add strategy for authentication and authorization.

auth/src/main/java/org/apache/rocketmq/auth/authentication/AuthenticationEvaluator.java

@@ -16,64 +16,25 @@
  */
 package org.apache.rocketmq.auth.authentication;
 
-import java.util.ArrayList;
-import java.util.List;
 import java.util.function.Supplier;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.rocketmq.auth.authentication.context.AuthenticationContext;
-import org.apache.rocketmq.auth.authentication.exception.AuthenticationException;
 import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
-import org.apache.rocketmq.auth.authentication.provider.AuthenticationProvider;
+import org.apache.rocketmq.auth.authentication.strategy.AuthenticationStrategy;
 import org.apache.rocketmq.auth.config.AuthConfig;
-import org.apache.rocketmq.common.utils.ExceptionUtils;
 
 public class AuthenticationEvaluator {
 
-    private final AuthConfig authConfig;
-    private final List<String> authenticationWhitelist = new ArrayList<>();
-    private final AuthenticationProvider<AuthenticationContext> authenticationProvider;
+    private final AuthenticationStrategy authenticationStrategy;
 
     public AuthenticationEvaluator(AuthConfig authConfig) {
         this(authConfig, null);
     }
 
     public AuthenticationEvaluator(AuthConfig authConfig, Supplier<?> metadataService) {
-        this.authConfig = authConfig;
-        this.authenticationProvider = AuthenticationFactory.getProvider(authConfig);
-        if (this.authenticationProvider != null) {
-            this.authenticationProvider.initialize(authConfig, metadataService);
-        }
-        if (StringUtils.isNotBlank(authConfig.getAuthenticationWhitelist())) {
-            String[] whitelist = StringUtils.split(authConfig.getAuthenticationWhitelist(), ",");
-            for (String rpcCode : whitelist) {
-                this.authenticationWhitelist.add(StringUtils.trim(rpcCode));
-            }
-        }
+        this.authenticationStrategy = AuthenticationFactory.getStrategy(authConfig, metadataService);
     }
 
     public void evaluate(AuthenticationContext context) {
-        if (context == null) {
-            return;
-        }
-        if (!authConfig.isAuthenticationEnabled()) {
-            return;
-        }
-        if (this.authenticationProvider == null) {
-            return;
-        }
-        if (this.authenticationWhitelist.contains(context.getRpcCode())) {
-            return;
-        }
-        try {
-            this.authenticationProvider.authenticate(context).join();
-        } catch (AuthenticationException ex) {
-            throw ex;
-        } catch (Throwable ex) {
-            Throwable exception = ExceptionUtils.getRealException(ex);
-            if (exception instanceof AuthenticationException) {
-                throw (AuthenticationException) exception;
-            }
-            throw new AuthenticationException("Failed to authentication the request", exception);
-        }
+        this.authenticationStrategy.evaluate(context);
     }
 }

auth/src/main/java/org/apache/rocketmq/auth/authentication/builder/AuthenticationContextBuilder.java

@@ -18,11 +18,12 @@
 
 import com.google.protobuf.GeneratedMessageV3;
 import io.grpc.Metadata;
+import io.netty.channel.ChannelHandlerContext;
 import org.apache.rocketmq.remoting.protocol.RemotingCommand;
 
 public interface AuthenticationContextBuilder<AuthenticationContext> {
 
     AuthenticationContext build(Metadata metadata, GeneratedMessageV3 request);
 
-    AuthenticationContext build(RemotingCommand request);
+    AuthenticationContext build(ChannelHandlerContext context, RemotingCommand request);
 }

auth/src/main/java/org/apache/rocketmq/auth/authentication/builder/DefaultAuthenticationContextBuilder.java

@@ -18,6 +18,7 @@
 
 import com.google.protobuf.GeneratedMessageV3;
 import io.grpc.Metadata;
+import io.netty.channel.ChannelHandlerContext;
 import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Map;
@@ -47,6 +48,7 @@ public class DefaultAuthenticationContextBuilder implements AuthenticationContex
     public DefaultAuthenticationContext build(Metadata metadata, GeneratedMessageV3 request) {
         try {
             DefaultAuthenticationContext context = new DefaultAuthenticationContext();
+            context.setChannelId(metadata.get(GrpcConstants.CHANNEL_ID));
             context.setRpcCode(request.getDescriptorForType().getFullName());
             String authorization = metadata.get(GrpcConstants.AUTHORIZATION);
             if (StringUtils.isEmpty(authorization)) {
@@ -94,15 +96,16 @@ public DefaultAuthenticationContext build(Metadata metadata, GeneratedMessageV3
     }
 
     @Override
-    public DefaultAuthenticationContext build(RemotingCommand request) {
+    public DefaultAuthenticationContext build(ChannelHandlerContext context, RemotingCommand request) {
         HashMap<String, String> fields = request.getExtFields();
         if (MapUtils.isEmpty(fields)) {
             throw new AuthenticationException("authentication field is null");
         }
-        DefaultAuthenticationContext context = new DefaultAuthenticationContext();
-        context.setRpcCode(String.valueOf(request.getCode()));
-        context.setUsername(fields.get(SessionCredentials.ACCESS_KEY));
-        context.setSignature(fields.get(SessionCredentials.SIGNATURE));
+        DefaultAuthenticationContext result = new DefaultAuthenticationContext();
+        result.setChannelId(context.channel().id().asLongText());
+        result.setRpcCode(String.valueOf(request.getCode()));
+        result.setUsername(fields.get(SessionCredentials.ACCESS_KEY));
+        result.setSignature(fields.get(SessionCredentials.SIGNATURE));
         // Content
         SortedMap<String, String> map = new TreeMap<>();
         for (Map.Entry<String, String> entry : fields.entrySet()) {
@@ -114,8 +117,8 @@ public DefaultAuthenticationContext build(RemotingCommand request) {
                 map.put(entry.getKey(), entry.getValue());
             }
         }
-        context.setContent(AclUtils.combineRequestContent(request, map));
-        return context;
+        result.setContent(AclUtils.combineRequestContent(request, map));
+        return result;
     }
 
     public String hexToBase64(String input) throws DecoderException {

auth/src/main/java/org/apache/rocketmq/auth/authentication/context/AuthenticationContext.java

@@ -22,10 +22,20 @@
 
 public abstract class AuthenticationContext {
 
+    private String channelId;
+
     private String rpcCode;
 
     private Map<String, Object> extInfo;
 
+    public String getChannelId() {
+        return channelId;
+    }
+
+    public void setChannelId(String channelId) {
+        this.channelId = channelId;
+    }
+
     public String getRpcCode() {
         return rpcCode;
     }

auth/src/main/java/org/apache/rocketmq/auth/authentication/factory/AuthenticationFactory.java

@@ -18,6 +18,7 @@
 
 import com.google.protobuf.GeneratedMessageV3;
 import io.grpc.Metadata;
+import io.netty.channel.ChannelHandlerContext;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.function.Function;
@@ -29,6 +30,8 @@
 import org.apache.rocketmq.auth.authentication.manager.AuthenticationMetadataManagerImpl;
 import org.apache.rocketmq.auth.authentication.provider.AuthenticationMetadataProvider;
 import org.apache.rocketmq.auth.authentication.provider.AuthenticationProvider;
+import org.apache.rocketmq.auth.authentication.strategy.AuthenticationStrategy;
+import org.apache.rocketmq.auth.authentication.strategy.StatefulAuthenticationStrategy;
 import org.apache.rocketmq.auth.config.AuthConfig;
 import org.apache.rocketmq.remoting.protocol.RemotingCommand;
 
@@ -103,6 +106,19 @@ public static AuthenticationEvaluator getEvaluator(AuthConfig config, Supplier<?
         return computeIfAbsent(EVALUATOR_PREFIX + config.getConfigName(), key -> new AuthenticationEvaluator(config, metadataService));
     }
 
+    @SuppressWarnings("unchecked")
+    public static AuthenticationStrategy getStrategy(AuthConfig config, Supplier<?> metadataService) {
+        try {
+            Class<? extends AuthenticationStrategy> clazz = StatefulAuthenticationStrategy.class;
+            if (StringUtils.isNotBlank(config.getAuthenticationStrategy())) {
+                clazz = (Class<? extends AuthenticationStrategy>) Class.forName(config.getAuthenticationStrategy());
+            }
+            return clazz.getDeclaredConstructor(AuthConfig.class, Supplier.class).newInstance(config, metadataService);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     public static AuthenticationContext newContext(AuthConfig config, Metadata metadata, GeneratedMessageV3 request) {
         AuthenticationProvider<AuthenticationContext> authenticationProvider = getProvider(config);
         if (authenticationProvider == null) {
@@ -111,12 +127,12 @@ public static AuthenticationContext newContext(AuthConfig config, Metadata metad
         return authenticationProvider.newContext(metadata, request);
     }
 
-    public static AuthenticationContext newContext(AuthConfig config, RemotingCommand command) {
+    public static AuthenticationContext newContext(AuthConfig config, ChannelHandlerContext context, RemotingCommand command) {
         AuthenticationProvider<AuthenticationContext> authenticationProvider = getProvider(config);
         if (authenticationProvider == null) {
             return null;
         }
-        return authenticationProvider.newContext(command);
+        return authenticationProvider.newContext(context, command);
     }
 
     @SuppressWarnings("unchecked")

auth/src/main/java/org/apache/rocketmq/auth/authentication/provider/AuthenticationProvider.java

@@ -18,6 +18,7 @@
 
 import com.google.protobuf.GeneratedMessageV3;
 import io.grpc.Metadata;
+import io.netty.channel.ChannelHandlerContext;
 import java.util.concurrent.CompletableFuture;
 import java.util.function.Supplier;
 import org.apache.rocketmq.auth.config.AuthConfig;
@@ -31,5 +32,5 @@ public interface AuthenticationProvider<AuthenticationContext> {
 
     AuthenticationContext newContext(Metadata metadata, GeneratedMessageV3 request);
 
-    AuthenticationContext newContext(RemotingCommand command);
+    AuthenticationContext newContext(ChannelHandlerContext context, RemotingCommand command);
 }

auth/src/main/java/org/apache/rocketmq/auth/authentication/provider/DefaultAuthenticationProvider.java

@@ -18,6 +18,7 @@
 
 import com.google.protobuf.GeneratedMessageV3;
 import io.grpc.Metadata;
+import io.netty.channel.ChannelHandlerContext;
 import java.util.concurrent.CompletableFuture;
 import java.util.function.Supplier;
 import org.apache.rocketmq.auth.authentication.builder.AuthenticationContextBuilder;
@@ -52,8 +53,8 @@ public DefaultAuthenticationContext newContext(Metadata metadata, GeneratedMessa
     }
 
     @Override
-    public DefaultAuthenticationContext newContext(RemotingCommand command) {
-        return this.authenticationContextBuilder.build(command);
+    public DefaultAuthenticationContext newContext(ChannelHandlerContext context, RemotingCommand command) {
+        return this.authenticationContextBuilder.build(context, command);
     }
 
     protected HandlerChain<DefaultAuthenticationContext, CompletableFuture<Void>> newHandlerChain() {

auth/src/main/java/org/apache/rocketmq/auth/authentication/strategy/AbstractAuthenticationStrategy.java

@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rocketmq.auth.authentication.strategy;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.function.Supplier;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.rocketmq.auth.authentication.context.AuthenticationContext;
+import org.apache.rocketmq.auth.authentication.exception.AuthenticationException;
+import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
+import org.apache.rocketmq.auth.authentication.provider.AuthenticationProvider;
+import org.apache.rocketmq.auth.config.AuthConfig;
+import org.apache.rocketmq.common.utils.ExceptionUtils;
+
+public abstract class AbstractAuthenticationStrategy implements AuthenticationStrategy {
+
+    protected final AuthConfig authConfig;
+    protected final List<String> authenticationWhitelist = new ArrayList<>();
+    protected final AuthenticationProvider<AuthenticationContext> authenticationProvider;
+
+    public AbstractAuthenticationStrategy(AuthConfig authConfig, Supplier<?> metadataService) {
+        this.authConfig = authConfig;
+        this.authenticationProvider = AuthenticationFactory.getProvider(authConfig);
+        if (this.authenticationProvider != null) {
+            this.authenticationProvider.initialize(authConfig, metadataService);
+        }
+        if (StringUtils.isNotBlank(authConfig.getAuthenticationWhitelist())) {
+            String[] whitelist = StringUtils.split(authConfig.getAuthenticationWhitelist(), ",");
+            for (String rpcCode : whitelist) {
+                this.authenticationWhitelist.add(StringUtils.trim(rpcCode));
+            }
+        }
+    }
+
+    protected void doEvaluate(AuthenticationContext context) {
+        if (context == null) {
+            return;
+        }
+        if (!authConfig.isAuthenticationEnabled()) {
+            return;
+        }
+        if (this.authenticationProvider == null) {
+            return;
+        }
+        if (this.authenticationWhitelist.contains(context.getRpcCode())) {
+            return;
+        }
+        try {
+            this.authenticationProvider.authenticate(context).join();
+        } catch (AuthenticationException ex) {
+            throw ex;
+        } catch (Throwable ex) {
+            Throwable exception = ExceptionUtils.getRealException(ex);
+            if (exception instanceof AuthenticationException) {
+                throw (AuthenticationException) exception;
+            }
+            throw new AuthenticationException("Failed to authentication the request", exception);
+        }
+    }
+}

auth/src/main/java/org/apache/rocketmq/auth/authentication/strategy/AuthenticationStrategy.java

@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rocketmq.auth.authentication.strategy;
+
+import org.apache.rocketmq.auth.authentication.context.AuthenticationContext;
+
+public interface AuthenticationStrategy {
+
+    void evaluate(AuthenticationContext context);
+}