EMQX opens HTTP connection authorization verification mode
Reference
Official website HTTP authentication plugin HTTP protocolConfigure HTTP authentication plugin
Use vi or vim to edit the /etc/emqx/plugins/emqx_auth_http.conf file. Configure connection authentication, administrator authentication, and publish and subscribe authentication respectively. The configuration is divided into four items, HTTP interface address, request method, content type, and request parameters. The interface address refers to an HTTP address. We usually use GET or POST for the request method, and POST is recommended. The content type usually uses x-www-form-urlencoded. The request parameter is the most important. Here we need to include all the content we need to judge the authorization. The detailed description of all the parameters can be viewed in the reference materials. In our example below, the service address of our API is a unified entry. The actual call interface is specified by the action in the parameter. Of course, we can also distinguish it from the url, and you can adjust it according to your own usage. The server code will not be described in this article, because it is closely integrated with the business logic. What we have to do is to return the result to EMQX after logical judgment. If we want to pass the authentication, we will return the HTTP 200 status code normally, if it fails It returns the HTTP 403 status code.
auth.http.auth_req = http://127.0.0.1:80/
auth.http.auth_req.method = post
auth.http.auth_req.content_type = x-www-form-urlencoded
auth.http.auth_req.params = client_id=%c,username=%u,password=%P,action=emqx_auth:auth_req
auth.http.super_req = http://127.0.0.1:80/
auth.http.super_req.method = post
auth.http.super_req.content_type = x-www-form-urlencoded
auth.http.super_req.params = client_id=%c,username=%u,action=emqx_auth:super_req
auth.http.acl_req = http://127.0.0.1:80/
auth.http.acl_req.method = post
auth.http.acl_req.content_type = x-www-form-urlencoded
auth.http.acl_req.params = access=%A,username=%u,client_id=%c,ip=%a,topic=%t,action=emqx_auth:acl_req
Load HTTP authentication plugin
emqx_ctl plugins load emqx_auth_http
Validation results
After the above operations, we need to use the MQTT client to connect. We try to use the normal client and the management client to connect to the server to see if the result is as expected. Then publish and subscribe topics to see if the authority control meets our requirements. If an exception is found, we can debug the server code until everything is normal.