Search in sources :

Example 1 with DeviceCredentials

use of org.eclipse.hono.adapter.auth.device.DeviceCredentials in project hono by eclipse.

the class AbstractVertxBasedHttpProtocolAdapter method handleBeforeCredentialsValidation.

/**
 * Handles any operations that should be invoked as part of the authentication process after the credentials got
 * determined and before they get validated. Can be used to perform checks using the credentials and tenant
 * information before the potentially expensive credentials validation is done
 * <p>
 * The default implementation updates the trace sampling priority in the execution context tracing span.
 * It also verifies that the tenant provided via the credentials is enabled and that the adapter is enabled for
 * that tenant, failing the returned future if either is not the case.
 * <p>
 * Subclasses should override this method in order to perform additional operations after calling this super method.
 *
 * @param credentials The credentials.
 * @param executionContext The execution context, including the TenantObject.
 * @return A future indicating the outcome of the operation. A failed future will fail the authentication attempt.
 */
protected Future<Void> handleBeforeCredentialsValidation(final DeviceCredentials credentials, final HttpContext executionContext) {
    final String tenantId = credentials.getTenantId();
    final String authId = credentials.getAuthId();
    final Span span = Optional.ofNullable(executionContext.getTracingSpan()).orElseGet(() -> {
        log.warn("handleBeforeCredentialsValidation: no span context set in httpContext");
        return NoopSpan.INSTANCE;
    });
    return getTenantConfiguration(tenantId, span.context()).recover(t -> Future.failedFuture(CredentialsApiAuthProvider.mapNotFoundToBadCredentialsException(t))).map(tenantObject -> {
        TracingHelper.setDeviceTags(span, tenantId, null, authId);
        TenantTraceSamplingHelper.applyTraceSamplingPriority(tenantObject, authId, span);
        return tenantObject;
    }).compose(tenantObject -> isAdapterEnabled(tenantObject)).mapEmpty();
}
Also used : HttpURLConnection(java.net.HttpURLConnection) HttpServer(io.vertx.core.http.HttpServer) Router(io.vertx.ext.web.Router) RoutingContext(io.vertx.ext.web.RoutingContext) BodyHandler(io.vertx.ext.web.handler.BodyHandler) Tags(io.opentracing.tag.Tags) ProcessingOutcome(org.eclipse.hono.service.metric.MetricsTags.ProcessingOutcome) EndpointType(org.eclipse.hono.service.metric.MetricsTags.EndpointType) TtdStatus(org.eclipse.hono.service.metric.MetricsTags.TtdStatus) DeviceCredentials(org.eclipse.hono.adapter.auth.device.DeviceCredentials) References(io.opentracing.References) Duration(java.time.Duration) Map(java.util.Map) WebSpanDecorator(org.eclipse.hono.service.http.WebSpanDecorator) TracingHelper(org.eclipse.hono.tracing.TracingHelper) CommandContext(org.eclipse.hono.client.command.CommandContext) MetricsTags(org.eclipse.hono.service.metric.MetricsTags) RegistrationAssertion(org.eclipse.hono.util.RegistrationAssertion) MessageHelper(org.eclipse.hono.util.MessageHelper) Future(io.vertx.core.Future) Device(org.eclipse.hono.auth.Device) Objects(java.util.Objects) List(java.util.List) ComponentMetaDataDecorator(org.eclipse.hono.service.http.ComponentMetaDataDecorator) TenantTraceSamplingHelper(org.eclipse.hono.tracing.TenantTraceSamplingHelper) Buffer(io.vertx.core.buffer.Buffer) CommandConsumer(org.eclipse.hono.client.command.CommandConsumer) HttpServerResponse(io.vertx.core.http.HttpServerResponse) DefaultFailureHandler(org.eclipse.hono.service.http.DefaultFailureHandler) Optional(java.util.Optional) Span(io.opentracing.Span) HttpContext(org.eclipse.hono.service.http.HttpContext) Command(org.eclipse.hono.client.command.Command) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashMap(java.util.HashMap) ClientErrorException(org.eclipse.hono.client.ClientErrorException) Constants(org.eclipse.hono.util.Constants) ArrayList(java.util.ArrayList) TracingHandler(org.eclipse.hono.service.http.TracingHandler) CompositeFuture(io.vertx.core.CompositeFuture) HttpUtils(org.eclipse.hono.service.http.HttpUtils) AsyncResult(io.vertx.core.AsyncResult) Strings(org.eclipse.hono.util.Strings) Route(io.vertx.ext.web.Route) CredentialsApiAuthProvider(org.eclipse.hono.adapter.auth.device.CredentialsApiAuthProvider) AbstractProtocolAdapterBase(org.eclipse.hono.adapter.AbstractProtocolAdapterBase) Direction(org.eclipse.hono.service.metric.MetricsTags.Direction) Promise(io.vertx.core.Promise) ServerErrorException(org.eclipse.hono.client.ServerErrorException) Sample(io.micrometer.core.instrument.Timer.Sample) CommandResponse(org.eclipse.hono.client.command.CommandResponse) TenantObject(org.eclipse.hono.util.TenantObject) SpanContext(io.opentracing.SpanContext) HttpServerOptions(io.vertx.core.http.HttpServerOptions) NoopSpan(io.opentracing.noop.NoopSpan) Handler(io.vertx.core.Handler) Span(io.opentracing.Span) NoopSpan(io.opentracing.noop.NoopSpan)

Example 2 with DeviceCredentials

use of org.eclipse.hono.adapter.auth.device.DeviceCredentials in project hono by eclipse.

the class VertxBasedAmqpProtocolAdapter method handleBeforeCredentialsValidation.

/**
 * Handles any operations that should be invoked as part of the authentication process after the credentials got
 * determined and before they get validated. Can be used to perform checks using the credentials and tenant
 * information before the potentially expensive credentials validation is done
 * <p>
 * The default implementation updates the trace sampling priority in the execution context tracing span.
 * <p>
 * Subclasses should override this method in order to perform additional operations after calling this super method.
 *
 * @param credentials The credentials.
 * @param executionContext The execution context, including the TenantObject.
 * @return A future indicating the outcome of the operation. A failed future will fail the authentication attempt.
 */
protected Future<Void> handleBeforeCredentialsValidation(final DeviceCredentials credentials, final SaslResponseContext executionContext) {
    final String tenantId = credentials.getTenantId();
    final Span span = executionContext.getTracingSpan();
    final String authId = credentials.getAuthId();
    return getTenantConfiguration(tenantId, span.context()).recover(t -> Future.failedFuture(CredentialsApiAuthProvider.mapNotFoundToBadCredentialsException(t))).compose(tenantObject -> {
        TracingHelper.setDeviceTags(span, tenantId, null, authId);
        final OptionalInt traceSamplingPriority = TenantTraceSamplingHelper.applyTraceSamplingPriority(tenantObject, authId, span);
        executionContext.getProtonConnection().attachments().set(AmqpAdapterConstants.KEY_TRACE_SAMPLING_PRIORITY, OptionalInt.class, traceSamplingPriority);
        return Future.succeededFuture();
    });
}
Also used : HttpURLConnection(java.net.HttpURLConnection) ProtonConnection(io.vertx.proton.ProtonConnection) ProtonReceiver(io.vertx.proton.ProtonReceiver) LifecycleChange(org.eclipse.hono.notification.deviceregistry.LifecycleChange) DeviceChangeNotification(org.eclipse.hono.notification.deviceregistry.DeviceChangeNotification) Tags(io.opentracing.tag.Tags) ProtonServer(io.vertx.proton.ProtonServer) HonoProtonHelper(org.eclipse.hono.util.HonoProtonHelper) ProcessingOutcome(org.eclipse.hono.service.metric.MetricsTags.ProcessingOutcome) EndpointType(org.eclipse.hono.service.metric.MetricsTags.EndpointType) Modified(org.apache.qpid.proton.amqp.messaging.Modified) DeviceCredentials(org.eclipse.hono.adapter.auth.device.DeviceCredentials) Map(java.util.Map) DeliveryState(org.apache.qpid.proton.amqp.transport.DeliveryState) AuthorizationException(org.eclipse.hono.adapter.AuthorizationException) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) Fields(io.opentracing.log.Fields) AmqpError(org.apache.qpid.proton.amqp.transport.AmqpError) TracingHelper(org.eclipse.hono.tracing.TracingHelper) ProtonSaslAuthenticatorFactory(io.vertx.proton.sasl.ProtonSaslAuthenticatorFactory) AllDevicesOfTenantDeletedNotification(org.eclipse.hono.notification.deviceregistry.AllDevicesOfTenantDeletedNotification) TenantServiceBasedX509Authentication(org.eclipse.hono.adapter.auth.device.TenantServiceBasedX509Authentication) Predicate(java.util.function.Predicate) Collection(java.util.Collection) CommandContext(org.eclipse.hono.client.command.CommandContext) RegistrationAssertion(org.eclipse.hono.util.RegistrationAssertion) ProtonQoS(io.vertx.proton.ProtonQoS) MessageHelper(org.eclipse.hono.util.MessageHelper) Collectors(java.util.stream.Collectors) Future(io.vertx.core.Future) Device(org.eclipse.hono.auth.Device) Objects(java.util.Objects) ErrorCondition(org.apache.qpid.proton.amqp.transport.ErrorCondition) List(java.util.List) QoS(org.eclipse.hono.service.metric.MetricsTags.QoS) TenantTraceSamplingHelper(org.eclipse.hono.tracing.TenantTraceSamplingHelper) CommandConsumer(org.eclipse.hono.client.command.CommandConsumer) Optional(java.util.Optional) Span(io.opentracing.Span) ProtonSender(io.vertx.proton.ProtonSender) NotificationEventBusSupport(org.eclipse.hono.notification.NotificationEventBusSupport) ProtonLink(io.vertx.proton.ProtonLink) Accepted(org.apache.qpid.proton.amqp.messaging.Accepted) ProtonServerOptions(io.vertx.proton.ProtonServerOptions) Rejected(org.apache.qpid.proton.amqp.messaging.Rejected) ConnectionLimitManager(org.eclipse.hono.adapter.limiting.ConnectionLimitManager) Command(org.eclipse.hono.client.command.Command) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashMap(java.util.HashMap) ClientErrorException(org.eclipse.hono.client.ClientErrorException) AdapterDisabledException(org.eclipse.hono.adapter.AdapterDisabledException) ServiceInvocationException(org.eclipse.hono.client.ServiceInvocationException) OptionalInt(java.util.OptionalInt) AtomicReference(java.util.concurrent.atomic.AtomicReference) Function(java.util.function.Function) Commands(org.eclipse.hono.client.command.Commands) Constants(org.eclipse.hono.util.Constants) CompositeFuture(io.vertx.core.CompositeFuture) ProtonSession(io.vertx.proton.ProtonSession) Symbol(org.apache.qpid.proton.amqp.Symbol) AdapterConnectionsExceededException(org.eclipse.hono.adapter.AdapterConnectionsExceededException) Target(org.apache.qpid.proton.amqp.transport.Target) UnsignedLong(org.apache.qpid.proton.amqp.UnsignedLong) Message(org.apache.qpid.proton.message.Message) HttpUtils(org.eclipse.hono.service.http.HttpUtils) AsyncResult(io.vertx.core.AsyncResult) CommandConstants(org.eclipse.hono.util.CommandConstants) TenantChangeNotification(org.eclipse.hono.notification.deviceregistry.TenantChangeNotification) Strings(org.eclipse.hono.util.Strings) UsernamePasswordAuthProvider(org.eclipse.hono.adapter.auth.device.UsernamePasswordAuthProvider) CredentialsApiAuthProvider(org.eclipse.hono.adapter.auth.device.CredentialsApiAuthProvider) AbstractProtocolAdapterBase(org.eclipse.hono.adapter.AbstractProtocolAdapterBase) Direction(org.eclipse.hono.service.metric.MetricsTags.Direction) Promise(io.vertx.core.Promise) ServerErrorException(org.eclipse.hono.client.ServerErrorException) ProtonHelper(io.vertx.proton.ProtonHelper) Sample(io.micrometer.core.instrument.Timer.Sample) Released(org.apache.qpid.proton.amqp.messaging.Released) CommandResponse(org.eclipse.hono.client.command.CommandResponse) TenantObject(org.eclipse.hono.util.TenantObject) SpanContext(io.opentracing.SpanContext) Source(org.apache.qpid.proton.amqp.transport.Source) ConnectionAttemptOutcome(org.eclipse.hono.service.metric.MetricsTags.ConnectionAttemptOutcome) MemoryBasedConnectionLimitStrategy(org.eclipse.hono.adapter.limiting.MemoryBasedConnectionLimitStrategy) X509AuthProvider(org.eclipse.hono.adapter.auth.device.X509AuthProvider) Handler(io.vertx.core.Handler) Collections(java.util.Collections) DefaultConnectionLimitManager(org.eclipse.hono.adapter.limiting.DefaultConnectionLimitManager) OptionalInt(java.util.OptionalInt) Span(io.opentracing.Span)

Example 3 with DeviceCredentials

use of org.eclipse.hono.adapter.auth.device.DeviceCredentials in project hono by eclipse.

the class AbstractVertxBasedMqttProtocolAdapter method handleBeforeCredentialsValidation.

/**
 * Handles any operations that should be invoked as part of the authentication process after the credentials got
 * determined and before they get validated. Can be used to perform checks using the credentials and tenant
 * information before the potentially expensive credentials validation is done
 * <p>
 * The default implementation updates the trace sampling priority in the execution context tracing span.
 * It also verifies that the tenant provided via the credentials is enabled and that the adapter is enabled for
 * that tenant, failing the returned future if either is not the case.
 * <p>
 * Subclasses should override this method in order to perform additional operations after calling this super method.
 *
 * @param credentials The credentials.
 * @param executionContext The execution context, including the TenantObject.
 * @return A future indicating the outcome of the operation. A failed future will fail the authentication attempt.
 */
protected Future<Void> handleBeforeCredentialsValidation(final DeviceCredentials credentials, final MqttConnectContext executionContext) {
    final String tenantId = credentials.getTenantId();
    final Span span = executionContext.getTracingSpan();
    final String authId = credentials.getAuthId();
    return getTenantConfiguration(tenantId, span.context()).recover(t -> Future.failedFuture(CredentialsApiAuthProvider.mapNotFoundToBadCredentialsException(t))).map(tenantObject -> {
        TracingHelper.setDeviceTags(span, tenantId, null, authId);
        final OptionalInt traceSamplingPriority = TenantTraceSamplingHelper.applyTraceSamplingPriority(tenantObject, authId, span);
        executionContext.setTraceSamplingPriority(traceSamplingPriority);
        return tenantObject;
    }).compose(this::isAdapterEnabled).mapEmpty();
}
Also used : HttpURLConnection(java.net.HttpURLConnection) LifecycleChange(org.eclipse.hono.notification.deviceregistry.LifecycleChange) ZonedDateTime(java.time.ZonedDateTime) DeviceChangeNotification(org.eclipse.hono.notification.deviceregistry.DeviceChangeNotification) MqttEndpoint(io.vertx.mqtt.MqttEndpoint) MqttPublishMessage(io.vertx.mqtt.messages.MqttPublishMessage) Tags(io.opentracing.tag.Tags) ProcessingOutcome(org.eclipse.hono.service.metric.MetricsTags.ProcessingOutcome) EndpointType(org.eclipse.hono.service.metric.MetricsTags.EndpointType) DeviceCredentials(org.eclipse.hono.adapter.auth.device.DeviceCredentials) Map(java.util.Map) Pair(org.eclipse.hono.util.Pair) AuthorizationException(org.eclipse.hono.adapter.AuthorizationException) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) Fields(io.opentracing.log.Fields) JsonObject(io.vertx.core.json.JsonObject) MqttConnectionException(io.vertx.mqtt.MqttConnectionException) ZoneOffset(java.time.ZoneOffset) TracingHelper(org.eclipse.hono.tracing.TracingHelper) AllDevicesOfTenantDeletedNotification(org.eclipse.hono.notification.deviceregistry.AllDevicesOfTenantDeletedNotification) AuthHandler(org.eclipse.hono.adapter.auth.device.AuthHandler) Futures(org.eclipse.hono.util.Futures) TenantServiceBasedX509Authentication(org.eclipse.hono.adapter.auth.device.TenantServiceBasedX509Authentication) Predicate(java.util.function.Predicate) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) CommandContext(org.eclipse.hono.client.command.CommandContext) MetricsTags(org.eclipse.hono.service.metric.MetricsTags) Set(java.util.Set) RegistrationAssertion(org.eclipse.hono.util.RegistrationAssertion) MessageHelper(org.eclipse.hono.util.MessageHelper) Collectors(java.util.stream.Collectors) Future(io.vertx.core.Future) Device(org.eclipse.hono.auth.Device) Objects(java.util.Objects) List(java.util.List) TenantTraceSamplingHelper(org.eclipse.hono.tracing.TenantTraceSamplingHelper) Buffer(io.vertx.core.buffer.Buffer) CommandConsumer(org.eclipse.hono.client.command.CommandConsumer) Optional(java.util.Optional) Span(io.opentracing.Span) NotificationEventBusSupport(org.eclipse.hono.notification.NotificationEventBusSupport) MqttQoS(io.netty.handler.codec.mqtt.MqttQoS) MqttConnectReturnCode(io.netty.handler.codec.mqtt.MqttConnectReturnCode) ConnectionLimitManager(org.eclipse.hono.adapter.limiting.ConnectionLimitManager) Command(org.eclipse.hono.client.command.Command) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashMap(java.util.HashMap) ClientErrorException(org.eclipse.hono.client.ClientErrorException) Deque(java.util.Deque) ServiceInvocationException(org.eclipse.hono.client.ServiceInvocationException) OptionalInt(java.util.OptionalInt) AtomicReference(java.util.concurrent.atomic.AtomicReference) Constants(org.eclipse.hono.util.Constants) ArrayList(java.util.ArrayList) DeviceUser(org.eclipse.hono.service.auth.DeviceUser) MqttServer(io.vertx.mqtt.MqttServer) HashSet(java.util.HashSet) CompositeFuture(io.vertx.core.CompositeFuture) SSLSession(javax.net.ssl.SSLSession) MqttTopicSubscription(io.vertx.mqtt.MqttTopicSubscription) AdapterConnectionsExceededException(org.eclipse.hono.adapter.AdapterConnectionsExceededException) LinkedList(java.util.LinkedList) CommandConstants(org.eclipse.hono.util.CommandConstants) TenantChangeNotification(org.eclipse.hono.notification.deviceregistry.TenantChangeNotification) ChainAuthHandler(org.eclipse.hono.adapter.auth.device.ChainAuthHandler) UsernamePasswordAuthProvider(org.eclipse.hono.adapter.auth.device.UsernamePasswordAuthProvider) CredentialsApiAuthProvider(org.eclipse.hono.adapter.auth.device.CredentialsApiAuthProvider) AbstractProtocolAdapterBase(org.eclipse.hono.adapter.AbstractProtocolAdapterBase) Direction(org.eclipse.hono.service.metric.MetricsTags.Direction) MqttServerOptions(io.vertx.mqtt.MqttServerOptions) Promise(io.vertx.core.Promise) MqttSubscribeMessage(io.vertx.mqtt.messages.MqttSubscribeMessage) ServerErrorException(org.eclipse.hono.client.ServerErrorException) Sample(io.micrometer.core.instrument.Timer.Sample) CommandResponse(org.eclipse.hono.client.command.CommandResponse) TenantObject(org.eclipse.hono.util.TenantObject) SpanContext(io.opentracing.SpanContext) ErrorHandlingMode(org.eclipse.hono.adapter.mqtt.MqttContext.ErrorHandlingMode) MqttUnsubscribeMessage(io.vertx.mqtt.messages.MqttUnsubscribeMessage) ChronoUnit(java.time.temporal.ChronoUnit) ConnectionAttemptOutcome(org.eclipse.hono.service.metric.MetricsTags.ConnectionAttemptOutcome) MemoryBasedConnectionLimitStrategy(org.eclipse.hono.adapter.limiting.MemoryBasedConnectionLimitStrategy) X509AuthProvider(org.eclipse.hono.adapter.auth.device.X509AuthProvider) DateTimeFormatter(java.time.format.DateTimeFormatter) ArrayDeque(java.util.ArrayDeque) Handler(io.vertx.core.Handler) DefaultConnectionLimitManager(org.eclipse.hono.adapter.limiting.DefaultConnectionLimitManager) OptionalInt(java.util.OptionalInt) Span(io.opentracing.Span)

Aggregations

Sample (io.micrometer.core.instrument.Timer.Sample)3 Span (io.opentracing.Span)3 SpanContext (io.opentracing.SpanContext)3 Tags (io.opentracing.tag.Tags)3 CompositeFuture (io.vertx.core.CompositeFuture)3 Future (io.vertx.core.Future)3 Handler (io.vertx.core.Handler)3 Promise (io.vertx.core.Promise)3 HttpURLConnection (java.net.HttpURLConnection)3 HashMap (java.util.HashMap)3 List (java.util.List)3 Map (java.util.Map)3 Objects (java.util.Objects)3 Optional (java.util.Optional)3 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)3 Fields (io.opentracing.log.Fields)2 AsyncResult (io.vertx.core.AsyncResult)2 AbstractProtocolAdapterBase (org.eclipse.hono.adapter.AbstractProtocolAdapterBase)2 CredentialsApiAuthProvider (org.eclipse.hono.adapter.auth.device.CredentialsApiAuthProvider)2 DeviceCredentials (org.eclipse.hono.adapter.auth.device.DeviceCredentials)2