Enhancing HiveMQ Custom Extensions: Listener-Based Authentication
In this article, we'll explore how you can enhance your HiveMQ custom extension's authentication logic to be listener-specific. This approach ensures that your authentication mechanism is only applied to clients connecting through specific listeners, optimizing performance and security.
Instructions
The recommended approach is to incorporate the listener's check within your custom extension's authentication provider. This way, you can selectively apply authentication logic based on the listener being used. Below is an example of how you can achieve this:
Services.securityRegistry().setAuthenticatorProvider(authenticatorProviderInput -> { final Optional<Listener> listener = authenticatorProviderInput.getConnectionInformation().getListener(); if (listener.isPresent() && listener.get().getPort() == 1883) { return myTcpAuthenticator; } else { return null; } });
In this code snippet:
We retrieve the listener associated with the MQTT client connection.
We check if the listener is present and if its port matches the target port (in this case, 1883).
If the conditions are met, we return a custom authenticator (
myTcpAuthenticator
) that will handle the authentication for clients connecting to that specific listener.If the conditions are not met, we return
null
, indicating that no custom authentication should be applied.
With this solution, the authenticator will only be registered for matching clients of the specific listener (in this case, port 1883). This selective approach ensures that there is no unnecessary performance impact on MQTT clients connecting to other listeners.
Please get your custom extension certified by HiveMQ before using it in Production.