updated possible root wildcard combinations.

hivemq · Apr 17, 2019 · b5d1f06 · b5d1f06
1 parent 457c28b
commit b5d1f06
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 6 deletions.
diff --git a/pom.xml b/pom.xml
@@ -20,7 +20,7 @@
 
     <groupId>com.hivemq.extension</groupId>
     <artifactId>hivemq-deny-wildcard-extension</artifactId>
-    <version>4.0.0</version>
+    <version>4.1.0</version>
     <description>HiveMQ Extension to deny top level wildcard subscription</description>
     <inceptionYear>2018</inceptionYear>
 
@@ -55,6 +55,11 @@
             <artifactId>hivemq-extension-sdk</artifactId>
             <version>4.0.0</version>
         </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>2.6</version>
+        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>

diff --git a/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java b/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java
@@ -21,9 +21,12 @@
 import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerInput;
 import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerOutput;
 import com.hivemq.extension.sdk.api.packets.subscribe.SubackReasonCode;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.regex.Pattern;
+
 
 /**
  * DenyWildcard-Extension is a extension which denies a wildcard subscription
@@ -43,14 +46,14 @@ public class DenyWildcardAuthorizer implements SubscriptionAuthorizer {
     private DenyWildcardAuthorizer() {
     }
 
-    public static final String WILDCARD = "#";
+    public static final String WILDCARD_CHARS = "#/+";
     private static Logger logger = LoggerFactory.getLogger(DenyWildcardAuthorizer.class);
 
     @Override
     public void authorizeSubscribe(@NotNull final SubscriptionAuthorizerInput subscriptionAuthorizerInput, @NotNull final SubscriptionAuthorizerOutput subscriptionAuthorizerOutput) {
         final String topicFilter = subscriptionAuthorizerInput.getSubscription().getTopicFilter();
-        if (topicFilter.equals(WILDCARD)) {
-            logger.debug("Client {} tried to subscribe to an invalid subscription '#'", subscriptionAuthorizerInput.getClientInformation().getClientId());
+        if (StringUtils.containsOnly(topicFilter, WILDCARD_CHARS)) {
+            logger.debug("Client {} tried to subscribe to an denied root wildcard topic filter '{}'", subscriptionAuthorizerInput.getClientInformation().getClientId(), topicFilter);
             subscriptionAuthorizerOutput.failAuthorization(SubackReasonCode.NOT_AUTHORIZED, REASON_STRING);
         } else {
             subscriptionAuthorizerOutput.authorizeSuccessfully();

diff --git a/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java b/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java
@@ -55,13 +55,69 @@ public void setUp() throws Exception {
     }
 
     @Test
-    public void test_denied() {
+    public void test_denied_hashtag() {
         when(input.getSubscription().getTopicFilter()).thenReturn("#");
         DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
 
         verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
     }
 
+    @Test
+    public void test_denied_plus() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("+");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_plus_slash() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("+/");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_hashtag_slash() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("#/");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_hashtag_plus() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("#/+");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_plus_hashtag() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("+/#");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_slash_plus() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("/+");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
+    @Test
+    public void test_denied_slash_hashtag() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("/#");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+    }
+
     @Test
     public void test_success() {
         when(input.getSubscription().getTopicFilter()).thenReturn("topic");
@@ -71,10 +127,27 @@ public void test_success() {
     }
 
     @Test
-    public void test_success_non_root_wildcard() {
+    public void test_success_non_root_hashtag() {
         when(input.getSubscription().getTopicFilter()).thenReturn("topic/#");
         DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
 
         verify(output).authorizeSuccessfully();
     }
+
+    @Test
+    public void test_success_non_root_plus() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("topic/+");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).authorizeSuccessfully();
+    }
+
+    @Test
+    public void test_success_non_trailing_plus() {
+        when(input.getSubscription().getTopicFilter()).thenReturn("+/topic");
+        DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+        verify(output).authorizeSuccessfully();
+    }
+
 }