(rocketmq) branch develop updated: Fix ACL 2.0: correct consumer group extraction from retry topic in SEND_MESSAGE/SEND_MESSAGE_V2/SEND_BATCH_MESSAGE (#9911)

Tue, 09 Dec 2025 23:58:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

lollipop pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new 1f387b286b Fix ACL 2.0: correct consumer group extraction from retry 
topic in SEND_MESSAGE/SEND_MESSAGE_V2/SEND_BATCH_MESSAGE (#9911)
1f387b286b is described below

commit 1f387b286b795b49749e45a000e4cc4a31e5af1c
Author: dingshuangxi888 <[email protected]>
AuthorDate: Wed Dec 10 15:58:10 2025 +0800

    Fix ACL 2.0: correct consumer group extraction from retry topic in 
SEND_MESSAGE/SEND_MESSAGE_V2/SEND_BATCH_MESSAGE (#9911)
---
 .../builder/DefaultAuthorizationContextBuilder.java          | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git 
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/builder/DefaultAuthorizationContextBuilder.java
 
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/builder/DefaultAuthorizationContextBuilder.java
index 5725d4feac..7134c6fd38 100644
--- 
a/auth/src/main/java/org/apache/rocketmq/auth/authorization/builder/DefaultAuthorizationContextBuilder.java
+++ 
b/auth/src/main/java/org/apache/rocketmq/auth/authorization/builder/DefaultAuthorizationContextBuilder.java
@@ -192,11 +192,7 @@ public class DefaultAuthorizationContextBuilder implements 
AuthorizationContextB
                     break;
                 case RequestCode.SEND_MESSAGE:
                     if (NamespaceUtil.isRetryTopic(fields.get(TOPIC))) {
-                        if (StringUtils.isNotBlank(fields.get(GROUP))) {
-                            group = Resource.ofGroup(fields.get(GROUP));
-                        } else {
-                            group = Resource.ofGroup(fields.get(TOPIC));
-                        }
+                        group = Resource.ofGroup(fields.get(TOPIC));
                         result.add(DefaultAuthorizationContext.of(subject, 
group, Action.SUB, sourceIp));
                     } else {
                         topic = Resource.ofTopic(fields.get(TOPIC));
@@ -206,11 +202,7 @@ public class DefaultAuthorizationContextBuilder implements 
AuthorizationContextB
                 case RequestCode.SEND_MESSAGE_V2:
                 case RequestCode.SEND_BATCH_MESSAGE:
                     if (NamespaceUtil.isRetryTopic(fields.get(B))) {
-                        if (StringUtils.isNotBlank(fields.get(A))) {
-                            group = Resource.ofGroup(fields.get(A));
-                        } else {
-                            group = Resource.ofGroup(fields.get(B));
-                        }
+                        group = Resource.ofGroup(fields.get(B));
                         result.add(DefaultAuthorizationContext.of(subject, 
group, Action.SUB, sourceIp));
                     } else {
                         topic = Resource.ofTopic(fields.get(B));

Reply via email to