EMQX Edge

English

简体中文

English

简体中文

Appearance

Contact Us

Access Control

Authentication and authorization are foundational security mechanisms in any system. Authentication verifies user identities, while authorization determines what actions those users are allowed to perform. In the context of EMQX Edge, a lightweight MQTT broker, these mechanisms are essential to ensure the system’s security, data integrity, and controlled access.

This section outlines the supported access control mechanisms in EMQX Edge, including:

  • User Login Authentication
  • JWT Authentication
  • Access Control Lists (ACL)
  • HTTP-Based Authorization

Basic Authentication Configuration Example

EMQX Edge supports flexible authentication configuration through a declarative syntax. A basic example is shown below:

bash
auth {
  allow_anonymous = true
  no_match = allow
  deny_action = ignore
  cache {
    max_size = 1024
    duration = 1m
  }
  password = {include "/etc/nanomq_pwd.conf"}
  acl = {include "/etc/nanomq_acl.conf"}
}

where,

  • allow_anonymous data type is boolean, with a default value of true, which allows anonymous login.
  • no_match defines the default action when no matching authentication rule is found.
  • deny_action determines what to do if a request is rejected according to the authorization checks. The available options are ignore or disconnect.
  • cache is an optional value with caching settings, with the following optional setting options:
    • cache.max_size: An optional integer value. Specifies the maximum number of elements in the cache. When this limit is exceeded, the oldest records will be removed from the cache. Default: 32.
    • cache.ttl: An optional duration value. Specifies how long cached values are kept in the cache. Default: 1m.
  • password is the password file path. It includes the contents of the nanomq_pwd.conf file in your configuration. Make sure that the file only contains the password in the correct format, using include to include your password file.
  • acl is the ACL file path. It includes the contents of the nanomq_acl.conf file in your configuration. Make sure that the file only contains the ACL in the correct format, using include to include your ACL file.

TIP

If you are using the default configuration file, you do not need to use the include syntax for password and ACL files. The include directive is mainly intended for users who want to manage those configurations separately.