From 44662c625bab8932bd3048ef4b8f39cc3eeddc1a Mon Sep 17 00:00:00 2001
From: ayyoob <ayyoobhamza@gmail.com>
Date: Mon, 9 May 2016 01:05:55 +0530
Subject: [PATCH] create mb extension for authorisation

---
 .../src/repository/conf/broker.xml            |   5 +-
 .../pom.xml                                   | 100 ++++++++++++++++++
 .../DeviceAccessBasedMQTTAuthorizer.java      |  76 +++++++++++++
 .../internal/AuthorizationDataHolder.java     |  67 ++++++++++++
 .../AuthorizationServiceComponent.java        |  93 ++++++++++++++++
 .../components/mb-extensions/pom.xml          |  38 +++++++
 .../pom.xml                                   |  81 ++++++++++++++
 .../src/main/resources/build.properties       |  19 ++++
 .../src/main/resources/p2.inf                 |   1 +
 .../features/mb-extensions-feature/pom.xml    |  40 +++++++
 modules/iot-extensions/pom.xml                |   2 +
 modules/p2-profile-gen/pom.xml                |  14 +++
 pom.xml                                       |  11 +-
 13 files changed, 543 insertions(+), 4 deletions(-)
 create mode 100644 modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
 create mode 100644 modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
 create mode 100644 modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
 create mode 100644 modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
 create mode 100644 modules/iot-extensions/components/mb-extensions/pom.xml
 create mode 100644 modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
 create mode 100644 modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties
 create mode 100644 modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf
 create mode 100644 modules/iot-extensions/features/mb-extensions-feature/pom.xml

diff --git a/modules/distribution/src/repository/conf/broker.xml b/modules/distribution/src/repository/conf/broker.xml
index b5c41b47..f7bacf1d 100644
--- a/modules/distribution/src/repository/conf/broker.xml
+++ b/modules/distribution/src/repository/conf/broker.xml
@@ -136,15 +136,14 @@ This file is ciphertool compliant. Refer PRODUCT_HOME/repository/conf/security/c
 					REQUIRED: Clients will authorized before publishing. this will execute the class given in authorzier
 					Note: authentication should be REQUIRED for authorization to be REQUIRED.
 			   -->
-				<authorization>NOT_REQUIRED</authorization>
+				<authorization>REQUIRED</authorization>
 
 				<!--Class name of the authorizer to use. class should
 					inherit from org.dna.mqtt.moquette.server.IAutherizer
 					Note: default implementation authorizes against carbon permission with the topic.
 				-->
 				<!--connectionPermission is required for a user to connect to broker-->
-				<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
-					<property name="connectionPermission">/permission/admin/mqtt/connect</property>
+				<authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer">
 				</authorizer>
 			</security>
 		</mqtt>
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
new file mode 100644
index 00000000..02887f66
--- /dev/null
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~   WSO2 Inc. licenses this file to you under the Apache License,
+  ~   Version 2.0 (the "License"); you may not use this file except
+  ~   in compliance with the License.
+  ~   You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~   Unless required by applicable law or agreed to in writing,
+  ~   software distributed under the License is distributed on an
+  ~   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~   KIND, either express or implied.  See the License for the
+  ~   specific language governing permissions and limitations
+  ~   under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <parent>
+        <artifactId>mb-extensions</artifactId>
+        <groupId>org.wso2.iot</groupId>
+        <version>1.0.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
+    <packaging>bundle</packaging>
+    <name>WSO2 Carbon - Component - MQTT - Authorization Manager</name>
+    <description>MQTT authorization manager based on Carbon device manager</description>
+    <url>http://wso2.org</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.utils</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.andes.wso2</groupId>
+            <artifactId>andes</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <artifactId>org.wso2.carbon.device.mgt.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
+                        <Bundle-Name>${project.artifactId}</Bundle-Name>
+                        <Private-Package>
+                            org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal
+                        </Private-Package>
+                        <Export-Package>
+                            !org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal,
+                            org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.*
+                        </Export-Package>
+                        <Import-Package>
+                            org.apache.log4j,
+                            org.dna.mqtt.moquette.server,
+                            org.wso2.andes.configuration.enums,
+                            org.wso2.andes.mqtt,
+                            org.wso2.carbon.context,
+                            org.wso2.carbon.device.mgt.common,
+                            org.wso2.carbon.device.mgt.common.authorization,
+                            org.apache.commons.logging,
+                            org.osgi.service.component,
+                            org.wso2.carbon.user.core.service,
+                            org.wso2.carbon.user.core.tenant
+                        </Import-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
+
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
new file mode 100644
index 00000000..4afc5e1c
--- /dev/null
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * 
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization;
+
+import org.apache.log4j.Logger;
+import org.dna.mqtt.moquette.server.IAuthorizer;
+import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
+import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+
+/**
+ * Authorize the connecting users against Carbon Permission Model. Intended usage is
+ * via providing fully qualified class name in broker.xml
+ * <p/>
+ * This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
+ */
+public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
+    private static final Logger logger = Logger.getLogger(DeviceAccessBasedMQTTAuthorizer.class);
+    /**
+     * {@inheritDoc} Authorize the user against carbon device mgt model.
+     */
+    @Override
+    public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
+                                        MQTTAuthoriztionPermissionLevel permissionLevel) {
+        try {
+            String topics[] = topic.split("/");
+            if (topics.length < 3) {
+                return false;
+            }
+            String tenantIdFromTopic = topics[0];
+            if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
+                return false;
+            }
+            String deviceTypeFromTopic = topics[1];
+            String deviceIdFromTopic = topics[2];
+            PrivilegedCarbonContext.startTenantFlow();
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+                    authorizationSubject.getTenantDomain(), true);
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authorizationSubject.getUsername());
+            return AuthorizationDataHolder.getInstance().getDeviceAccessAuthorizationService().isUserAuthorized(
+                    new DeviceIdentifier(deviceIdFromTopic, deviceTypeFromTopic));
+        } catch (DeviceAccessAuthorizationException e) {
+            logger.error("Failed on Device Access Authorization for user " + authorizationSubject.getUsername(), e);
+        } finally {
+            PrivilegedCarbonContext.endTenantFlow();
+        }
+        return false;
+    }
+
+    /**
+     * {@inheritDoc} Authorized the user against carbon device mgt model.
+     */
+    @Override
+    public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
+        return true;
+    }
+}
\ No newline at end of file
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
new file mode 100644
index 00000000..e14e4cdd
--- /dev/null
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
+
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
+import org.wso2.carbon.user.core.service.RealmService;
+import org.wso2.carbon.user.core.tenant.TenantManager;
+
+public class AuthorizationDataHolder {
+
+    private RealmService realmService;
+    private TenantManager tenantManager;
+    private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
+
+    private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
+
+    private AuthorizationDataHolder() {}
+
+    public static AuthorizationDataHolder getInstance() {
+        return thisInstance;
+    }
+
+    public RealmService getRealmService() {
+        return realmService;
+    }
+
+    public void setRealmService(RealmService realmService) {
+        this.realmService = realmService;
+        this.setTenantManager(realmService);
+    }
+
+    private void setTenantManager(RealmService realmService) {
+        if (realmService == null) {
+            throw new IllegalStateException("Realm service is not initialized properly");
+        }
+        this.tenantManager = realmService.getTenantManager();
+    }
+
+    public TenantManager getTenantManager() {
+        return tenantManager;
+    }
+
+    public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
+        return deviceAccessAuthorizationService;
+    }
+
+    public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
+        this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
+    }
+
+}
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
new file mode 100644
index 00000000..3ebb099e
--- /dev/null
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
+import org.wso2.carbon.user.core.service.RealmService;
+
+/**
+ * @scr.component name="org.wso2.carbon.devicemgt.policy.manager" immediate="true"
+ * @scr.reference name="user.realmservice.default"
+ * interface="org.wso2.carbon.user.core.service.RealmService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setRealmService"
+ * unbind="unsetRealmService"
+ * @scr.reference name="org.wso2.carbon.device.access.authorization"
+ * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setDeviceAccessAuthorizationService"
+ * unbind="unsetDeviceAccessAuthorizationService"
+ */
+@SuppressWarnings("unused")
+public class AuthorizationServiceComponent {
+
+    private static Log log = LogFactory.getLog(AuthorizationServiceComponent.class);
+
+    protected void activate(ComponentContext componentContext) {
+    }
+
+    @SuppressWarnings("unused")
+    protected void deactivate(ComponentContext componentContext) {
+    }
+
+
+    /**
+     * Sets Realm Service
+     *
+     * @param realmService An instance of RealmService
+     */
+    protected void setRealmService(RealmService realmService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Setting Realm Service");
+        }
+        AuthorizationDataHolder.getInstance().setRealmService(realmService);
+    }
+
+    /**
+     * Unsets Realm Service
+     *
+     * @param realmService An instance of RealmService
+     */
+    protected void unsetRealmService(RealmService realmService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Unsetting Realm Service");
+        }
+        AuthorizationDataHolder.getInstance().setRealmService(null);
+    }
+
+    protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Setting Device Access Authorization Service");
+        }
+        AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
+    }
+
+    protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Removing Device Access Authorization Service");
+        }
+        AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
+    }
+
+}
diff --git a/modules/iot-extensions/components/mb-extensions/pom.xml b/modules/iot-extensions/components/mb-extensions/pom.xml
new file mode 100644
index 00000000..5538ae32
--- /dev/null
+++ b/modules/iot-extensions/components/mb-extensions/pom.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ WSO2 Inc. licenses this file to you under the Apache License,
+~ Version 2.0 (the "License"); you may not use this file except
+~ in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~    http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied.  See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <groupId>org.wso2.iot</groupId>
+        <artifactId>iot-extensions</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>mb-extensions</artifactId>
+    <packaging>pom</packaging>
+    <name>WSO2 Carbon - MB Extension</name>
+    <url>http://wso2.org</url>
+
+    <modules>
+        <module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</module>
+    </modules>
+</project>
diff --git a/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
new file mode 100644
index 00000000..41fba9b0
--- /dev/null
+++ b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+  ~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <parent>
+        <artifactId>mb-extensions-feature</artifactId>
+        <groupId>org.wso2.iot</groupId>
+        <version>1.0.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</artifactId>
+    <packaging>pom</packaging>
+    <name>WSO2 Carbon - MQTT Authorization Feature</name>
+    <url>http://wso2.org</url>
+    <description>This feature contains the bundles required for mqtt authorization</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.wso2.iot</groupId>
+            <artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.wso2.maven</groupId>
+                <artifactId>carbon-p2-plugin</artifactId>
+                <version>${carbon.p2.plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>4-p2-feature-generation</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>p2-feature-gen</goal>
+                        </goals>
+                        <configuration>
+                            <id>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</id>
+                            <propertiesFile>../../etc/feature.properties</propertiesFile>
+                            <adviceFile>
+                                <properties>
+                                    <propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
+                                    <propertyDef>org.eclipse.equinox.p2.type.group:true</propertyDef>
+                                </properties>
+                            </adviceFile>
+                            <bundles>
+                                <bundleDef>
+                                    org.wso2.iot:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization:${carbon.iot.device.mgt.version}
+                                </bundleDef>
+                            </bundles>
+                            <importFeatures>
+                                <importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef>
+                                <importFeatureDef>org.wso2.carbon.device.mgt.server:${carbon.device.mgt.version}</importFeatureDef>
+                            </importFeatures>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties
new file mode 100644
index 00000000..ddedd58d
--- /dev/null
+++ b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+#
+# WSO2 Inc. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+custom = true
diff --git a/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf
new file mode 100644
index 00000000..7ab37b9d
--- /dev/null
+++ b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf
@@ -0,0 +1 @@
+instructions.configure = \
\ No newline at end of file
diff --git a/modules/iot-extensions/features/mb-extensions-feature/pom.xml b/modules/iot-extensions/features/mb-extensions-feature/pom.xml
new file mode 100644
index 00000000..d4e4f32e
--- /dev/null
+++ b/modules/iot-extensions/features/mb-extensions-feature/pom.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied. See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <groupId>org.wso2.iot</groupId>
+        <artifactId>iot-extensions</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>mb-extensions-feature</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+    <name>WSO2 Carbon - Device Management, MB Extensions Feature</name>
+    <url>http://wso2.org</url>
+
+    <modules>
+        <module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</module>
+    </modules>
+
+</project>
diff --git a/modules/iot-extensions/pom.xml b/modules/iot-extensions/pom.xml
index d6dcaf7d..0d7fef92 100644
--- a/modules/iot-extensions/pom.xml
+++ b/modules/iot-extensions/pom.xml
@@ -34,7 +34,9 @@
 
     <modules>
         <module>components/das-extensions</module>
+        <module>components/mb-extensions</module>
         <module>features/das-extensions-feature</module>
+        <module>features/mb-extensions-feature</module>
     </modules>
 
 </project>
diff --git a/modules/p2-profile-gen/pom.xml b/modules/p2-profile-gen/pom.xml
index da918ec5..36dbc5e7 100644
--- a/modules/p2-profile-gen/pom.xml
+++ b/modules/p2-profile-gen/pom.xml
@@ -157,6 +157,9 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.feature:${carbon.device.mgt.plugin.version}
                                 </featureArtifactDef>
+                                <featureArtifactDef>
+                                    org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.adapter.feature:${carbon.device.mgt.plugin.version}
+                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.androidsense.feature:${carbon.device.mgt.plugin.version}
                                 </featureArtifactDef>
@@ -389,6 +392,9 @@
                                 <featureArtifactDef>
                                     org.wso2.iot:org.wso2.carbon.event.adapter.extensions.server.feature:${carbon.iot.device.mgt.version}
                                 </featureArtifactDef>
+                                <featureArtifactDef>
+                                    org.wso2.iot:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature:${carbon.iot.device.mgt.version}
+                                </featureArtifactDef>
 
                                 <!-- Mediation Features -->
                                 <featureArtifactDef>
@@ -783,6 +789,10 @@
                                     <id>org.wso2.carbon.event.adapter.extensions.server.feature.group</id>
                                     <version>${carbon.iot.device.mgt.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature.group</id>
+                                    <version>${carbon.iot.device.mgt.version}</version>
+                                </feature>
                                 <!-- End of IoTServer Features -->
 
                                 <!-- Device Management Features -->
@@ -853,6 +863,10 @@
                                     <id>org.wso2.carbon.device.mgt.iot.feature.group</id>
                                     <version>${carbon.device.mgt.plugin.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.device.mgt.iot.adapter.feature.group</id>
+                                    <version>${carbon.device.mgt.plugin.version}</version>
+                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.iot.androidsense.feature.group</id>
                                     <version>${carbon.device.mgt.plugin.version}</version>
diff --git a/pom.xml b/pom.xml
index a3f9434f..2fd4e319 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1041,12 +1041,21 @@
                 <version>${carbon.iot.device.mgt.version}</version>
             </dependency>
             <!--mqtt-->
+            <dependency>
+                <groupId>org.wso2.iot</groupId>
+                <artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
+                <version>${carbon.iot.device.mgt.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.eclipse.paho</groupId>
                 <artifactId>org.eclipse.paho.client.mqttv3</artifactId>
                 <version>${eclipse.paho.version}</version>
             </dependency>
-
+            <dependency>
+                <groupId>org.wso2.andes.wso2</groupId>
+                <artifactId>andes</artifactId>
+                <version>${carbon.messaging.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>