somiljain2006 opened a new pull request, #10372: URL: https://github.com/apache/rocketmq/pull/10372
<!-- Please make sure the target branch is right. In most case, the target branch should be `develop`. --> ### Which Issue(s) This PR Fixes <!-- Please ensure that the related issue has already been created, and [link this pull request to that issue using keywords](<https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword>) to ensure automatic closure. --> - Fixes #10370 ### Brief Description <!-- Write a brief description for your pull request to help the maintainer understand the reasons behind your changes. --> This PR fixes ACL authentication issues for internal proxy system-resource requests in cluster mode when enableAclRpcHookForClusterMode=true is enabled. Introduced SystemResourceAwareRpcHook and InternalContextHolder to ensure that only trusted internal proxy operations targeting RocketMQ system resources use proxy admin ACL credentials, while normal client requests continue using user credentials. ### How Did You Test This Change? <!-- To ensure the code quality of Apache RocketMQ, we expect every pull request to have undergone thorough testing. --> Added comprehensive unit tests covering: - internal vs external request routing - system resource detection - fallback extFields handling - unregister client validation - response hook routing - ThreadLocal context propagation and cleanup Manual verification was also performed successfully using NameServer + Broker + Proxy with ACL enabled. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
