activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aliquip <aliq...@gmail.com>
Subject ActiveMQ (5.7 snaphot) BrokerFilter (when using MQTT) addProducer prodocuerInfo destination is null
Date Tue, 25 Sep 2012 14:37:36 GMT
When using mqtt as transport i try to allow only certain users to publish to
certain topics.

However, when using mqtt (python's mosquitto client) to publish to a topic,
the producerinfo in the addProducer method of the broker filter doesn't hold
a destination (it's always null), making it impossible to control write
acces to topics. Is this intentional, is there a workaround? 

More details:

(addConsumer and the associated ConsumerInfo do hold a destination. I've
tried to understand the source of MQTTProtocolConverter.java, but fail to
see at what point things get filtered through the broker filter. I did
notice, however, that apparently per connection only one producerInfo object
is created, this one doesn't have a destination set. But i fail to find at
what point a new producer is added to a topic)

Also note that while a destination isn't set, when using the mosquitto
client (and simply allowing every user to add a producer) sending messages
and receiving them DOES work. Sending messages to the topic from another
transport (internal "vm:://localhost") works as well, in the filter the
destination is set in producerinfo, and the message is received by the mqtt
client.

The BrokerFilter where things go wrong (scala)
===================================================================
class UpoAuthenticationBroker(next: Broker) extends BrokerFilter(next) {
  
  [....]

  override def addProducer(context:ConnectionContext, info:ProducerInfo) = {
     val sc = context.getSecurityContext().asInstanceOf[UpoSecurityContext] 
     if (null == sc)  throw new SecurityException("No security context")
    if (sc.canRead(info.getDestination())) {
      // destination is allways null, not good
      super.addProducer(context, info)
    } else {
      //println("User  " + sc.user +" is not authorized to send to: " +
info.getDestination())
      throw new SecurityException("User  " + sc.user +"  is not authorized
to send to: " + info.getDestination())
    }
  }

}
===================================================================



--
View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-5-7-snaphot-BrokerFilter-when-using-MQTT-addProducer-prodocuerInfo-destination-is-null-tp4656950.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message