somiljain2006 opened a new pull request, #10372:
URL: https://github.com/apache/rocketmq/pull/10372

   <!-- Please make sure the target branch is right. In most case, the target 
branch should be `develop`. -->
   
   ### Which Issue(s) This PR Fixes
   
   <!-- Please ensure that the related issue has already been created, and 
[link this pull request to that issue using 
keywords](<https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword>)
 to ensure automatic closure. -->
   
   - Fixes #10370
   
   ### Brief Description
   
   <!-- Write a brief description for your pull request to help the maintainer 
understand the reasons behind your changes. -->
   
   This PR fixes ACL authentication issues for internal proxy system-resource 
requests in cluster mode when enableAclRpcHookForClusterMode=true is enabled. 
Introduced SystemResourceAwareRpcHook and InternalContextHolder to ensure that 
only trusted internal proxy operations targeting RocketMQ system resources use 
proxy admin ACL credentials, while normal client requests continue using user 
credentials.
   
   ### How Did You Test This Change?
   
   <!-- To ensure the code quality of Apache RocketMQ, we expect every pull 
request to have undergone thorough testing. -->
   
   Added comprehensive unit tests covering:
    
   - internal vs external request routing
   - system resource detection
   - fallback extFields handling
   - unregister client validation
   - response hook routing
   - ThreadLocal context propagation and cleanup
   
   Manual verification was also performed successfully using NameServer + 
Broker + Proxy with ACL enabled.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to