5.1.0 版本开启了acl，但是客户端错误账号也可以访问

### Before Creating the Bug Report

- [X] I found a bug, not just asking a question, which should be created in [GitHub Discussions](https://github.com/apache/rocketmq/discussions).

- [X] I have searched the [GitHub Issues](https://github.com/apache/rocketmq/issues) and [GitHub Discussions](https://github.com/apache/rocketmq/discussions)  of this repository and believe that this is not a duplicate.

- [X] I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ.


### Runtime platform environment

Linux centos7 version 3.10.0-514.6.2.el7.x86_64

### RocketMQ version

5.1.0

### JDK Version

1.8.0_11

### Describe the Bug

rocketMQ服务端启用了acl，但是客户端即便使用错误的账号也可以发布、接收消息

### Steps to Reproduce

1. rocketMQ，部署在Linux服务器上，单组节点单副本Local模式部署
1. 启用acl：`conf/broker.conf`文件，增加：`aclEnable = true`
1. 客户端使用 `rocketmq-client-java.5.0.5.jar`


broker启动日志：
_2023-05-17 10:49:59 INFO main - transactionOpBatchInterval=3000
2023-05-17 10:49:59 INFO main - aclEnable=true
2023-05-17 10:49:59 INFO main - storeReplyMessageEnable=true
..........
2023-05-17 10:50:00 INFO main - Broker plain acl conf data is : {"dataVersion":[{"counter":5,"timestamp":1684290520350}],"accounts":[{"accessKey":"RocketMQ","secretKey":12345678,"admin":false,"defaultTopicPerm":"DENY","defaultGroupPerm":"SUB","topicPerms":["topicA=DENY","topicB=PUB|SUB","topicC=SUB"],"groupPerms":["groupA=DENY","groupB=PUB|SUB","groupC=SUB"]},{"accessKey":"bugCatsadmin","secretKey":"12345678","admin":true},{"accessKey":"rocketmq2","secretKey":"12345678","admin":true}]}
2023-05-17 10:50:00 INFO main - The default acl dir /usr/local/rocketmq/rocketmq-5.1.0/conf/acl is not exist
2023-05-17 10:50:00 INFO main - Try to start service thread:AclFileWatchService started:false lastThread:null
2023-05-17 10:50:00 INFO main - Succeed to start AclFileWatchService
2023-05-17 10:50:00 INFO AclFileWatchService - AclFileWatchService service started
......._



在自己电脑，访问部署在公网上的rocketMq服务端，采用`rocketmq-client-java.5.0.5.jar`包中的示例代码：`org.apache.rocketmq.client.java.example.PushConsumerExample`。**无论使用什么账号密钥，都可以正常发布、接收消息**。

当客户端连接上时日志：
_2023-05-17 10:53:05 INFO GrpcClientManagerThreadPool-0 - new consumer connected, group: tmcGroup CONSUME_PASSIVELY CLUSTERING channel: ClientChannelInfo [channel=GrpcClientChannel{clientId=bugcat@16088@0@566ixygv0z, remoteAddress=171.113.110.88:39414, localAddress=172.17.11.27:15891}, clientId=bugcat@16088@0@566ixygv0z, language=JAVA, version=433, lastUpdateTimestamp=1684291985413]_




### What Did You Expect to See?

只有正常账号密钥才能访问rocketmq服务端

### What Did You See Instead?

无论使用什么账号密钥，都可以正常发布、接收消息

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

5.1.0 版本开启了acl，但是客户端错误账号也可以访问 #6768

Before Creating the Bug Report

Runtime platform environment

RocketMQ version

JDK Version

Describe the Bug

Steps to Reproduce

What Did You Expect to See?

What Did You See Instead?

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

5.1.0 版本开启了acl，但是客户端错误账号也可以访问 #6768

Description

Before Creating the Bug Report

Runtime platform environment

RocketMQ version

JDK Version

Describe the Bug

Steps to Reproduce

What Did You Expect to See?

What Did You See Instead?

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions