For most non-trivial server software which run in production, authentication is a very important. Of course this also applies to MQTT brokers. Luckily the MQTT v3.1 specification includes a username and password authentication mechanism which most MQTT brokers implement.
While username/password files for authentication are sufficient for playing around with MQTT brokers, they are not sufficient for enterprise-grade production systems. When integrating a MQTT broker in existing software landscapes, typically there are existing databases and services.
To demonstrate how dead simple it is to integrate an existing HTTP REST API for MQTT authentication, I created a simple HiveMQ MQTT broker plugin which delegates the authentication mechanism to the REST API (in this case a mock REST API). This API returns a JSON response which we parse in the HiveMQ plugin. It uses the excellent Apache HTTPClient from the HTTP Components project to integrate the authentication mechanism. You can find the project on Github here: https://github.com/dobermai/hivemq-rest-auth-plugin.
This shows the whole implementation of the authentication mechanism. Feels like 90% exception handling 😉
The exact same mechanism can be used if you want to integrate MQTT authentication with some SOAP webservices, NoSQL databases, SQL databases, OAuth and anything you can imagine.
Make sure your MQTT broker of choice supports plugins. If you want to give the HiveMQ plugin system a shot, start here.
Good example, but you do not show how ClientCredentialsData parameter is used in the HTTP POST.
you are right, this example is very simplified and does not show how to pass data from the client credentials to the POST request.
The easiest way would be to check out all the methods the ClientCredentialsData object gives you (see https://github.com/hivemq/hivemq-spi/blob/master/src/main/java/com/dcsquare/hivemq/spi/security/ClientCredentialsData.java or https://github.com/hivemq/hivemq-spi/blob/master/src/main/java/com/dcsquare/hivemq/spi/security/ClientData.java) and then just pass all relevant parameters to the Apache HTTPClient. If you are interested how to implement that with HTTPClient, take a look at this link: https://hc.apache.org/httpcomponents-client-ga/quickstart.html
Hope this helps!