com.hivemq.spi.security.AuthorizationEvaluator Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of hivemq-spi Show documentation
The Service Provider Interfaces for developing HiveMQ plugins.
There is a newer version: 3.4.4
package com.hivemq.spi.security;

import com.hivemq.spi.callback.security.authorization.AuthorizationBehaviour;
import com.hivemq.spi.callback.security.authorization.AuthorizationResult;
import com.hivemq.spi.message.QoS;
import com.hivemq.spi.topic.MqttTopicPermission;
import org.apache.commons.lang3.StringUtils;

import java.util.List;

import static com.hivemq.spi.callback.security.authorization.AuthorizationBehaviour.ACCEPT;
import static com.hivemq.spi.callback.security.authorization.AuthorizationBehaviour.DENY;
import static com.hivemq.spi.topic.MqttTopicPermission.ACTIVITY;
import static com.hivemq.spi.topic.MqttTopicPermission.TYPE;

/**
 * Evaluator for the results of a OnAuthorizationCallback against a PUBLISH or a subscription.
 * It is used by HiveMQ to check, whether a publish or subscribe are permitted.
 *
 * @author Christoph Schäbel
 */
public class AuthorizationEvaluator {

    public static AuthorizationBehaviour checkPublish(final String topic, final QoS qos, final boolean retained, final AuthorizationResult authorizationResult) {

        final String[] splitTopic = StringUtils.splitPreserveAllTokens(topic, "/");

        final List mqttTopicPermissions = authorizationResult.getMqttTopicPermissions();

        if (mqttTopicPermissions == null || mqttTopicPermissions.size() < 1) {
            return authorizationResult.getDefaultBehaviour();
        }

        final String stripedTopic;
        if (topic.length() > 1) {
            stripedTopic = StringUtils.stripEnd(topic, "/");
        } else {
            stripedTopic = topic;
        }
        for (MqttTopicPermission mqttTopicPermission : mqttTopicPermissions) {
            if (mqttTopicPermission.implies(stripedTopic, splitTopic, qos, ACTIVITY.PUBLISH, retained)) {
                return mqttTopicPermission.getType() == TYPE.ALLOW ? ACCEPT : DENY;
            }
        }

        return authorizationResult.getDefaultBehaviour();
    }

    public static AuthorizationBehaviour checkSubscription(final String topic, final QoS qoS, final AuthorizationResult authorizationResult) {

        final String[] splitTopic = StringUtils.splitPreserveAllTokens(topic, "/");

        final List mqttTopicPermissions = authorizationResult.getMqttTopicPermissions();

        if (mqttTopicPermissions == null || mqttTopicPermissions.size() < 1) {
            return authorizationResult.getDefaultBehaviour();
        }

        final String stripedTopic;
        if (topic.length() > 1) {
            stripedTopic = StringUtils.stripEnd(topic, "/");
        } else {
            stripedTopic = topic;
        }
        for (MqttTopicPermission mqttTopicPermission : mqttTopicPermissions) {
            if (mqttTopicPermission.implies(stripedTopic, splitTopic, qoS, ACTIVITY.SUBSCRIBE)) {
                return mqttTopicPermission.getType() == TYPE.ALLOW ? ACCEPT : DENY;
            }
        }

        return authorizationResult.getDefaultBehaviour();
    }
}