[ISSUE #9758] Fix resource filter does not take effect in the listAcl (#9759)

majialoong · web-flow · commit e6ec760eaaff · 2025-10-16T10:19:08.000+08:00
diff --git a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.java
@@ -148,7 +148,7 @@ public CompletableFuture<List<Acl>> listAcl(String subjectFilter, String resourc
                     if (CollectionUtils.isEmpty(entries)) {
                         continue;
                     }
-                    if (StringUtils.isNotBlank(resourceFilter) && !subjectKey.contains(resourceFilter)) {
+                    if (StringUtils.isNotBlank(resourceFilter)) {
                         entries.removeIf(entry -> !entry.toResourceStr().contains(resourceFilter));
                     }
                     if (CollectionUtils.isEmpty(entries)) {
diff --git a/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java b/auth/src/test/java/org/apache/rocketmq/auth/authorization/manager/AuthorizationMetadataManagerTest.java
@@ -28,6 +28,7 @@
 import org.apache.rocketmq.auth.authorization.factory.AuthorizationFactory;
 import org.apache.rocketmq.auth.authorization.model.Acl;
 import org.apache.rocketmq.auth.authorization.model.Policy;
+import org.apache.rocketmq.auth.authorization.model.PolicyEntry;
 import org.apache.rocketmq.auth.authorization.model.Resource;
 import org.apache.rocketmq.auth.config.AuthConfig;
 import org.apache.rocketmq.auth.helper.AuthTestHelper;
@@ -220,6 +221,10 @@ public void listAcl() {
             "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW);
         this.authorizationMetadataManager.createAcl(acl2).join();
 
+        Acl acl3 = AuthTestHelper.buildAcl("User:test-2", "Topic:acl-2,Group:acl-2", "PUB,SUB",
+            "192.168.0.0/24,10.10.0.0/24", Decision.ALLOW);
+        this.authorizationMetadataManager.createAcl(acl3).join();
+
         List<Acl> acls1 = this.authorizationMetadataManager.listAcl(null, null).join();
         Assert.assertEquals(acls1.size(), 2);
 
@@ -235,13 +240,21 @@ public void listAcl() {
 
         List<Acl> acls5 = this.authorizationMetadataManager.listAcl(null, "test-1").join();
         Assert.assertEquals(acls5.size(), 1);
-        Assert.assertEquals(acls4.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(), 1);
+        Assert.assertEquals(acls5.get(0).getPolicy(PolicyType.CUSTOM).getEntries().size(), 2);
 
         List<Acl> acls6 = this.authorizationMetadataManager.listAcl("User:abc", null).join();
         Assert.assertTrue(CollectionUtils.isEmpty(acls6));
 
         List<Acl> acls7 = this.authorizationMetadataManager.listAcl(null, "Topic:abc").join();
         Assert.assertTrue(CollectionUtils.isEmpty(acls7));
+
+        List<Acl> acls8 = this.authorizationMetadataManager.listAcl("test-2", "test-2").join();
+        Assert.assertEquals(acls8.size(), 1);
+        List<PolicyEntry> policyEntries = acls8.get(0).getPolicy(PolicyType.CUSTOM).getEntries();
+        Assert.assertEquals(policyEntries.size(), 2);
+        for (PolicyEntry policyEntry : policyEntries) {
+            Assert.assertTrue(policyEntry.toResourceStr().contains("test-2"));
+        }
     }
 
     private void clearAllUsers() {

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,7 @@ public CompletableFuture<List<Acl>> listAcl(String subjectFilter, String resourc`
`148`	`148`	`if (CollectionUtils.isEmpty(entries)) {`
`149`	`149`	`continue;`
`150`	`150`	`}`
`151`		`- if (StringUtils.isNotBlank(resourceFilter) && !subjectKey.contains(resourceFilter)) {`
	`151`	`+ if (StringUtils.isNotBlank(resourceFilter)) {`
`152`	`152`	`entries.removeIf(entry -> !entry.toResourceStr().contains(resourceFilter));`
`153`	`153`	`}`
`154`	`154`	`if (CollectionUtils.isEmpty(entries)) {`