首先到官网下载zip并启动
下载地址 https://www.emqx.cn/downloads
本次使用的版本是4.3
0、先将mqtt的匿名访问关闭
## Value: true | false
allow_anonymous = false
1、首先修改配置文件,配置pgsql数据库的相关信息,路径/emqx/etc/plugins/emqx_auth_pgsql.conf
## 服务器地址
auth.pgsql.server = 127.0.0.1:5432
## 连接池大小
auth.pgsql.pool = 8
auth.pgsql.username = root
auth.pgsql.password = public
auth.pgsql.database = mqtt
auth.pgsql.encoding = utf8
2、在数据库中创建两张认证表详见官方文档
CREATE TABLE mqtt_user (
id SERIAL primary key,
is_superuser boolean,
username character varying(100),
password character varying(100),
salt character varying(40)
)
-- 客户端信息
INSERT INTO mqtt_user (username, password, salt, is_superuser)
VALUES
('emqx', 'efa1f375d76194fa51a3556a97e641e61685f914d446979da50a551a4333ffd7', NULL, false);
CREATE TABLE mqtt_acl (
id SERIAL primary key,
allow integer,
ipaddr character varying(60),
username character varying(100),
clientid character varying(100),
access integer,
topic character varying(100)
)
-- 所有用户不可以订阅系统主题
INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (0, NULL, '$all', NULL, 1, '$SYS/#');
-- 允许 10.59.1.100 上的客户端订阅系统主题
INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (1, '10.59.1.100', NULL, NULL, 1, '$SYS/#');
-- 禁止客户端订阅 /smarthome/+/temperature 主题
INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (0, NULL, NULL, NULL, 1, '/smarthome/+/temperature');
-- 允许客户端订阅包含自身 Client ID 的 /smarthome/${clientid}/temperature 主题
INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (1, NULL, NULL, NULL, 1, '/smarthome/%c/temperature');
详见官方doc
https://docs.emqx.cn/broker/v4.3/advanced/acl-postgres.html
配置完毕后在mqtt的Dashboard中启用pgsql的ACL
image.png
如果报错说明数据库配置错误,请自行检查
下面我们写一个java来测试一下效果
MQTTSSLConsumer
package com.test.emq;
import org.eclipse.paho.client.mqttv3.MqttClient;
import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
import org.eclipse.paho.client.mqttv3.MqttException;
import org.eclipse.paho.client.mqttv3.MqttTopic;
import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence;
import java.util.concurrent.ScheduledExecutorService;
public class MQTTSSLConsumer {
public static final String HOST = "tcp://192.168.203.130:1883";
public static final String TOPIC1 = "taikang/rulee";
private static final String clientid = "client01";
private MqttClient client;
private MqttConnectOptions options;
private String userName = "emqx"; //非必须
private String passWord = "public1"; //非必须
@SuppressWarnings("unused")
private ScheduledExecutorService scheduler;
private void start() {
try {
// host为主机名,clientid即连接MQTT的客户端ID,一般以唯一标识符表示,MemoryPersistence设置clientid的保存形式,默认为以内存保存
client = new MqttClient(HOST, clientid, new MemoryPersistence());
// MQTT的连接设置
options = new MqttConnectOptions();
// 设置是否清空session,这里如果设置为false表示服务器会保留客户端的连接记录,设置为true表示每次连接到服务器都以新的身份连接
options.setCleanSession(false);
// 设置连接的用户名
options.setUserName(userName);
// 设置连接的密码
options.setPassword(passWord.toCharArray());
// 设置超时时间 单位为秒
options.setConnectionTimeout(10);
// 设置会话心跳时间 单位为秒 服务器会每隔1.5*20秒的时间向客户端发送个消息判断客户端是否在线,但这个方法并没有重连的机制
options.setKeepAliveInterval(20);
// 设置重连机制
options.setAutomaticReconnect(true);
// 设置回调
//client.setCallback(new PushCallback());
MqttTopic topic = client.getTopic(TOPIC1);
//setWill方法,如果项目中需要知道客户端是否掉线可以调用该方法。设置最终端口的通知消息
client.connect(options);
//订阅消息
int[] Qos = {1};
String[] topic1 = {TOPIC1};
client.subscribe(topic1, Qos);
} catch (MqttException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws MqttException {
System.setProperty("javax.net.debug", "ssl,handshake");
MQTTSSLConsumer client = new MQTTSSLConsumer();
client.start();
}
}
测试结论
在关闭匿名请求的情况下
如果客户端输入错误的用户名和密码会报错:无权连接(5)
如果认证通过,但是在ACL规则中认证失败会报错:MqttException (128)
补充 pom
<dependency>
<groupId>org.eclipse.paho</groupId>
<artifactId>org.eclipse.paho.client.mqttv3</artifactId>
<version>1.2.0</version>
</dependency>
