SummCoder opened a new pull request, #10499:
URL: https://github.com/apache/rocketmq/pull/10499

   ### Which Issue(s) This PR Fixes
   
   Fixes #10498
   
   ### Brief Description
   
   The current ACL documentation (both English and Chinese) only lists
   `aclEnable=true` as the required broker property. In RocketMQ 5.x,
   this is insufficient — the new authentication/authorization framework
   introduced in 5.x requires five additional properties to function.
   
   Code evidence for each property:
   
   | Property | Source | Effect when omitted |
   |----------|--------|---------------------|
   | authenticationEnabled | AbstractAuthenticationStrategy.java:54 | 
Authentication is skipped entirely |
   | authorizationEnabled | AbstractAuthorizationStrategy.java:54 | 
Authorization is skipped entirely |
   | migrateAuthFromV1Enabled | AuthMigrator.java:72 | plain_acl.yml is not 
loaded |
   | authenticationMetadataProvider | AuthenticationFactory.java:80-81 | 
Returns null → "authenticationMetadataProvider is not configured" |
   | authorizationMetadataProvider | AuthorizationFactory (same pattern) | Same 
as above for authorization |
   
   Without these, users experience either:
   - ACL silently allowing all traffic (authentication/authorization skipped), 
or
   - "authenticationMetadataProvider is not configured" error on startup
   
   ### How Did You Test This Change?
   
   1. Built the project with `mvn -Prelease-all -DskipTests clean install -U`
   2. Deployed a fresh RocketMQ 5.5.0 broker with the complete property set
   3. Verified ACL authentication works: valid credentials accepted,
      invalid credentials correctly rejected with "User not found"
   4. Verified mqadmin commands work with default `tools.yml` credentials
      matching the ACL account
   5. Confirmed omission of any single property causes the documented
      failure mode (silent bypass or configuration error)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to