RocketMQ 4.9.4 uses (3) to enable ACL verification

Language 2023-07-29 04:29:31 views: null

1、RocketMQ ACL

Access control (ACL, full name access control list, commonly known as access control list) mainly provides RocketMQ with Topic resource-level user access control.

When users use RocketMQ permission control, they can inject AccessKey and SecretKey signatures through RPCHook on the client side; at the same time, set the corresponding permission control attributes (including Topic access permissions, IP whitelist, AccessKey and SecretKey signatures, etc.) in distribution/conf /plain_acl.yml configuration file.

The Broker side verifies the permissions owned by the AccessKey, if the verification fails, an exception is thrown;

For the ACL client, please refer to: the AclClient code under the org.apache.rocketmq.example.simple package.

official guide

RocketMQ_Multiple_ACL_Files_Design
ACL usage guide

2. Enable ACL verification

Configure aclEnable=true in the broker.conf file

aclEnable=true

Configure ACL in conf/plain_acl.yml

# 设置IP白名单
globalWhiteRemoteAddresses:
- 10.10.103.*
- 192.168.0.*
# 配置用户信息
accounts:
- accessKey: RocketMQ
  secretKey: 12345678
  # 用户级别的IP地址白名单
  whiteRemoteAddress:
  # 当为true可以执行更新、删除主题或者订阅组
  admin: false
  # DENY拒绝、SUB订阅权限、PUB发送权限
  defaultTopicPerm: DENY
  defaultGroupPerm: SUB
  topicPerms:
  - topicA=DENY
  - topicB=PUB|SUB
  - topicC=SUB
  groupPerms:
  - groupA=DENY
  - groupB=PUB|SUB
  - groupC=SUB

3. Restrictions on the use of authority control

If ACL and high availability deployment (Master/Slave architecture) are enabled at the same time, then you need to set the global whitelist information in the distribution/conf/plain_acl.yml configuration file of the Broker Master node, that is, set the ip address of the Slave node to the Master node In the global whitelist of the plain_acl.yml configuration file.

If ACL and high-availability deployment (multi-copy Dledger architecture) are enabled at the same time, since the master will be automatically selected in the Dledger Group when a node is down, then the plain_acl.yml configuration file of all Broker nodes in the Dledger Group needs to be white The list sets the ip addresses of all Broker nodes.

Guess you like

Origin blog.csdn.net/q283614346/article/details/126530030
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com