MQTT 密码保护通道

MQTT password protected channel

我正在使用 Mosquitto 作为我的本地网络 mqtt 代理和几个发布和订阅不同频道的客户。

由于客户端通过 mosquitto(在配置中使用 password_file)进行身份验证以访问代理,是否有任何方法可以 确保各个通道

我喜欢允许一些传感器控制灯(即),但不是每个传感器都可以控制 windows。

Mosquitto 支持 ACL,它允许您设置用户可以 subscribe/publish 访问哪些主题。 mosquitto.conf man 页面中包含有关如何创建 ACL 文件的详细信息:

acl_file file path

Set the path to an access control list file. If defined, the contents of the file are used to control client access to topics on the broker.

If this parameter is defined then only the topics listed will have access. Topic access is added with lines of the format:

topic [read|write|readwrite]

The access type is controlled using "read", "write" or "readwrite". This parameter is optional (unless includes a space character) - if not given then the access is read/write. can contain the + or # wildcards as in subscriptions.

The first set of topics are applied to anonymous clients, assuming allow_anonymous is true. User specific topic ACLs are added after a user line as follows:

user

The username referred to here is the same as in password_file. It is not the clientid.

It is also possible to define ACLs based on pattern substitution within the topic. The form is the same as for the topic keyword, but using pattern as the keyword.

pattern [read|write|readwrite]

The patterns available for substition are:

%c to match the client id of the client

%u to match the username of the client

The substitution pattern must be the only text for that level of hierarchy. Pattern ACLs apply to all users even if the "user" keyword has previously been given.

Example:

pattern write sensor/%u/data

Allow access for bridge connection messages:

pattern write $SYS/broker/connection/%c/state

If the first character of a line of the ACL file is a # it is treated as a comment.

Reloaded on reload signal. The currently loaded ACLs will be freed and reloaded. Existing subscriptions will be affected after the reload.