private HonoClientBasedAuthProvider<UsernamePasswordCredentials> getUsernamePasswordAuthProvider() { if (usernamePasswordAuthProvider == null) { usernamePasswordAuthProvider = new UsernamePasswordAuthProvider(credentialsServiceClient, config, tracer); } return usernamePasswordAuthProvider; }
/** * Sets up the fixture. */ @Before public void setUp() { credentialsOnRecord = new CredentialsObject() .setAuthId("device") .setDeviceId("4711") .setType(CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD) .setEnabled(true); credentialsClient = mock(CredentialsClient.class); when(credentialsClient.get(anyString(), anyString(), any(JsonObject.class), any())).thenReturn(Future.succeededFuture(credentialsOnRecord)); credentialsServiceClient = mock(HonoClient.class); when(credentialsServiceClient.getOrCreateCredentialsClient(anyString())).thenReturn(Future.succeededFuture(credentialsClient)); pwdEncoder = mock(HonoPasswordEncoder.class); when(pwdEncoder.matches(anyString(), any(JsonObject.class))).thenReturn(true); provider = new UsernamePasswordAuthProvider(credentialsServiceClient, pwdEncoder, new ServiceConfigProperties(), NoopTracerFactory.create()); }
@Override public void doStart(final Future<Void> startFuture) { LOG.info("limiting size of inbound message payload to {} bytes", getConfig().getMaxPayloadSize()); if (!getConfig().isAuthenticationRequired()) { LOG.warn("authentication of devices turned off"); } checkPortConfiguration() .compose(ok -> { return CompositeFuture.all(bindSecureMqttServer(), bindInsecureMqttServer()); }).compose(t -> { if (usernamePasswordAuthProvider == null) { usernamePasswordAuthProvider = new UsernamePasswordAuthProvider(getCredentialsServiceClient(), getConfig()); } startFuture.complete(); }, startFuture); }
@Override protected void addRoutes(final Router router) { if (getConfig().isAuthenticationRequired()) { final ChainAuthHandler authHandler = new HonoChainAuthHandler(); authHandler.append(new X509AuthHandler( Optional.ofNullable(clientCertAuthProvider).orElse( new X509AuthProvider(getCredentialsServiceClient(), getConfig())), getTenantServiceClient(), tracer)); authHandler.append(new HonoBasicAuthHandler( Optional.ofNullable(usernamePasswordAuthProvider).orElse( new UsernamePasswordAuthProvider(getCredentialsServiceClient(), getConfig())), getConfig().getRealm())); addTelemetryApiRoutes(router, authHandler); addEventApiRoutes(router, authHandler); addCommandResponseRoutes(router, authHandler); } else { LOG.warn("device authentication has been disabled"); LOG.warn("any device may publish data on behalf of all other devices"); addTelemetryApiRoutes(router, null); addEventApiRoutes(router, null); addCommandResponseRoutes(router, null); } }
@Override protected void addRoutes(final Router router) { if (getConfig().isAuthenticationRequired()) { final ChainAuthHandler authHandler = ChainAuthHandler.create(); authHandler.append(new X509AuthHandler( new TenantServiceBasedX509Authentication(getTenantServiceClient(), tracer), Optional.ofNullable(clientCertAuthProvider).orElse( new X509AuthProvider(getCredentialsServiceClient(), getConfig(), tracer)))); authHandler.append(new HonoBasicAuthHandler( Optional.ofNullable(usernamePasswordAuthProvider).orElse( new UsernamePasswordAuthProvider(getCredentialsServiceClient(), getConfig(), tracer)), getConfig().getRealm(), tracer)); addTelemetryApiRoutes(router, authHandler); addEventApiRoutes(router, authHandler); addCommandResponseRoutes(router, authHandler); } else { LOG.warn("device authentication has been disabled"); LOG.warn("any device may publish data on behalf of all other devices"); addTelemetryApiRoutes(router, null); addEventApiRoutes(router, null); addCommandResponseRoutes(router, null); } }
/** * Creates the default auth handler to use for authenticating devices. * <p> * This default implementation creates a {@link ChainAuthHandler} consisting of * an {@link X509AuthHandler} and a {@link ConnectPacketAuthHandler} instance. * <p> * Subclasses may either set the auth handler expicitly using * {@link #setAuthHandler(AuthHandler)} or override this method in order to * create a custom auth handler. * * @return The handler. */ protected AuthHandler<MqttContext> createAuthHandler() { return new ChainAuthHandler<MqttContext>() .append(new X509AuthHandler( new TenantServiceBasedX509Authentication(getTenantServiceClient(), tracer), new X509AuthProvider(getCredentialsServiceClient(), getConfig(), tracer))) .append(new ConnectPacketAuthHandler( new UsernamePasswordAuthProvider( getCredentialsServiceClient(), getConfig(), tracer))); }