ActiveMQ主题通配符无效
ActiveMQ主题通配符无效
提问于 2017-05-03 13:20:34
我试图了解如何正确地填充主题的authorizationEntry条目。我已经阅读了这个页面的细节通配符语法
ActiveMQ 5.14.3作为码头容器运行
到目前为止,我已经设置了以下用户(cpe = client,co = server)
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager" groups="co,cpe,admins"/>
<authenticationUser username="wbhms" password="password" groups="co"/>
<authenticationUser username="kpi" password="password" groups="co"/>
<authenticationUser username="cpeuser" password="password" groups="cpe"/>
</users>
</simpleAuthenticationPlugin>我的authorizationPlugin定义如下,以决定谁可以读写每个主题。
这些主题都以标识客户端设备的字符串为前缀。因此,对于topic kpi.lte.gzipjson上的设备kpi.lte.gzipjson,完整的主题名将是000295-0123456789.kpi.lte.gzipjson.
因此,我的想法是在主题属性的前缀加上*,如您在下面看到的,以说明所有的设备。
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry topic=">" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
<authorizationEntry topic="*.will.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.lte.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.lte.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.bt.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.bt.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.ble.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.ble.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.kpi.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.lte.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.lte.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.bt.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.bt.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.ble.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.ble.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.sightings.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.scans.wifi.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.scans.wifi.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.tasks.gzipjson>" read="cpe" write="co" admin="admins,co"/>
<authorizationEntry topic="*.tasks.json>" read="cpe" write="co" admin="admins,co"/>
<authorizationEntry topic="*.acks.gzipjson>" read="co" write="cpe" admin="admins,co"/>
<authorizationEntry topic="*.acks.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.messages.gzipjson>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="*.messages.json>" read="co" write="cpe" admin="admins,cpe"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>但是,当我的服务器和客户端试图订阅所有主题的异常时,都会抛出异常。这是我在日志中看到的许多错误之一。
WARN | Security Error occurred on connection to: tcp://11.157.3.9:48396, User wbhms is not authorized to read from: topic://*.will.gzipjson
WARN | Error subscribing to +/will/gzipjson
java.lang.SecurityException: User wbhms is not authorized to read from: topic://*.will.gzipjson
at org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:159)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:108)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:706)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:351)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:336)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)[activemq-broker-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:45)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.onCommand(MQTTInactivityMonitor.java:162)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.sendToActiveMQ(MQTTTransportFilter.java:106)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.sendToActiveMQ(MQTTProtocolConverter.java:181)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.doSubscribe(AbstractMQTTSubscriptionStrategy.java:210)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.MQTTDefaultSubscriptionStrategy.onSubscribe(MQTTDefaultSubscriptionStrategy.java:72)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.onSubscribe(AbstractMQTTSubscriptionStrategy.java:118)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onSubscribe(MQTTProtocolConverter.java:387)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onMQTTCommand(MQTTProtocolConverter.java:213)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.onCommand(MQTTTransportFilter.java:94)[activemq-mqtt-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.14.3.jar:5.14.3]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.14.3.jar:5.14.3]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]如果我按如下方式修改第一个条目,我就能够从主题中写入和读取
<authorizationEntry topic=">" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>回答 1
Stack Overflow用户
发布于 2017-05-03 16:15:38
多亏了@HassenBennour,我找到了解决办法。世界上一切都是好的。
我的工作条目集如下
<authorizationEntries>
<authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
<authorizationEntry topic="*.will.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.kpi.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.sightings.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.scans.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.tasks.>" read="cpe" write="co" admin="co,cpe"/>
<authorizationEntry topic="*.acks.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.messages.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="*.errors.>" read="co" write="cpe" admin="cpe"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins,co,cpe" write="admins,co,cpe" admin="admins,co,cpe"/>
</authorizationEntries>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/43761301
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号