException e) {
                 throw new AclException("public key read error!", e);
             } catch (NoSuchAlgorithmException e) {
@@ -87,12 +93,11 @@ public static void authTokenByPublicKey(AclProperties aclProperties) {
     public static boolean authAccess(AclProperties aclProperties) {
 
         String topic = aclProperties.getTopic();
-        String token = aclProperties.getToken();
 
         Set<String> groupTopics = (Set<String>) aclProperties.getExtendedField("topics");
         String groupToken = aclProperties.getExtendedField("token").toString();
 
-        if (groupTopics.contains(topic) && groupToken.equals(token)) {
+        if (groupTopics.contains(topic)) {
             return true;
         } else {
             return false;

tools/dependency-check/known-dependencies.txt

@@ -86,6 +86,9 @@ jcommander-1.78.jar
 jetcd-common-0.3.0.jar
 jetcd-core-0.3.0.jar
 jetcd-resolver-0.3.0.jar
+jjwt-api-0.11.1.jar
+jjwt-impl-0.11.1.jar
+jjwt-jackson-0.11.1.jar
 jline-0.9.94.jar
 jna-4.2.2.jar
 jodd-bean-5.1.6.jar