...
Create a config.xml configuration file for the Enterprise Security Extension: You can also find examples of this file in the extension folder under conf/examples
configure sql-realm.
db-name - you can find this in the ese-db-init.sql, default it is postgres
...
Configure the listener-pipeline. Since here we are using role-based authorization we need to set <use-authorization-key> to false and <use-authorization-role-key> to true.
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8" ?>
<enterprise-security-extension
xmlns:xsi="<httphttp://www.w3.org/2001/XMLSchema-instance">
xsi:noNamespaceSchemaLocation="config.xsd"
version="1">
<realms>
<!-- a postgresql db-->
<sql-realm>
<name>postgres-backend</name>
<enabled>true</enabled>
<configuration>
<db-type>POSTGRES</db-type>
<db-name>hivemq</db-name>
<db-host>postgres-servicename</db-host>
<db-port>5432</db-port>
<db-username>hivemq</db-username>
<db-password>password</db-password>
</configuration>
</sql-realm>
</realms>
<pipelines>
<!-- secure access to the mqtt broker -->
<listener-pipeline listener="ALL">
<!-- authenticate over a sql db -->
<sql-authentication-manager>
<realm>postgres-backend</realm>
</sql-authentication-manager>
<!-- authorize over a sql db -->
<sql-authorization-manager>
<realm>postgres-backend</realm>
<use-authorization-key>false</use-authorization-key>
<use-authorization-role-key>true</use-authorization-role-key>
</sql-authorization-manager>
</listener-pipeline>
</pipelines>
</enterprise-security-extension> |
...