You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Stan Petrula <s....@spedion.de> on 2020/04/01 12:40:13 UTC
Re: Artemis: Restricting access based on protocol
Hi Domenico,
thank you for the suggestion, but unfortunately it does not work. I am using
slightly modified interceptor code:
public class MQTTLoginFilterInterceptor implements MQTTInterceptor {
@Override
public boolean intercept(final MqttMessage mqttMessage,
RemotingConnection connection) {
System.out.println("MQTT intercept called");
if (mqttMessage instanceof MqttConnectMessage){
MqttConnectMessage connectMessage =
(MqttConnectMessage)mqttMessage;
if (connectMessage.payload().userName() != null
&& connectMessage.payload().userName().compareTo("admin") ==
0){
System.out.println("reject admin login");
return false;
}
else{
System.out.println("allow user login");
}
}
return true;
}
}
Log output on admin login:
MQTT intercept called
reject admin login
MQTT intercept called
Logs shows that we can catch admin login, but returning false from
interceptor, after getting MqttConnectMessage, does not have any effect.
With this interceptor I can login as admin, subscribe and do any action
allowed. Do you have any idea?
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: Artemis: Restricting access based on protocol
Posted by brusdev <br...@gmail.com>.
Hi Stan,
the PR https://github.com/apache/activemq-artemis/pull/3058 is merged so it
will be included in the 2.12.0 release.
Regards,
Domenico
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: Artemis: Restricting access based on protocol
Posted by brusdev <br...@gmail.com>.
Hi Justin and Stan,
I found another bug, testing the the MqttConnectMessage rejection:
https://issues.apache.org/jira/browse/ARTEMIS-2686
I created a PR to fix this bug:
https://github.com/apache/activemq-artemis/pull/3058
Regards,
Domenico
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: Artemis: Restricting access based on protocol
Posted by Justin Bertram <jb...@apache.org>.
The problem is ARTEMIS-2607 which will be resolved in the 2.12.0 release.
Justin
[1] https://issues.apache.org/jira/browse/ARTEMIS-2607
On Wed, Apr 1, 2020 at 7:40 AM Stan Petrula <s....@spedion.de> wrote:
> Hi Domenico,
>
> thank you for the suggestion, but unfortunately it does not work. I am
> using
> slightly modified interceptor code:
>
> public class MQTTLoginFilterInterceptor implements MQTTInterceptor {
> @Override
> public boolean intercept(final MqttMessage mqttMessage,
> RemotingConnection connection) {
> System.out.println("MQTT intercept called");
>
> if (mqttMessage instanceof MqttConnectMessage){
> MqttConnectMessage connectMessage =
> (MqttConnectMessage)mqttMessage;
>
> if (connectMessage.payload().userName() != null
> && connectMessage.payload().userName().compareTo("admin")
> ==
> 0){
> System.out.println("reject admin login");
> return false;
> }
> else{
> System.out.println("allow user login");
> }
> }
>
> return true;
> }
> }
>
> Log output on admin login:
> MQTT intercept called
> reject admin login
> MQTT intercept called
>
> Logs shows that we can catch admin login, but returning false from
> interceptor, after getting MqttConnectMessage, does not have any effect.
> With this interceptor I can login as admin, subscribe and do any action
> allowed. Do you have any idea?
>
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>
>