Fraschbi/rbac listener config

README.adoc

@@ -4,12 +4,13 @@
 :hivemq-blog-tools: http://www.hivemq.com/mqtt-toolbox
 :maven-documentation-profile-link: http://maven.apache.org/guides/introduction/introduction-to-profiles.html
 :hivemq-support: http://www.hivemq.com/support/
+:hivemq-listener: https://www.hivemq.com/docs/hivemq/4.4/user-guide/listeners.html#tcp-listener
 
 == HiveMQ File Role based Access Control Extension
 
 *Extension Type*: Security
 
-*Version*: 4.0.0
+*Version*: 4.4.0
 
 *License*: Apache License 2.0
 
@@ -31,6 +32,7 @@ The extension provides fine grained control on a topic level to limit clients to
 * Runtime reload for Credentials and Roles
 * Support for Hashed or Plain-text passwords
 * Tooling to generate salted password hashes
+* Option to define a set of listeners the extension is used for
 
 === Installation
 
@@ -210,6 +212,12 @@ The credentials configuration includes the following settings.
     <!-- Reload interval for credentials in seconds -->
     <credentials-reload-interval>60</credentials-reload-interval>
 
+    <!-- Optional list of names of listeners this extension is used for
+    <listener-names>
+        <listener-name>my-listener</listener-name>
+        <listener-name>my-listener-2</listener-name>
+    </listener-names> -->
+
     <!-- If the credentials file is using HASHED or PLAIN passwords -->
     <password-type>HASHED</password-type>
 
@@ -221,9 +229,12 @@ The credentials configuration includes the following settings.
 |===
 |Configuration |Default |Description
 |`credentials-reload-interval` |`60` |Regular interval in seconds, in which the `credentials.xml` configuration file is checked for changes and reloaded.
+|`listener-names` |`null` |List of names of listeners, this extension will be used for. See {hivemq-listener}[HiveMQ config details^].
 |`password-type` |`HASHED` |How passwords are stored in the `credentials.xml` configuration file. Can either bei `PLAIN` for plain text passwords, or `HASHED` for a salted password hash.
 |===
 
+NOTE: The `listener-names` feature requires the use of at least HiveMQ 4.1 / HiveMQ CE 2020.1
+
 ==== Need help?
 
 If you encounter any problems, we are happy to help. The best place to get in contact is our {hivemq-support}[support^].

pom.xml

@@ -21,7 +21,7 @@
 
     <groupId>com.hivemq.extension</groupId>
     <artifactId>hivemq-file-rbac-extension</artifactId>
-    <version>4.0.1</version>
+    <version>4.4.0</version>
 
     <description>HiveMQ File Role Based Access Control Extension</description>
 
@@ -36,7 +36,7 @@
         <dependency>
             <groupId>com.hivemq</groupId>
             <artifactId>hivemq-extension-sdk</artifactId>
-            <version>4.0.0</version>
+            <version>4.4.0</version>
         </dependency>
 
         <dependency>
@@ -248,6 +248,31 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>RunWithHiveMQ</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.hivemq</groupId>
+                        <artifactId>hivemq-maven-plugin</artifactId>
+                        <version>4.0.2</version>
+                        <executions>
+                            <execution>
+                                <id>hivemq</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>hivemq</goal>
+                                </goals>
+                                <configuration>
+                                    <hiveMQDir>YOUR_HIVEMQ_FOLDER</hiveMQDir>
+                                    <debugMode>SERVER</debugMode>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 
 </project>

src/main/java/com/hivemq/extensions/rbac/FileAuthAuthenticator.java

@@ -17,6 +17,8 @@
 
 package com.hivemq.extensions.rbac;
 
+import com.hivemq.extension.sdk.api.client.parameter.Listener;
+import com.hivemq.extensions.rbac.configuration.entities.ExtensionConfig;
 import com.hivemq.extensions.rbac.utils.CredentialsValidator;
 import com.hivemq.extension.sdk.api.annotations.NotNull;
 import com.hivemq.extension.sdk.api.auth.SimpleAuthenticator;
@@ -29,18 +31,31 @@
 import java.nio.ByteBuffer;
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 
 public class FileAuthAuthenticator implements SimpleAuthenticator {
 
-    private final @NotNull
-    CredentialsValidator credentialsValidator;
+    private final @NotNull CredentialsValidator credentialsValidator;
 
-    FileAuthAuthenticator(final @NotNull CredentialsValidator credentialsValidator) {
+    private final @NotNull ExtensionConfig extensionConfig;
+
+    FileAuthAuthenticator(final @NotNull CredentialsValidator credentialsValidator, final @NotNull ExtensionConfig extensionConfig) {
         this.credentialsValidator = credentialsValidator;
+        this.extensionConfig = extensionConfig;
     }
 
     @Override
     public void onConnect(@NotNull final SimpleAuthInput simpleAuthInput, @NotNull final SimpleAuthOutput simpleAuthOutput) {
+        final Set<String> listenerNames = extensionConfig.getListenerNames();
+        final Optional<Listener> connectedListenerOptional = simpleAuthInput.getConnectionInformation().getListener();
+
+        if( listenerNames != null && !listenerNames.isEmpty() && connectedListenerOptional.isPresent()) {
+            final String connectedListenerName = connectedListenerOptional.get().getName();
+            if(!listenerNames.contains(connectedListenerName)) {
+                    simpleAuthOutput.nextExtensionOrDefault();
+                    return;
+                }
+        }
 
         final Optional<String> userNameOptional = simpleAuthInput.getConnectPacket().getUserName();
         final Optional<ByteBuffer> passwordOptional = simpleAuthInput.getConnectPacket().getPassword();

src/main/java/com/hivemq/extensions/rbac/FileAuthMain.java

@@ -17,6 +17,7 @@
 
 package com.hivemq.extensions.rbac;
 
+import com.hivemq.extensions.rbac.configuration.entities.ExtensionConfig;
 import com.hivemq.extensions.rbac.utils.CredentialsValidator;
 import com.hivemq.extension.sdk.api.ExtensionMain;
 import com.hivemq.extension.sdk.api.annotations.NotNull;
@@ -54,7 +55,9 @@ public void extensionStart(final @NotNull ExtensionStartInput extensionStartInpu
                     extensionConfiguration.getExtensionConfig(), Services.metricRegistry());
             credentialsValidator.init();
 
-            Services.securityRegistry().setAuthenticatorProvider(new FileAuthenticatorProvider(credentialsValidator));
+            final ExtensionConfig extensionConfig = extensionConfiguration.getExtensionConfig();
+
+            Services.securityRegistry().setAuthenticatorProvider(new FileAuthenticatorProvider(credentialsValidator,extensionConfig));
 
         } catch (Exception e) {
             log.error("Exception thrown at extension start: ", e);

src/main/java/com/hivemq/extensions/rbac/FileAuthenticatorProvider.java

@@ -17,6 +17,7 @@
 
 package com.hivemq.extensions.rbac;
 
+import com.hivemq.extensions.rbac.configuration.entities.ExtensionConfig;
 import com.hivemq.extensions.rbac.utils.CredentialsValidator;
 import com.hivemq.extension.sdk.api.annotations.NotNull;
 import com.hivemq.extension.sdk.api.annotations.Nullable;
@@ -28,8 +29,8 @@ public class FileAuthenticatorProvider implements AuthenticatorProvider {
 
     private final @NotNull FileAuthAuthenticator authenticator;
 
-    FileAuthenticatorProvider(@NotNull final CredentialsValidator credentialsValidator) {
-        this.authenticator = new FileAuthAuthenticator(credentialsValidator);
+    FileAuthenticatorProvider(@NotNull final CredentialsValidator credentialsValidator, @NotNull final ExtensionConfig extensionConfig) {
+        this.authenticator = new FileAuthAuthenticator(credentialsValidator,extensionConfig);
     }
 
     @Override

src/main/java/com/hivemq/extensions/rbac/configuration/entities/ExtensionConfig.java

@@ -18,8 +18,11 @@
 package com.hivemq.extensions.rbac.configuration.entities;
 
 import com.hivemq.extension.sdk.api.annotations.NotNull;
+import com.hivemq.extension.sdk.api.annotations.Nullable;
 
 import javax.xml.bind.annotation.*;
+import java.util.List;
+import java.util.Set;
 
 
 @XmlRootElement(name = "extension-configuration")
@@ -29,16 +32,22 @@ public class ExtensionConfig {
 
     @XmlElement(name = "credentials-reload-interval", required = false, defaultValue = "60")
     private int reloadInterval = 60;
-
+    @Nullable
+    @XmlElementWrapper(name = "listener-names")
+    @XmlElement(name = "listener-name")
+    private Set<String> listenerNames;
+
     @NotNull
     @XmlElement(name = "password-type", required = false, defaultValue = "HASHED")
     private PasswordType passwordType = PasswordType.HASHED;
+
 
     public ExtensionConfig() {
     }
 
-    public ExtensionConfig(final int reloadInterval, final @NotNull PasswordType passwordType) {
+    public ExtensionConfig(final int reloadInterval, final Set<String> listenerNames, final @NotNull PasswordType passwordType) {
         this.reloadInterval = reloadInterval;
+        this.listenerNames = listenerNames;
         this.passwordType = passwordType;
     }
 
@@ -50,6 +59,14 @@ public void setReloadInterval(final int reloadInterval) {
         this.reloadInterval = reloadInterval;
     }
 
+    public Set<String> getListenerNames() {
+        return listenerNames;
+    }
+
+    public void setListenerNames(Set<String> listenerNames) {
+        this.listenerNames = listenerNames;
+    }
+
     @NotNull
     public PasswordType getPasswordType() {
         return passwordType;
@@ -64,6 +81,7 @@ public void setPasswordType(final @NotNull PasswordType passwordType) {
     public String toString() {
         return "ExtensionConfiguration{" +
                 "reloadInterval=" + reloadInterval +
+                ", listenerNames=" + listenerNames +
                 ", passwordType=" + passwordType +
                 '}';
     }

src/main/resources/extension-config.xml

@@ -4,6 +4,12 @@
     <!-- Reload interval for credentials in seconds -->
     <credentials-reload-interval>60</credentials-reload-interval>
 
+    <!-- Optional list of names of listeners this extension is used for
+    <listener-names>
+        <listener-name>my-listener</listener-name>
+        <listener-name>my-listener-2</listener-name>
+    </listener-names> -->
+
     <!-- If the credentials file is using HASHED or PLAIN passwords -->
     <password-type>HASHED</password-type>
 

src/main/resources/hivemq-extension.xml

@@ -19,5 +19,5 @@
     <name>${extension.name}</name>
     <version>${version}</version>
     <priority>1000</priority>
-    <author>dc-square GmbH</author>
+    <author>HiveMQ GmbH</author>
 </hivemq-extension>