Hello,
we are moving a security plugin from ActiveMQ 5.x broker to Artemis 2.x.
To summarize the use case:
we need to prefix the MQTT client id provided during the connect with the
account name (something like account_name|client_id) to allow devices with the
same clientId, but different accounts, to connect to the broker without
triggering the stealing link.
Doing that with the ActiveMQ was possible. With Artemis SecurityPlugin any
clientId set through the proper RemotingConnection setter has no effect
(https://github.com/riccardomodanese/kapua/blob/feature-artemisAuthentication/broker/artemis/plugin/src/main/java/org/eclipse/kapua/broker/artemis/plugin/security/SecurityPlugin.java#L140).
Also the fully qualified queue name still use the “original” clientId without
the account_name prefix
We received a suggestion to use the interceptor but unfortunately the
MQTTConnect is final and has all the fields final so we cannot change the
clientId
We tried, just as experiment, using reflection to change the accessibility (no
security manager) and it seems to work. But, obviously, is just an experiment
and cannot be used in a real environment.
The MQTTConnect message is created by MQTTDecoder
(https://github.com/netty/netty/blob/4.1/codec-mqtt/src/main/java/io/netty/handler/codec/mqtt/MqttDecoder.java#L534)
but changing this part to introduce a callback that allows to change the
decoded clientId is out of the scope of this layer IMHO.
If someone has suggestion or, better, a solution please tell me!
Thanks!
Riccardo Modanese
