You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
globalWhiteRemoteAddresses:
accounts:
- accessKey: RocketMQ
secretKey: 12345678
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
groupPerms:
# the group should convert to retry topic
- groupA=DENY
- groupB=PUB|SUB
- groupC=SUB
- accessKey: rocketmq2
secretKey: 12345678
whiteRemoteAddress: 192.168.1.*
# if it is admin, it could access all resources
admin: true
Caused by: org.apache.rocketmq.client.exception.MQBrokerException: CODE: 1
DESC: org.apache.rocketmq.acl.common.AclException: [10015:signature-failed]
unable to calculate a request signature. error=[10015:signature-failed]
unable to calculate a request signature. error=Algorithm HmacSHA1 not available,
org.apache.rocketmq.acl.common.AclSigner.signAndBase64Encode(AclSigner.java:84)
错误信息比较长,但是核心部分是Algorithm HmacSHA1 not available,我起初以为是客户端的问题,后来debug了一下才发现不是客户端的问题,是服务端少了一个包,在网上简单的搜索了之后发现是少了叫sunjce_provider.jar的包,一般这个包都在$JAVA_HOME/jre/lib/ext目录下,所以解决办法就是把这个包拷贝一个到服务端的distribution/target/apache-rocketmq/lib中。
RocketMQ
默认是不带有任何认证的,部署在公网的话是不安全的,以下是一些我在尝试添加认证时的一些笔记Broker
端配置首先需要在
conf/broker.conf
里面打开acl
的配置,如下然后在
conf/plain_acl.yml
进行相应的配置,如下一个BUG
理论上讲,或者按照大多数的教程,配置到这里就算是完成了,但是如果你就到此为止的话,接下来是生产或者消费时(具体代码见后),会报如下错误:
错误信息比较长,但是核心部分是
Algorithm HmacSHA1 not available
,我起初以为是客户端的问题,后来debug
了一下才发现不是客户端的问题,是服务端少了一个包,在网上简单的搜索了之后发现是少了叫sunjce_provider.jar
的包,一般这个包都在$JAVA_HOME/jre/lib/ext
目录下,所以解决办法就是把这个包拷贝一个到服务端的distribution/target/apache-rocketmq/lib
中。客户端使用
服务端配置好之后,客户端使用就比较轻松了,相比常规的代码,需要要添加相应的参数就可以了
参考
The text was updated successfully, but these errors were encountered: