Bringing MQTT authentication and REST together

For most non-trivial server software which run in production, authentication is a very important. Of course this also applies to MQTT brokers. Luckily the MQTT v3.1 specification includes a username and password authentication mechanism which most MQTT brokers implement.

While username/password files for authentication are sufficient for playing around with MQTT brokers, they are not sufficient for enterprise-grade production systems. When integrating a MQTT broker in existing software landscapes, typically there are existing databases and services.

To demonstrate how dead simple it is to integrate an existing HTTP REST API for MQTT authentication, I created a simple HiveMQ MQTT broker plugin which delegates the authentication mechanism to the REST API (in this case a mock REST API). This API returns a JSON response which we parse in the HiveMQ plugin. It uses the excellent Apache HTTPClient from the HTTP Components project to integrate the authentication mechanism. You can find the project on Github here: https://github.com/dobermai/hivemq-rest-auth-plugin.

HiveMQ + REST API

This shows the whole implementation of the authentication mechanism. Feels like 90% exception handling ;-)

The exact same mechanism can be used if you want to integrate MQTT authentication with some SOAP webservices, NoSQL databases, SQL databases, OAuth and anything you can imagine.

Make sure your MQTT broker of choice supports plugins. If you want to give the HiveMQ plugin system a shot, start here.

Share this Diese Icons verlinken auf Bookmark Dienste bei denen Nutzer neue Inhalte finden und mit anderen teilen können.
  • MisterWong
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • TwitThis
  • DZone
  • Digg
  • Print

2 Gedanken zu “Bringing MQTT authentication and REST together

  1. Good example, but you do not show how ClientCredentialsData parameter is used in the HTTP POST.

    Thanks
    Gianluca

  2. Hi Gianluca,

    you are right, this example is very simplified and does not show how to pass data from the client credentials to the POST request.

    The easiest way would be to check out all the methods the ClientCredentialsData object gives you (see https://github.com/hivemq/hivemq-spi/blob/master/src/main/java/com/dcsquare/hivemq/spi/security/ClientCredentialsData.java or https://github.com/hivemq/hivemq-spi/blob/master/src/main/java/com/dcsquare/hivemq/spi/security/ClientData.java) and then just pass all relevant parameters to the Apache HTTPClient. If you are interested how to implement that with HTTPClient, take a look at this link: https://hc.apache.org/httpcomponents-client-ga/quickstart.html

    Hope this helps!
    Dominik

Hinterlasse eine Antwort

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Du kannst folgende HTML-Tags benutzen: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>