匿名认证与 ACL 文件
=========================


Allow Anonymous::

  ## 默认开启，允许任意客户端登录:
  ## Allow Anonymous authentication
  mqtt.allow_anonymous = true

Default ACL File::

  ## EMQ 支持基于 etc/acl.conf 文件或 MySQL、 PostgreSQL 等插件的访问控制规则。
  ## ACL nomatch
  mqtt.acl_nomatch = allow
  ## Default ACL File
  mqtt.acl_file = etc/acl.conf

Define ACL rules in etc/acl.conf. The rules by default::

  ## 允许|拒绝  用户|IP地址|ClientID  发布|订阅  主题列表
  %% Allow 'dashboard' to subscribe '$SYS/#'
  {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
  %% Allow clients from localhost to subscribe any topics
  {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
  %% Deny clients to subscribe '$SYS#' and '#'
  {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
  %% Allow all by default
  {allow, all}.

访问控制规则采用 Erlang 元组格式，访问控制模块逐条匹配规则::

            ---------              ---------              ---------
  Client -> | Rule1 | --nomatch--> | Rule2 | --nomatch--> | Rule3 | --> Default
            ---------              ---------              ---------
                |                      |                      |
              match                  match                  match
               \|/                    \|/                    \|/
          allow | deny           allow | deny           allow | deny

注::

  默认规则只允许本机用户订阅’$SYS/#’与’#’