我正在尝试了解如何正确填充主题的 authorizationEntry 条目。我已经阅读了本页的详细信息[通配符语法] [1]
ActiveMQ 5.14.3作为Docker容器运行
截至目前,我已经设置了以下用户(cpe = client,co = server)
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager" groups="co,cpe,admins"/>
<authenticationUser username="wbhms" password="password" groups="co"/>
<authenticationUser username="kpi" password="password" groups="co"/>
<authenticationUser username="cpeuser" password="password" groups="cpe"/>
</users>
</simpleAuthenticationPlugin>
我的 authorizationPlugin 定义如下,以决定谁可以读写每个主题。
主题都以标识客户端设备的字符串为前缀。因此,对于主题 kpi.lte.gzipjson 的设备 000295-0123456789 ,完整主题名称将为 000295-0123456789.kpi.lte.gzipjson 。
所以我的想法是在主题属性前加上*,如下所示,以便考虑所有设备。
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry topic=">" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
<authorizationEntry topic="*.will.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.lte.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.lte.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.bt.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.bt.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.ble.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.ble.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.lte.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.lte.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.bt.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.bt.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.ble.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.ble.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.scans.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.scans.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.tasks.gzipjson>" read="cpe" write="co" admin="admins,co"/>
<authorizationEntry topic="*.tasks.json>" read="cpe" write="co" admin="admins,co"/>
<authorizationEntry topic="*.acks.gzipjson>" read="co" write="cpe" admin="admins,co"/>
<authorizationEntry topic="*.acks.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.messages.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.messages.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
但是,当我的服务器和客户端尝试订阅时,会抛出所有主题的异常。这是我在日志中看到的众多错误之一。
WARN | Security Error occurred on connection to: tcp://11.157.3.9:48396, User wbhms is not authorized to read from: topic://*.will.gzipjson
WARN | Error subscribing to +/will/gzipjson
java.lang.SecurityException: User wbhms is not authorized to read from: topic://*.will.gzipjson
at org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:159)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:108)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:706)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:351)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:336)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:45)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.onCommand(MQTTInactivityMonitor.java:162)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.sendToActiveMQ(MQTTTransportFilter.java:106)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.sendToActiveMQ(MQTTProtocolConverter.java:181)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.doSubscribe(AbstractMQTTSubscriptionStrategy.java:210)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.MQTTDefaultSubscriptionStrategy.onSubscribe(MQTTDefaultSubscriptionStrategy.java:72)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.onSubscribe(AbstractMQTTSubscriptionStrategy.java:118)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onSubscribe(MQTTProtocolConverter.java:387)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onMQTTCommand(MQTTProtocolConverter.java:213)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.onCommand(MQTTTransportFilter.java:94)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.14.3.jar:5.14.3]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
如果我按如下方式修改第一个条目,我可以写主题
<authorizationEntry topic=">" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
答案 0 :(得分:1)
感谢@HassenBennour,我找到了一个解决方案。一切都很好。
我的工作条目如下
<authorizationEntries>
<authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
<authorizationEntry topic="*.will.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.kpi.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.sightings.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.scans.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.tasks.>" read="cpe" write="co" admin="co,cpe"/>
<authorizationEntry topic="*.acks.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.messages.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.errors.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
</authorizationEntries>