然后我们可以尝试修改一下tony这个用户的权限
[root@centOSFrist ~]# rabbitmqctl set_permissions -p APP_A tony \ > "tony-.*" "tony-.*" ".*" Setting permissions for user "tony" in vhost "APP_A" ...tony 用户目前可以对APP_A 这个vhost 配置tony-开头的交换器/队列 同时可以在tony-开头的交换器或者队列发布消息 可以订阅所有消息。
在JAVA 应用程序中测试一下(截取重点代码,以及错误LOG)
ConnectionFactory factory = new ConnectionFactory(); factory.setHost("192.168.0.21"); factory.setUsername("tony"); factory.setPassword("tonypwd"); factory.setVirtualHost("APP_A"); factory.setPort(5673);创建交换器和队列:
private static final String EXCHANGE_NAME = "MY_EXCHANGE"; this.channel.exchangeDeclare(EXCHANGE_NAME,"direct",false,true,null); //最好也创建一下交换器,反正已经创建也没有关系 this.channel.queueDeclare("QUEUE_A",false,false,true,null); this.channel.queueBind("QUEUE_A",EXCHANGE_NAME,"KEY_A");由于我目前创建的交换器名称为 MY_EXCHANGE 所以就出现了错误的LOG:
Caused by: com.rabbitmq.client.ShutdownSignalException: channel error; reason: {#method<channel.close>(reply-code=403, reply-text=ACCESS_REFUSED - access to exchange 'MY_EXCHANGE' in vhost 'APP_A' refused for user 'tony', class-id=40, method-id=10), null, ""} at com.rabbitmq.utility.ValueOrException.getValue(ValueOrException.java:67) at com.rabbitmq.utility.BlockingValueOrException.uninterruptibleGetValue(BlockingValueOrException.java:33) at com.rabbitmq.client.impl.AMQChannel$BlockingRpcContinuation.getReply(AMQChannel.java:343) at com.rabbitmq.client.impl.AMQChannel.privateRpc(AMQChannel.java:216) at com.rabbitmq.client.impl.AMQChannel.exnWrappingRpc(AMQChannel.java:118) ... 10 more当我修改了所有的交换器和队列的名称为tony-EXCHANGE tony-QUEUE 之后就一切就正常了,我们可以使用命令查看目前某个vhost中的配置:
[root@centOSFrist ~]# rabbitmqctl list_permissions Listing permissions in vhost "/" ... guest .* .* .* [root@centOSFrist ~]# rabbitmqctl list_permissions -p APP_A Listing permissions in vhost "APP_A" ... tony tony-.* tony-.* .*还可以使用命令查看某个用户的权限:
[root@centOSFrist ~]# rabbitmqctl list_user_permissions tony Listing permissions for user "tony" ... APP_A tony-.* tony-.* .*删除某一个用户权限如下:
[root@centOSFrist ~]# rabbitmqctl clear_permissions -p APP_A tony Clearing permissions for user "tony" in vhost "APP_A" ... [root@centOSFrist ~]# rabbitmqctl list_user_permissions tony Listing permissions for user "tony" ... 处理针对vhost的使用权限之外还提供,一种角色权限去管理RabbitMQ。none、management、policymaker、monitoring、administrator
none : 不能访问 management plugin management : 可以使用AMQP所有功能 列出自己可以通过AMQP登入VHOST 查看自己的vhost中的队列、交换器、绑定 查看和关闭自己的信道(channel) 和 connection 查看自己有关的vhost的“全局”的统计信息和其他用户在这些vhost中的活动。 policymaker : management的所有权限 对自己的vhost所属的policies和parameters 进行增删改查 monitoring : management的所有权限 查看所有vhost 查看节点的数据使用情况 所有vhost的全局的统计信息 administrator : 什么都可以干~设置用户角色权限:
[root@centOSFrist ~]# rabbitmqctl set_user_tags tony policymaker Setting tags for user "tony" to [policymaker] ... [root@centOSFrist ~]# rabbitmqctl list_users Listing users ... guest [administrator] tony [policymaker]