RocketMQ开启ACL鉴权

已于 2024-08-22 00:27:03 修改
阅读量908 收藏 5
点赞数 8
分类专栏: spring cloud alibaba rocketmq Java 文章标签: rocketmq java spring cloud
于 2024-08-22 00:07:28 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/yh_zeng2/article/details/141404353
版权

1、修改conf/broker.conf文件,添加 aclEnable = true,如下:

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
#开启ACL鉴权
aclEnable = true

2、修改conf/plain_acl.yml文件配置权限,如下:

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

#白名单中,不会走acl鉴权
globalWhiteRemoteAddresses:
- 10.10.103.*
- 192.168.0.*

accounts:
- accessKey: RocketMQ
  secretKey: 12345678
  whiteRemoteAddress:
  admin: false
  defaultTopicPerm: DENY
  defaultGroupPerm: SUB
  topicPerms:
  - topicA=DENY
  - topicB=PUB|SUB
  - topicC=SUB
  groupPerms:
  # the group should convert to retry topic
  - groupA=DENY
  - groupB=PUB|SUB
  - groupC=SUB

- accessKey: rocketmq2
  secretKey: 12345678
  whiteRemoteAddress: 192.168.1.*
  # if it is admin, it could access all resources
  admin: true

3、启动broker指定配置文件

E:\tools\rocketmq-all-4.5.1-bin-release\bin>start mqbroker.cmd -n 127.0.0.1:9876
  -c ../conf/broker.conf autoCreateTopicEnable=true

4、生产者直接发送消息会报错,因为没有配置RocketMQ的账号和密码

报错信息如下:

org.apache.rocketmq.client.exception.MQBrokerException: CODE: 1  DESC: org.apache.rocketmq.acl.common.AclException: No accessKey is configured, org.apache.rocketmq.acl.plain.PlainPermissionLoader.validate(PlainPermissionLoader.java:194)
For more information, please visit the url, http://rocketmq.apache.org/docs/faq/
	at org.apache.rocketmq.client.impl.MQClientAPIImpl.processSendResponse(MQClientAPIImpl.java:565) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.MQClientAPIImpl.sendMessageSync(MQClientAPIImpl.java:361) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.MQClientAPIImpl.sendMessage(MQClientAPIImpl.java:343) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.MQClientAPIImpl.sendMessage(MQClientAPIImpl.java:297) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.sendKernelImpl(DefaultMQProducerImpl.java:831) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.sendDefaultImpl(DefaultMQProducerImpl.java:557) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.send(DefaultMQProducerImpl.java:1310) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.send(DefaultMQProducerImpl.java:1256) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.sendMessageInTransaction(DefaultMQProducerImpl.java:1188) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.client.producer.TransactionMQProducer.sendMessageInTransaction(TransactionMQProducer.java:89) ~[rocketmq-client-4.5.1.jar:4.5.1]
	at org.apache.rocketmq.spring.core.RocketMQTemplate.sendMessageInTransaction(RocketMQTemplate.java:593) ~[rocketmq-spring-boot-2.0.3.jar:2.0.3]
	at com.codex.terry.controller.SayController.testRocketMQSendMsgWithTransaction(SayController.java:142) ~[classes/:?]
	at com.codex.terry.controller.SayController$$FastClassBySpringCGLIB$$b8e91a6b.invoke(<generated>) ~[classes/:?]
	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:750) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at com.codex.terry.controller.SayController$$EnhancerBySpringCGLIB$$cfa12d41.testRocketMQSendMsgWithTransaction(<generated>) ~[classes/:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
	at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.1.5.RELEASE.jar:2.1.5.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at com.codex.terry.controller.SayController$$EnhancerBySpringCGLIB$$959880e.testRocketMQSendMsgWithTransaction(<generated>) ~[classes/:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:893) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:798) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:88) ~[spring-boot-actuator-2.1.9.RELEASE.jar:2.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at com.alibaba.csp.sentinel.adapter.servlet.CommonFilter.doFilter(CommonFilter.java:110) ~[sentinel-web-servlet-1.7.1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:94) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:50) ~[spring-cloud-sleuth-core-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at brave.servlet.TracingFilter.doFilter(TracingFilter.java:86) ~[brave-instrumentation-servlet-5.6.1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:114) ~[spring-boot-actuator-2.1.9.RELEASE.jar:2.1.9.RELEASE]
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:104) ~[spring-boot-actuator-2.1.9.RELEASE.jar:2.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.26.jar:9.0.26]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]

5、生产者配置账号密码

修改application.yml文件,添加access-key和secret-key,如下

rocketmq:
  name-server: localhost:9876
  producer:
    group: hello-producer-group
    access-key: rocketmq2
    secret-key: 12345678

重启服务发送消息,如果还报

org.apache.rocketmq.acl.common.AclException: [10015:signature-failed] unable to calculate a request signature. error=[10015:signature-failed] unable to calculate a request signature. error=Algorithm HmacSHA1 not available 错误,解决方案如下:

将D:\Program Files\Java\jdk1.8.0_181\jre\lib\ext\sunjce_provider.jar文件 复制到E:\tools\rocketmq-all-4.5.1-bin-release\lib 目录下即可。

6、消费者配置账号密码

方式一:代码注解配置

package com.codex.terry.rocketmq;

import lombok.extern.slf4j.Slf4j;
import org.apache.rocketmq.spring.annotation.RocketMQMessageListener;
import org.apache.rocketmq.spring.core.RocketMQListener;
import org.springframework.stereotype.Service;

/**
 * 文件名称: SayMsgListener.java
 * 编写人: yh.zeng
 * 编写时间: 2024/7/1 11:37
 * 文件描述: 接收RocketMq消息demo
 */
@Service
@Slf4j
@RocketMQMessageListener(consumerGroup="hello-consumer-group", topic = "say-msg", accessKey = "rocketmq2", secretKey = "12345678")
public class SayMsgListener  implements RocketMQListener<String>
{
    @Override
    public void onMessage(String s) {
       log.info("收到消息:{}", s);
    }
}

方式二:通过application.yml文件指定

rocketmq:
  name-server: localhost:9876
  consumer:
    access-key: rocketmq2
    secret-key: 12345678

详解RocketMQ ACL机制的设计实现原理
林风自在
04-24 1103
从配置使用、实现思路、匹配和校验、源码分析等角度出发,解读RocketMQ ACL机制的设计和实现原理,最后还给出了使用过程中的踩坑经验分享
Spring Boot集成RocketMQ实现普通、延时、事务消息发送接收、PULL消费模式及开启ACL | Spring Cloud 30
gmHappy
03-25 1万+
现在开始我们正式学习`Spring Boot`中集成`RocketMQ`使用,,在本章节主要进行对以下部分讲解说明: - 普通消息的发送接收 - 延时消息的发送接收 - 事务消息的发送接收 - 发送端和接收端开启`ACL` - `PULL`模式消费及`@ExtRocketMQConsumerConfiguration`使用
扩展知识:RocketMQ 如何开启 ACL 验证
超超IT的博客
06-11 1796
RocketMQ 在 4.4.0 版本开始支持 ACL 功能,ACL 验证的主要作用就是保证消息的安全性,实现限控制功能,比如控制可以发送和订阅消息的群体,如某些主题只能被订阅,某些主题只有指定的IP,或者只有携带账号密码才可以订阅和发布等。对于第二个账户rocketmq2,由于设置了admin: true,所以它将拥有对所有资源和主题的访问限,无论是否在topicPerms或groupPerms中明确指定了限。同时,它的IP白名单被限制为192.168.1.*。
docker安装rocketmq 开通acl rocketmq-dashboard
饮冰室人的博客
11-09 2379
docker安装rocketmq 开通acl rocketmq-dashboard
RocketMQ-中间件学习(三)—— 动手尝试
最新发布
m0_46910432的博客
03-04 583
本项目来自Gitee,。环境:JDK17及以上, docker。
rocketmq-console控制台已增加ACL和配置控制台登录验证
02-24
1已增加ACL 2配置控制台登录验证
RocketMQACL 配置
FF-ZERO
05-30 750
rocketmq配置
RocketMQ4.9.2 ACL设计与RocketMQ-Console对接+JAVA使用ACL发送消息
weixin_44121378的博客
02-28 5680
RocketMQ ACL使用指南 一 、什么是ACLACL是access control list的简称,俗称访问控制列表 用户:用户是访问控制的基础要素,也不难理解,RocketMQ ACL 必然也会引入用户的概 念,即支持用户名、密码; 资源:需要保护的对象,在 RocketMQ 中,消息发送涉及的 Topic、消息消费涉及的 消费组,应该进行保护,故可以抽象成资源; 限:针对资源,能进行的操作; 角色:RocketMQ 中,只定义两种是否是管理员 另外,RocketMQ ACL还支持按照客户
docker-compose 搭建RocketMQ 5.1.0 集群开启ACL限控制 | Spring Cloud 29
gmHappy
03-22 1万+
限控制(`ACL`)主要为`RocketMQ`提供`Topic`资源级别的用户访问控制。 用户在使用`RocketMQ`限控制时,可以在`Client`客户端通过 `RPCHook`注入`AccessKey`和`SecretKey签名`;同时,将对应的限控制属性(包括:`Topic访问限`、`IP白名单`和`AccessKey`和`SecretKey签名`等)设置在`distribution/conf/plain_acl.yml`的配置文件中。
RocketMQ进阶(三)
小萝卜.的博客
08-10 5763
今天的博客主题 MQ消息中间件 --》RocketMQ --》RocketMQ进阶(三) 本文主要讲解RocketMQACL和生产者消费者实现ACLACL底层实现原理刨根问底 ACL介绍(访问控制列表) 该特性主要为 RocketMQ 提供限访问控制。 用户可以通过 yml 配置文件来定义限访问的相关属性,包括白名单 IP 地址、用户的 AK/SK 访问秘钥对、...
RocketMQ集群ACL设置
shykevin的博客
08-18 547
一、概述 因安全需求,需要对RocketMQ添加ACL设置 注意:ACL功能需要高版本支持,低版本不行,本文使用的版本为4.9.4 关于搭建RocketMQ集群,请参考链接:https://www.cnblogs.com/xiao987334176/p/16771899.html 二、配置 修改配置文件broker-a/broker-a.conf,broker-b/broker-b.conf最后...
RocketMQ 4.9.4使用(三)开启ACL验证
q283614346的博客
08-26 3684
rocketMQ开启ACL验证
RocketMQ ACL使用指南
热门推荐
中间件兴趣圈
06-30 2万+
详细介绍RocketMQ acl访问控制列表的流程图、plain_acl.yml文件各配置项的详细介绍、限匹配验证流程与acl使用示例。
Docker版部署RocketMQ开启ACL验证
qq_36854073的博客
09-27 1247
Docker版部署RocketMQ开启ACL验证
RocketMQ 单机源码部署 自定义配置文件和端口以及acl限配置解析
qq_45514735的博客
08-14 5415
【代码】RocketMQ 单机源码部署 自定义配置文件和端口以及acl限配置解析。
RocketMQ 消息过滤、存储和ACL
这个需求,做不了
10-07 1025
使用消息过滤的方式,即可在 MQ 服务端进行消息的过滤,将消息投递给特定的消费者,使每个消费者只需关注与自身相关的消息进行消费。tag 标签过滤方式为,生产者发送消息时为消息设置一个 Tag 标签,消费者在消费时匹配该 Tag ,如果匹配则消费发送给该消费者,如果不匹配则不发送。注2:对于某个资源(比如:topic),如果有其对应的限配置,则使用配置的限,如果没有配置则使用默认的限。注意:IP 白名单如果通过,则不会验证签名,如果你要使用签名方式认证,最好就不要设置对应的 IP 白名单。
RocketMQ配置全解(含ACL、Dashboard配置)
Aubrey.J的博客
07-11 1万+
RocketMQ配置全解(含ACL、Dashboard配置) NAME SERVER修改默认端口号 BROKER SERVER支持的配置项如下,如果要使用身份必须开启ACL配置RocketMQ Dashboard 下载源码 https://github.com/apache/rocketmq-dash
RocketMQTemplate中配置mq的acl账号密码
weixin_32822759的博客
07-23 1068
docker安装Elasticsearch+Kibana+密码配置
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值