Mark ALL_PERMITTED privilege provider as deprecated (#33231)

apache · Oct 13, 2024 · 3789f06 · 3789f06
1 parent cf2afaf
commit 3789f06
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 23 deletions.
diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md
@@ -9,8 +9,8 @@ weight = 1
 
 得益于 ShardingSphere 的可插拔架构，Proxy 提供了两种级别的权限提供者，分别是：
 
-- `ALL_PERMITTED`：每个用户都拥有所有权限，无需专门授权；
-- `DATABASE_PERMITTED`：为用户授予指定逻辑库的权限，通过 `user-database-mappings` 进行定义。
+- `ALL_PERMITTED`：每个用户都拥有所有权限，无需专门授权；（将在未来版本中删除）
+- `DATABASE_PERMITTED`：为用户授予指定逻辑库的权限，通过 `user-database-mappings` 进行定义。（推荐使用）
 
 在配置 `authority` 时，管理员可根据需要选择使用哪一种权限提供者。
 
@@ -79,7 +79,7 @@ authority:
 
 ### 授权配置
 
-#### ALL_PERMITTED
+#### ALL_PERMITTED （将在未来版本中删除）
 
 ```yaml
 authority:
@@ -97,26 +97,25 @@ authority:
 - 未定义 `authenticators` 和 `authenticationMethodName`，Proxy 将根据前端协议自动选择;
 - 指定权限提供者为 `ALL_PERMITTED`。
 
-#### DATABASE_PERMITTED
+#### DATABASE_PERMITTED （推荐使用）
 
 ```yaml
 authority:
   users:
     - user: root@127.0.0.1
       password: root
+      admin: true
     - user: sharding
       password: sharding
+    - user: test
+      password: sharding
   privilege:
     type: DATABASE_PERMITTED
     props:
-      user-database-mappings: root@127.0.0.1=*, sharding@%=test_db, sharding@%=sharding_db
+      user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db
 ```
 
 说明：
-- 定义了两个用户：`root@127.0.0.1` 和 `sharding`；
+- 定义了一个超级用户 `root@127.0.0.1` 和两个普通用户：`sharding` 和 `test`；
 - 未定义 `authenticators` 和 `authenticationMethodName`，Proxy 将根据前端协议自动选择；
-- 指定权限提供者为 `DATABASE_PERMITTED`，并授权 `root@127.0.0.1` 用户访问所有逻辑库(`*`)，sharding 用户仅能访问 test_db 和 sharding_db。
-
-## 相关参考
-
-权限提供者具体实现可以参考 [权限提供者](/cn/user-manual/shardingsphere-proxy/yaml-config/authority/)。
+- 指定权限提供者为 `DATABASE_PERMITTED`，并授权 `sharding@%` 用户访问所有逻辑库(`*`)，test 用户仅能访问 test_db 和 sharding_db。
diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md
@@ -9,8 +9,8 @@ In ShardingSphere-Proxy, user authentication and authorization information is co
 
 Thanks to ShardingSphere's pluggable architecture, Proxy provides two levels of privilege providers, namely: 
 
-- `ALL_PERMITTED`: each user has all privileges without special authorization.
-- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`.
+- `ALL_PERMITTED`: each user has all privileges without special authorization. (Will be removed in a future version)
+- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`. (Recommended)
 
 The administrator can choose which privilege provider to use as needed when configuring `authority`. 
 
@@ -49,7 +49,6 @@ Explanation:
 - `authenticationMethodName` is not specified for `root@127.0.0.1`, Proxy will automatically choose the authentication method according to the frontend protocol;
 - Privilege provider is not specified, the default `ALL_PERMITTED` will be used;
 
-
 ### Authentication configuration
 
 The custom authentication configuration allows users to greater leeway to set their own custom configurations according to their scenarios. 
@@ -80,7 +79,7 @@ Explanation:
 
 ### Authorization configuration
 
-#### ALL_PERMITTED
+#### ALL_PERMITTED (Will be removed in a future version)
 
 ```yaml
 authority:
@@ -98,26 +97,25 @@ Explanation:
 - `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;
 - The privilege provider `ALL_PERMITTED` is specified.
 
-#### DATABASE_PERMITTED
+#### DATABASE_PERMITTED (Recommended)
 
 ```yaml
 authority:
   users:
     - user: root@127.0.0.1
       password: root
+      admin: true
     - user: sharding
       password: sharding
+    - user: test
+      password: sharding
   privilege:
     type: DATABASE_PERMITTED
     props:
-      user-database-mappings: root@127.0.0.1=*, sharding@%=test_db, sharding@%=sharding_db
+      user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db
 ```
 
 Explanation:
-- Two users are defined: `root@127.0.0.1` and `sharding`;
+- Three users are defined: `root@127.0.0.1`, `sharding` and `test`, which `root@127.0.0.1` is an admin user;
 - `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;
-- The privilege provider `DATABASE_PERMITTED` is specified, authorize `root@127.0.0.1` to access all logical databases (`*`), and user `sharding` can only access `test_db` and `sharding_db`.
-
-## Related References
-
-Please refer to [Authority Provider](/en/user-manual/shardingsphere-proxy/yaml-config/authority/) for the specific implementation of authority provider.
+- The privilege provider `DATABASE_PERMITTED` is specified, authorize `sharding@%` to access all logical databases (`*`), and user `test` can only access `test_db` and `sharding_db`.
diff --git a/...va/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java b/...va/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java
@@ -27,7 +27,10 @@
 
 /**
  * All permitted privilege provider.
+ *
+ * @deprecated Use DatabasePermittedPrivilegeProvider instead.
  */
+@Deprecated
 public final class AllPermittedPrivilegeProvider implements PrivilegeProvider {
 
     @Override