EMQX版本:5.3.2
问题日志:
2025-10-13T07:22:44.063252+00:00 [MQTT] normal-client-trace-123@221.181.127.62:22551 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=GW, PacketId=undefined, Payload(hex)=7B0A2020226D7367223A202268656C6C6F2C20776F726C64220A7D)
2025-10-13T07:22:44.063586+00:00 [AUTHZ] normal-client-trace-123@221.181.127.62:22551 msg: authorization_module_nomatch, ipaddr: {221,181,127,62}, module: emqx_authz_client_info, pub_sub: [action_type: publish, qos: 0, retain: false], topic: GW, username: admin
2025-10-13T07:22:44.076061+00:00 [PUBLISH] normal-client-trace-123@221.181.127.62:22551 msg: publish_to, topic: GW, payload: 7B0A2020226D7367223A202268656C6C6F2C20776F726C64220A7D
2025-10-13T07:22:51.420223+00:00 [MQTT] normal-client-trace-123@221.181.127.62:22551 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=test, PacketId=undefined, Payload(hex)=7B0A2020226D7367223A202268656C6C6F2C20776F726C64220A7D)
2025-10-13T07:22:51.420723+00:00 [AUTHZ] normal-client-trace-123@221.181.127.62:22551 msg: authorization_module_nomatch, ipaddr: {221,181,127,62}, module: emqx_authz_client_info, pub_sub: [action_type: publish, qos: 0, retain: false], topic: test, username: admin
2025-10-13T07:22:51.447633+00:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 221.181.127.62:22551, clientid: normal-client-trace-123, topic: test, reason: not_authorized
问题描述:我使用EMQX的Exhook来进行授权操作,但是无论结果是deny还是allow,日志中都会出现 “authorization_module_nomatch”。
请问:
1.出现authorization_module_nomatch,是不是说明授权链上前面的授权规则(ACL、MSQL等)均无法断定最终结果,所以会交由Exhook的onClientAuthorize来决定?
2.该日志对业务有什么影响吗?
3.能否去除该日志?
附件:
1.客户端授权配置
2.授权部分代码
@Override
public void onClientAuthorize(ClientAuthorizeRequest request, StreamObserver<ValuedResponse> responseObserver) {
boolean result = true;
String clientId = request.getClientinfo().getClientid();
String topic = request.getTopic();
ClientAuthorizeRequest.AuthorizeReqType reqType = request.getType();
if (ClientAuthorizeRequest.AuthorizeReqType.SUBSCRIBE.equals(request.getType())) {
if ("GW".equals(topic) || "MS".equals(topic)) {
result = false;
} else if (!clientId.startsWith(ClientService.ICLOUD_ACCOUNT_PREFIX) && (topic.contains("#") || topic.contains("+") || topic.contains("$"))) {
result = false;
}
} else if (ClientAuthorizeRequest.AuthorizeReqType.PUBLISH.equals(request.getType())) {
if (topic.length() > 64) {
result = false;
logger.error("Topic too long, clientId: {}, topic: {}", clientId, topic);
}
if (!clientId.startsWith(ClientService.ICLOUD_ACCOUNT_PREFIX) && !clientId.startsWith(ClientService.DEBUG_ACCOUNT_PREFIX)) {
if (!"GW".equals(topic) && !"MS".equals(topic) && !("$SYS/" + clientId + "/MS").equals(topic) && !("$SYS/" + clientId + "/GW").equals(topic) && !topic.startsWith(ClientService.DEBUG_ACCOUNT_PREFIX)) {
result = false;
}
}
}
ValuedResponse reply = ValuedResponse.newBuilder()
.setBoolResult(result)
.setType(ValuedResponse.ResponsedType.STOP_AND_RETURN)
.build();
logger.error("<<< ExHook: onClientAuthorize FINISHED! ClientId={}, Type={}, Topic={}, FinalResult={}", clientId, reqType, topic, result);
responseObserver.onNext(reply);
responseObserver.onCompleted();
}