|
|
|
@ -50,7 +50,7 @@ import java.util.List;
|
|
|
|
|
import java.util.concurrent.TimeUnit;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Authorize the connecting users against Carbon Permission Model. Intended usage is
|
|
|
|
|
* Authorize the connecting users against CDMF. Intended usage is
|
|
|
|
|
* via providing fully qualified class name in broker.xml
|
|
|
|
|
* <p/>
|
|
|
|
|
* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
|
|
|
|
@ -83,6 +83,10 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
|
|
|
|
|
@Override
|
|
|
|
|
public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
|
|
|
|
|
MQTTAuthoriztionPermissionLevel permissionLevel) {
|
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
|
|
|
|
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true);
|
|
|
|
|
try {
|
|
|
|
|
String topics[] = topic.split("/");
|
|
|
|
|
String tenantDomainFromTopic = topics[0];
|
|
|
|
|
if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) {
|
|
|
|
@ -91,7 +95,7 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
|
|
|
|
|
if (topics.length < 3) {
|
|
|
|
|
AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic
|
|
|
|
|
, authorizationSubject.getUsername(), "", "");
|
|
|
|
|
if (cache.get(authorizationCacheKey)) {
|
|
|
|
|
if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
|
|
|
|
@ -105,6 +109,7 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} catch (FeignException e) {
|
|
|
|
|
logger.error(e.getMessage(), e);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -112,7 +117,7 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
|
|
|
|
|
String deviceId = topics[2];
|
|
|
|
|
AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic
|
|
|
|
|
, authorizationSubject.getUsername(), deviceId, deviceType);
|
|
|
|
|
if (cache.get(authorizationCacheKey)) {
|
|
|
|
|
if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -147,7 +152,10 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} catch (FeignException e) {
|
|
|
|
|
// do nothing.
|
|
|
|
|
logger.error(e.getMessage(), e);
|
|
|
|
|
}
|
|
|
|
|
} finally {
|
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|