1、在rocket mq 的conf/broker.conf文件新增一行aclEnable=true
2、在rocket mq 的conf/plain_acl.yml 文件增加topic的权限
globalWhiteRemoteAddresses:
- 10.10.15.*
- 192.168.0.*
accounts:
- accessKey: RocketMQ
secretKey: 12345678
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
groupPerms:
# the group should convert to retry topic
- groupA=DENY
- groupB=PUB|SUB
- groupC=SUB
- accessKey: rocketmq2
secretKey: 12345678
解释:PUB生产者权限,SUB是订阅者权限,DENY是拒绝。
这里只有accessKey的为admin权限时才可以创建和修改topic。
增加acl的maven依赖:
生产者代码:
package acl; import org.apache.rocketmq.acl.common.AclClientRPCHook; import org.apache.rocketmq.acl.common.SessionCredentials; import org.apache.rocketmq.client.exception.MQBrokerException; import org.apache.rocketmq.client.exception.MQClientException; import org.apache.rocketmq.client.producer.DefaultMQProducer; import org.apache.rocketmq.client.producer.SendResult; import org.apache.rocketmq.common.message.Message; import org.apache.rocketmq.remoting.RPCHook; import org.apache.rocketmq.remoting.exception.RemotingException; public class AclProducer { public static void main(String[] args) throws MQClientException, InterruptedException, RemotingException, MQBrokerException { DefaultMQProducer producer = new DefaultMQProducer("rexel_notice_p1", getAclRPCHook()); producer.setNamesrvAddr("192.168.29.100:9876;192.168.29.101:9876"); producer.start(); Message msg = new Message("rexel_notice" ,"*" , ("Hello RocketMQ ").getBytes()); SendResult sendResult = producer.send(msg); System.out.printf("%s%n", sendResult); producer.shutdown(); } static RPCHook getAclRPCHook() { return new AclClientRPCHook(new SessionCredentials("rexel_developer","19@ljWo2iUow")); } }
消费者代码:
package acl; import java.util.List; import org.apache.rocketmq.acl.common.AclClientRPCHook; import org.apache.rocketmq.acl.common.SessionCredentials; import org.apache.rocketmq.client.consumer.DefaultMQPushConsumer; import org.apache.rocketmq.client.consumer.listener.ConsumeConcurrentlyContext; import org.apache.rocketmq.client.consumer.listener.ConsumeConcurrentlyStatus; import org.apache.rocketmq.client.consumer.listener.MessageListenerConcurrently; import org.apache.rocketmq.client.consumer.rebalance.AllocateMessageQueueAveragely; import org.apache.rocketmq.client.exception.MQClientException; import org.apache.rocketmq.common.consumer.ConsumeFromWhere; import org.apache.rocketmq.common.message.MessageExt; import org.apache.rocketmq.remoting.RPCHook; public class AclConsumer { public static void main(String[] args) throws MQClientException { DefaultMQPushConsumer consumer = new DefaultMQPushConsumer( "rexel_notice_g1", getAclRPCHook(), new AllocateMessageQueueAveragely()); consumer.setConsumeFromWhere(ConsumeFromWhere.CONSUME_FROM_FIRST_OFFSET); consumer.subscribe("rexel_notice", "*"); consumer.setNamesrvAddr("192.168.29.100:9876;192.168.29.101:9876"); consumer.registerMessageListener(new MessageListenerConcurrently() { @Override public ConsumeConcurrentlyStatus consumeMessage(List<MessageExt> msgs, ConsumeConcurrentlyContext context) { System.out.printf("%s Receive New Messages: %s %n", Thread.currentThread().getName(), msgs); return ConsumeConcurrentlyStatus.CONSUME_SUCCESS; } }); consumer.start(); System.out.printf("Consumer Started.%n"); } static RPCHook getAclRPCHook() { return new AclClientRPCHook(new SessionCredentials("rexel_developer","19@ljWo2iUow")); } }
增加了权限之后,没有办法通过控制台命令上创建topic了。
是通过rocketmq-console来进行Topic及ConsumerGroup管理的。