SummCoder opened a new pull request, #10499:
URL: https://github.com/apache/rocketmq/pull/10499
### Which Issue(s) This PR Fixes
Fixes #10498
### Brief Description
The current ACL documentation (both English and Chinese) only lists
`aclEnable=true` as the required broker property. In RocketMQ 5.x,
this is insufficient — the new authentication/authorization framework
introduced in 5.x requires five additional properties to function.
Code evidence for each property:
| Property | Source | Effect when omitted |
|----------|--------|---------------------|
| authenticationEnabled | AbstractAuthenticationStrategy.java:54 |
Authentication is skipped entirely |
| authorizationEnabled | AbstractAuthorizationStrategy.java:54 |
Authorization is skipped entirely |
| migrateAuthFromV1Enabled | AuthMigrator.java:72 | plain_acl.yml is not
loaded |
| authenticationMetadataProvider | AuthenticationFactory.java:80-81 |
Returns null → "authenticationMetadataProvider is not configured" |
| authorizationMetadataProvider | AuthorizationFactory (same pattern) | Same
as above for authorization |
Without these, users experience either:
- ACL silently allowing all traffic (authentication/authorization skipped),
or
- "authenticationMetadataProvider is not configured" error on startup
### How Did You Test This Change?
1. Built the project with `mvn -Prelease-all -DskipTests clean install -U`
2. Deployed a fresh RocketMQ 5.5.0 broker with the complete property set
3. Verified ACL authentication works: valid credentials accepted,
invalid credentials correctly rejected with "User not found"
4. Verified mqadmin commands work with default `tools.yml` credentials
matching the ACL account
5. Confirmed omission of any single property causes the documented
failure mode (silent bypass or configuration error)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]