You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2018/10/09 15:39:11 UTC
[GitHub] githublaohu commented on issue #485: Develop acl
githublaohu commented on issue #485: Develop acl
URL: https://github.com/apache/rocketmq/pull/485#issuecomment-428242152
## 用户使用文档
#### 启动ACL流程
1. RocketMQ5.0版本才支持ACL
2. 启动ACL功能
在borker.conf加入下面配置
```
aclPlug=true
```
3. 在broker.conf文件目录下,创建transport.yml文件并且配置账户与权限
#### transport.yml配置详解
案例
```
onlyNetAddress:
netaddress: 10.10.103.*
noPermitPullTopic:
- broker-a
list:
- account: laohu
password: 123456
netaddress: 192.0.0.*
permitSendTopic:
- test1
- test2
- account: laohu
password: 123456
netaddress: 192.0.2.1
permitSendTopic:
- test3
- test4
```
1. onlyNetAddress是为了向前兼容。比如client不支持acl功能,为了不支持acl功能client能正常使用acl功能,设定了onlyNetAddress,不需要账户与密码。只要设定netaddress就可以使用了。可能在以后的版本废弃。
2. list是用户与权限列表,可以设定N个用户对应不同选线
3. 属性详解
1. accoutnt 用户名
2. password 密码
3. netaddress: 绑定的IP表达式
4. permitSendTopic 用户允许send那些Topic
5. noPermitSendTopic 用户不允许send那些Topic
6. permitPullTopic 用户允许pull那些Topic
7. noPermitPullTopic 用户不pull发送那些Topic
4. accoutnt与netaddress组成唯一标示。可以存在多个accoutnt,只要netaddress不同即可
5. accoutnt与password不能为null且长度必须大于6
6. netaddress支持的表达式如下
1. 简单
2. 127.0.0.1
2. 多个IP
2. 127.0.0.{1,2,3}
2. 127.0.0.1,127.0.0.2,127.0.0.3
3. 范围
1. 127.0.0.*
2. 127.0.0.1-200
3. 127.0.1-200.*
7. 有相同的topic情况下,permitSendTopic权限优先与noPermitSendTopic,permitPullTopic权限优先于noPermitPullTopic
8. 当设定了permitSendTopic与permitPullTopic的Topic,不在集合内的topic都没有权限
9. 目前不支持topic表达式
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services