问题描述
开启HTTP认证后无法订阅主题
环境信息
- EMQ X 版本:4.2.7
- 操作系统及版本:CentOS7
- 其他
相应的配置文件内容
auth.http.auth_req = http://192.168.200.10:8991/mqtt/auth
## Value: post | get | put
auth.http.auth_req.method = post
## Value: Params
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
##--------------------------------------------------------------------
## Superuser request.
##
## Variables:
## - %u: username
## - %c: clientid
## - %a: ipaddress
## - %r: protocol
## - %P: password
## - %p: sockport of server accepted
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## Value: URL
auth.http.super_req = http://192.168.200.10:8991/mqtt/superuser
## Value: post | get | put
auth.http.super_req.method = post
## Value: Params
auth.http.super_req.params = clientid=%c,username=%u
##--------------------------------------------------------------------
## ACL request.
##
## Variables:
## - %A: 1 | 2, 1 = sub, 2 = pub
## - %u: username
## - %c: clientid
## - %a: ipaddress
## - %r: protocol
## - %m: mountpoint
## - %t: topic
##
## Value: URL
auth.http.acl_req = http://192.168.200.10:8991/mqtt/acl
## Value: post | get | put
auth.http.acl_req.method = post
## Value: Params
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
##------------------------------------------------------------------------------
## Http Reqeust options
## Time-out time for the http request, 0 is never timeout.
##
## Value: Duration
## -h: hour, e.g. '2h' for 2 hours
## -m: minute, e.g. '5m' for 5 minutes
## -s: second, e.g. '30s' for 30 seconds
##
## Default: 0
## auth.http.request.timeout = 0
## Connection time-out time, used during the initial request
## when the client is connecting to the server
##
## Value: Duration
##
## Default is same with the timeout option
## auth.http.request.connect_timeout = 0
## Re-send http reuqest times
##
## Value: integer
##
## Default: 3
auth.http.request.retry_times = 3
## The interval for re-sending the http request
##
## Value: Duration
##
## Default: 1s
auth.http.request.retry_interval = 1s
## The 'Exponential Backoff' mechanism for re-sending request. The actually
## re-send time interval is `interval * backoff ^ times`
##
## Value: float
##
## Default: 2.0
auth.http.request.retry_backoff = 2.0
认证代码
@RequestMapping("/mqtt")
public class AuthController {
private static final Logger log = LoggerFactory.getLogger(AuthController.class);
//【自定义http认证API】
@PostMapping("/auth")
public ResponseEntity auth(@RequestParam("clientid") String clientid,
@RequestParam("username") String username,
@RequestParam("password") String password){
log.info("emqx http认证组件开始调用任务服务完成认证,clientid={},username={},password={}",clientid,username,password);
return new ResponseEntity(HttpStatus.OK);
}
//【自定义ACL鉴权规则】
@PostMapping("/acl")
public ResponseEntity acl(@RequestParam("access")int access,
@RequestParam("username")String username,
@RequestParam("clientid")String clientid,
@RequestParam("ipaddr")String ipaddr,
@RequestParam("topic")String topic,
@RequestParam("mountpoint")String mountpoint){
log.info("EMQX发起客户端操作授权查询请求,access={},username={},clientid={},ipaddr={},topic={},mountpoint={}",
access,username,clientid,ipaddr,topic,mountpoint);
return new ResponseEntity(HttpStatus.OK);
}
详细日志
2021-04-25 09:02:02.248 [warning] <<"test_device1">>@192.168.200.10:11842 [Channel] Cannot publish message to Up1/device_type1/test_device1 due to Not authorized.
2021-04-25 09:02:02.856 [warning] <<"test_device11">>@192.168.200.10:9448 [Channel] Cannot subscribe testtopic/# due to Not authorized.
