From eaead07e9ec41b1784e484f5648df08fa57e9b80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E6=B3=BD=E5=AE=87?=
 <zhangzeyu.zzy@alibaba-inc.com>
Date: Wed, 15 Jan 2025 15:51:49 +0800
Subject: [PATCH] [ISSUE #9133] Credentials enhancement

---
 .../rocketmq/acl/common/AclClientRPCHook.java | 11 +++++--
 .../common/SessionCredentialsProvider.java    |  5 ++++
 .../StaticSessionCredentialsProvider.java     | 30 +++++++++++++++++++
 .../acl/common/AclClientRPCHookTest.java      |  2 +-
 4 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 acl/src/main/java/org/apache/rocketmq/acl/common/SessionCredentialsProvider.java
 create mode 100644 acl/src/main/java/org/apache/rocketmq/acl/common/StaticSessionCredentialsProvider.java

diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/AclClientRPCHook.java b/acl/src/main/java/org/apache/rocketmq/acl/common/AclClientRPCHook.java
index 294db4f069a..3c8caf5edc1 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/common/AclClientRPCHook.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/AclClientRPCHook.java
@@ -27,14 +27,19 @@
 import static org.apache.rocketmq.acl.common.SessionCredentials.SIGNATURE;
 
 public class AclClientRPCHook implements RPCHook {
-    private final SessionCredentials sessionCredentials;
+    private final SessionCredentialsProvider sessionCredentialsProvider;
 
     public AclClientRPCHook(SessionCredentials sessionCredentials) {
-        this.sessionCredentials = sessionCredentials;
+        this.sessionCredentialsProvider = new StaticSessionCredentialsProvider(sessionCredentials);
+    }
+
+    public AclClientRPCHook(SessionCredentialsProvider sessionCredentialsProvider) {
+        this.sessionCredentialsProvider = sessionCredentialsProvider;
     }
 
     @Override
     public void doBeforeRequest(String remoteAddr, RemotingCommand request) {
+        SessionCredentials sessionCredentials = this.sessionCredentialsProvider.getSessionCredentials();
         // Add AccessKey and SecurityToken into signature calculating.
         request.addExtField(ACCESS_KEY, sessionCredentials.getAccessKey());
         // The SecurityToken value is unnecessary,user can choose this one.
@@ -59,6 +64,6 @@ protected SortedMap<String, String> parseRequestContent(RemotingCommand request)
     }
 
     public SessionCredentials getSessionCredentials() {
-        return sessionCredentials;
+        return this.sessionCredentialsProvider.getSessionCredentials();
     }
 }
diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/SessionCredentialsProvider.java b/acl/src/main/java/org/apache/rocketmq/acl/common/SessionCredentialsProvider.java
new file mode 100644
index 00000000000..5e8e413b83d
--- /dev/null
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/SessionCredentialsProvider.java
@@ -0,0 +1,5 @@
+package org.apache.rocketmq.acl.common;
+
+public interface SessionCredentialsProvider {
+    SessionCredentials getSessionCredentials();
+}
diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/StaticSessionCredentialsProvider.java b/acl/src/main/java/org/apache/rocketmq/acl/common/StaticSessionCredentialsProvider.java
new file mode 100644
index 00000000000..905ac92a169
--- /dev/null
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/StaticSessionCredentialsProvider.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rocketmq.acl.common;
+
+public class StaticSessionCredentialsProvider implements SessionCredentialsProvider {
+    private final SessionCredentials sessionCredentials;
+
+    public StaticSessionCredentialsProvider(SessionCredentials sessionCredentials) {
+        this.sessionCredentials = sessionCredentials;
+    }
+
+    @Override
+    public SessionCredentials getSessionCredentials() {
+        return this.sessionCredentials;
+    }
+}
diff --git a/acl/src/test/java/org/apache/rocketmq/acl/common/AclClientRPCHookTest.java b/acl/src/test/java/org/apache/rocketmq/acl/common/AclClientRPCHookTest.java
index 9789ed191c4..472f1fbf73d 100644
--- a/acl/src/test/java/org/apache/rocketmq/acl/common/AclClientRPCHookTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/common/AclClientRPCHookTest.java
@@ -36,7 +36,7 @@
 public class AclClientRPCHookTest {
     protected ConcurrentHashMap<Class<? extends CommandCustomHeader>, Field[]> fieldCache =
         new ConcurrentHashMap<>();
-    private AclClientRPCHook aclClientRPCHook = new AclClientRPCHook(null);
+    private AclClientRPCHook aclClientRPCHook = new AclClientRPCHook((SessionCredentials) null);
 
     @Test
     public void testParseRequestContent() {