emq acl校验

本文主要是介绍emq acl校验，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

访问控制(ACL)

EMQ 消息服务器通过 ACL(Access Control List) 实现 MQTT 客户端访问控制。

ACL 访问控制规则定义:

 允许(Allow)|拒绝(Deny) 谁(Who) 订阅(Subscribe)|发布(Publish) 主题列表(Topics)  

MQTT 客户端发起订阅/发布请求时，EMQ 消息服务器的访问控制模块，会逐条匹配 ACL 规则，直到匹配成功为止:

           ---------              ---------              ---------
Client -> | Rule1 | --nomatch--> | Rule2 | --nomatch--> | Rule3 | --> Default --------- --------- --------- | | | match match match \|/ \|/ \|/ allow | deny allow | deny allow | deny  

默认访问控制设置

EMQ 消息服务器默认访问控制，在 etc/emq.conf 中设置:

 ## ACL nomatch
mqtt.acl_nomatch = allow
 

## Default ACL File
mqtt.acl_file = etc/acl.conf

ACL 规则定义在 etc/acl.conf，EMQ 启动时加载到内存:

 %% Allow 'dashboard' to subscribe '$SYS/#'
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.  

%% Allow clients from localhost to subscribe any topics
{allow, {ipaddr, “127.0.0.1”}, pubsub, ["$SYS/#", “#”]}.

%% Deny clients to subscribe ' $KaTeX parse error: Expected 'EOF', got '#' at position 4: SYS#̲' and '#' <span\dots$ SYS/#", {eq, “#”}]}.

%% Allow all by default
{allow, all}.

HTTP 插件访问控制

注解

开启 HTTP 插件后，会终结 ACL 链

HTTP API 实现访问控制: https://github.com/emqtt/emq_auth_http

配置 etc/plugins/emq_auth_http.conf, 启用 HTTP 认证插件后:

 ## 'access' parameter: sub = 1, pub = 2
auth.http.acl_req = http://127.0.0.1:8080/mqtt/acl
auth.http.acl_req.method = get auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t  

MySQL 插件访问控制

MySQL 插件访问控制，通过 mqtt_acl 表定义 ACL 规则:

 CREATE TABLE `mqtt_acl` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow', `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress', `username` varchar(100) DEFAULT NULL COMMENT 'Username', `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId', `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub', `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  

INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
VALUES
(1,1,NULL,‘ $KaTeX parse error: Expected 'EOF', got '#' at position 112: \dotsan class="s1">'#̲'<span class="p\dots$ all’,NULL,1,‘ $KaTeX parse error: Expected 'EOF', got '#' at position 5: SYS/#̲'<span class="p\dots$ all’,NULL,1,‘eq #’),
(5,1,‘127.0.0.1’,NULL,NULL,2,‘ $KaTeX parse error: Expected 'EOF', got '#' at position 5: SYS/#̲'<span class="p\dots$ SYS/#’);

etc/plugins/emq_auth_mysql.conf 配置 ‘acl_query’ 与 ‘acl_nomatch’:

 ## ACL Query Command
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
 

Postgre 插件访问控制

PostgreSQL 插件访问控制，通过 mqtt_acl 表定义 ACL 规则:

 CREATE TABLE mqtt_acl (id SERIAL primary key, allow integer, ipaddr character varying(60), username character varying(100), clientid character varying(100), access integer, topic character varying(100) );  

etc/plugins/emq_auth_pgsql.conf 设置 ‘acl_query’ 与 ‘acl_nomatch’:

 ## ACL Query. Comment this query, the acl will be disabled.
auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
 

Redis 插件访问控制

Redis Hash 存储一个 MQTT 客户端的访问控制规则:

 HSET mqtt_acl:<username> topic1 1 HSET mqtt_acl:<username> topic2 2 HSET mqtt_acl:<username> topic3 3  

etc/plugins/emq_auth_redis.conf 配置 ‘acl_cmd’ 与 ‘acl_nomatch’:

 ## ACL Query Command
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
 

MongoDB 插件访问控制

MongoDB 数据库创建 mqtt_acl 集合:

 {username: "username",clientid: "clientid", publish: ["topic1", "topic2", ...], subscribe: ["subtop1", "subtop2", ...], pubsub: ["topic/#", "topic1", ...] }  

mqtt_acl 集合插入数据，例如:

 db.mqtt_acl.insert({username: "test", publish: ["t/1", "t/2"], subscribe: ["user/%u", "client/%c"]}) db.mqtt_acl.insert({username: "admin", pubsub: ["#"]})  

etc/plugins/emq_auth_mongo.conf 配置 ‘acl_query’ 与 ‘acl_nomatch’:

 ## acl_query
auth.mongo.acl_query.collection = mqtt_user
 

auth.mongo.acl_query.selector = username=%u

这篇关于emq acl校验的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

emq acl校验

访问控制(ACL)

默认访问控制设置

HTTP 插件访问控制

MySQL 插件访问控制

Postgre 插件访问控制

Redis 插件访问控制

MongoDB 插件访问控制

相关文章

Java使用ANTLR4对Lua脚本语法校验详解

SpringValidation数据校验之约束注解与分组校验方式

SpringBoot利用@Validated注解优雅实现参数校验

Java进行文件格式校验的方案详解

Java中使用注解校验手机号格式的详细指南

Spring常见错误之Web嵌套对象校验失效解决办法

spring 参数校验Validation示例详解

校验码：奇偶校验，CRC循环冗余校验，海明校验码

网络学习-eNSP配置ACL

综合DHCP、ACL、NAT、Telnet和PPPoE进行网络设计练习