majialoong opened a new issue, #9763: URL: https://github.com/apache/rocketmq/issues/9763
### Before Creating the Bug Report - [x] I found a bug, not just asking a question, which should be created in [GitHub Discussions](https://github.com/apache/rocketmq/discussions). - [x] I have searched the [GitHub Issues](https://github.com/apache/rocketmq/issues) and [GitHub Discussions](https://github.com/apache/rocketmq/discussions) of this repository and believe that this is not a duplicate. - [x] I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ. ### Runtime platform environment All platform ### RocketMQ version develop and 5.3.3 (the branch using ACL 2.0) ### JDK Version All ### Describe the Bug When only authorization is enabled, the disabled user status cannot be effectively detected. <img width="765" height="603" alt="Image" src="https://github.com/user-attachments/assets/d752d304-4e4f-4866-b03f-c92b4582d008"; /> ### Steps to Reproduce 1. Authorization is enabled for the cluster (authentication is not enabled). broker.conf ``` authenticationEnabled=false initAuthenticationUser={"username":"rocketmq2", "password":"12345678"} authenticationProvider=org.apache.rocketmq.auth.authentication.provider.DefaultAuthenticationProvider authenticationMetadataProvider=org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider authorizationEnabled=true authorizationProvider=org.apache.rocketmq.auth.authorization.provider.DefaultAuthorizationProvider authorizationMetadataProvider=org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider ``` 2. The user set to disabled status. <img width="645" height="73" alt="Image" src="https://github.com/user-attachments/assets/6888c5d1-d238-4c78-9ab0-c822e02e0baa"; /> 3. When accessing the cluster with this disable user, there is no prompt indicating that the user has been disabled. The disabled super user can still access the cluster normally. <img width="736" height="80" alt="Image" src="https://github.com/user-attachments/assets/3fa0387d-34f3-48ae-9f0c-f551ffef7965"; /> ### What Did You Expect to See? The disabled status of a user should be correctly detected when the user is disabled. And correctly prompt that the user has been disabled. <img width="905" height="218" alt="Image" src="https://github.com/user-attachments/assets/db65ba63-cdfd-4679-acf3-c6ad50c7a6f2"; /> ### What Did You See Instead? A disabled user can still access the cluster normally. ### Additional Context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
