环境信息
Docker部署的官方镜像 5.7.2版本
Jwt认证器配置
Jwt认证秘钥
rmsnextforjwt
连接的异常截图
利用mqttX 采用mqtt5.0协议连接出现如图所示的报错
Jwttoken原文
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpblR5cGUiOiJsb2dpbiIsImxvZ2luSWQiOjEsInJuU3RyIjoiUGRhN1IxbGlNaDZoSWV3UG00cHJSVnFOWXJFT2FhSUEiLCJjbGllbnRfYXR0cnMiOnsidXNlcm5hbWUiOiJhZG1pbiIsInVzZXJJZCI6MX0sImlhdCI6MTcyNDkxMTg2NCwibmJmIjoxNzI0OTExODY0LCJleHAiOjE3MjU1MTY2NjQsImlzX3N1cGVydXNlciI6dHJ1ZX0.DnkYY_3iTYVxitC7CiKV0DcX7aaATmelU37FMBgocp8
Emqx的系统日志跟踪如下
024-08-29T06:19:15.080110+00:00 [MQTT] mqttx_cc910208@xx.32.216.37:54592 msg: mqtt_packet_received, packet: CONNECT(Q0, R0, D0, ClientId=mqttx_cc910208, ProtoName=MQTT, ProtoVsn=5, CleanStart=true, KeepAlive=60, Username=admin, Password=******), username: admin
2024-08-29T06:19:15.081267+00:00 [AUTHN] mqttx_cc910208@xx.32.216.37:54592 msg: authenticator_error, authenticator: jwt, exception: error, reason: badarg, stacktrace: [{erlang,iolist_to_binary,[1],[{error_info,#{module => erl_erts_errors}}]},{emqx_authn_utils,do_drop_invalid_attr,1,[{file,“emqx_authn_utils.erl”},{line,224}]},{emqx_authn_utils,drop_invalid_attr,1,[{file,“emqx_authn_utils.erl”},{line,217}]},{emqx_authn_utils,client_attrs,1,[{file,“emqx_authn_utils.erl”},{line,212}]},{emqx_authn_jwt,extra_to_auth_data,4,[{file,“emqx_authn_jwt.erl”},{line,275}]},{emqx_authn_chains,authenticate_with_provider,2,[{file,“emqx_authn_chains.erl”},{line,704}]},{emqx_authn_chains,do_authenticate,3,[{file,“emqx_authn_chains.erl”},{line,660}]},{emqx_authn_chains,authenticate,2,[{file,“emqx_authn_chains.erl”},{line,167}]},{emqx_hooks,safe_execute,2,[{file,“emqx_hooks.erl”},{line,205}]},{emqx_hooks,do_run_fold,3,[{file,“emqx_hooks.erl”},{line,185}]},{emqx_access_control,authenticate,1,[{file,“emqx_access_control.erl”},{line,224}]},{emqx_channel,do_authenticate,2,[{file,“emqx_channel.erl”},{line,1881}]},{emqx_channel,handle_in,2,[{file,“emqx_channel.erl”},{line,365}]},{emqx_connection,with_channel,3,[{file,“emqx_connection.erl”},{line,811}]},{emqx_connection,process_msg,2,[{file,“emqx_connection.erl”},{line,472}]},{emqx_connection,process_msg,2,[{file,“emqx_connection.erl”},{line,478}]},{emqx_connection,handle_recv,3,[{file,“emqx_connection.erl”},{line,434}]},{proc_lib,wake_up,3,[{file,“proc_lib.erl”},{line,251}]}], username: admin
2024-08-29T06:19:15.082188+00:00 [AUTHN] mqttx_cc910208@xx.32.216.37:54592 msg: authentication_result, reason: chain_result, result: {ok,{error,not_authorized}}, username: admin
2024-08-29T06:19:15.082512+00:00 [warning] tag: AUTHN, clientid: mqttx_cc910208, msg: authentication_failure, peername: xx.32.216.37:54592, username: admin, reason: not_authorized
2024-08-29T06:19:15.083087+00:00 [MQTT] mqttx_cc910208@xx.32.216.37:54592 msg: mqtt_packet_sent, packet: CONNACK(Q0, R0, D0, AckFlags=0, ReasonCode=135), username: admin
2024-08-29T06:19:15.083846+00:00 [SOCKET] mqttx_cc910208@xx.32.216.37:54592 msg: emqx_connection_terminated, reason: {shutdown,not_authorized}, username: admin
2024-08-29T06:19:15.084107+00:00 [info] clientid: mqttx_cc910208, msg: terminate, peername: xx.32.216.37:54592, username: admin, reason: {shutdown,not_authorized}
可能有用的信息
我在授权器其中配置了一个Mysqk授权 查询语句如下
SELECT ‘all’ as action, ‘allow’ as permission, CONCAT(‘stats/’,unit_id) as topic FROM user_unit where user_id = ${client_attrs.userId}