@Override protected void addRoutes(final Router router) { if (getConfig().isAuthenticationRequired()) { final ChainAuthHandler authHandler = ChainAuthHandler.create(); authHandler.append(new X509AuthHandler( new TenantServiceBasedX509Authentication(getTenantServiceClient(), tracer), Optional.ofNullable(clientCertAuthProvider).orElse( new X509AuthProvider(getCredentialsServiceClient(), getConfig(), tracer)))); authHandler.append(new HonoBasicAuthHandler( Optional.ofNullable(usernamePasswordAuthProvider).orElse( new UsernamePasswordAuthProvider(getCredentialsServiceClient(), getConfig(), tracer)), getConfig().getRealm(), tracer)); addTelemetryApiRoutes(router, authHandler); addEventApiRoutes(router, authHandler); addCommandResponseRoutes(router, authHandler); } else { LOG.warn("device authentication has been disabled"); LOG.warn("any device may publish data on behalf of all other devices"); addTelemetryApiRoutes(router, null); addEventApiRoutes(router, null); addCommandResponseRoutes(router, null); } }
/** * Creates the default auth handler to use for authenticating devices. * <p> * This default implementation creates a {@link ChainAuthHandler} consisting of * an {@link X509AuthHandler} and a {@link ConnectPacketAuthHandler} instance. * <p> * Subclasses may either set the auth handler expicitly using * {@link #setAuthHandler(AuthHandler)} or override this method in order to * create a custom auth handler. * * @return The handler. */ protected AuthHandler<MqttContext> createAuthHandler() { return new ChainAuthHandler<MqttContext>() .append(new X509AuthHandler( new TenantServiceBasedX509Authentication(getTenantServiceClient(), tracer), new X509AuthProvider(getCredentialsServiceClient(), getConfig(), tracer))) .append(new ConnectPacketAuthHandler( new UsernamePasswordAuthProvider( getCredentialsServiceClient(), getConfig(), tracer))); }