diff --git a/pom.xml b/pom.xml
index bf79ad8..4ee3976 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
com.hivemq.extension
hivemq-deny-wildcard-extension
- 4.0.0
+ 4.1.0
HiveMQ Extension to deny top level wildcard subscription
2018
@@ -55,6 +55,11 @@
hivemq-extension-sdk
4.0.0
+
+ commons-lang
+ commons-lang
+ 2.6
+
org.slf4j
slf4j-api
diff --git a/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java b/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java
index 3a0ac74..e4fc0ee 100644
--- a/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java
+++ b/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java
@@ -21,9 +21,12 @@
import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerInput;
import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerOutput;
import com.hivemq.extension.sdk.api.packets.subscribe.SubackReasonCode;
+import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.regex.Pattern;
+
/**
* DenyWildcard-Extension is a extension which denies a wildcard subscription
@@ -43,14 +46,14 @@ public class DenyWildcardAuthorizer implements SubscriptionAuthorizer {
private DenyWildcardAuthorizer() {
}
- public static final String WILDCARD = "#";
+ public static final String WILDCARD_CHARS = "#/+";
private static Logger logger = LoggerFactory.getLogger(DenyWildcardAuthorizer.class);
@Override
public void authorizeSubscribe(@NotNull final SubscriptionAuthorizerInput subscriptionAuthorizerInput, @NotNull final SubscriptionAuthorizerOutput subscriptionAuthorizerOutput) {
final String topicFilter = subscriptionAuthorizerInput.getSubscription().getTopicFilter();
- if (topicFilter.equals(WILDCARD)) {
- logger.debug("Client {} tried to subscribe to an invalid subscription '#'", subscriptionAuthorizerInput.getClientInformation().getClientId());
+ if (StringUtils.containsOnly(topicFilter, WILDCARD_CHARS)) {
+ logger.debug("Client {} tried to subscribe to an denied root wildcard topic filter '{}'", subscriptionAuthorizerInput.getClientInformation().getClientId(), topicFilter);
subscriptionAuthorizerOutput.failAuthorization(SubackReasonCode.NOT_AUTHORIZED, REASON_STRING);
} else {
subscriptionAuthorizerOutput.authorizeSuccessfully();
diff --git a/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java b/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java
index 2e7c13c..486c1d7 100644
--- a/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java
+++ b/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java
@@ -55,13 +55,69 @@ public void setUp() throws Exception {
}
@Test
- public void test_denied() {
+ public void test_denied_hashtag() {
when(input.getSubscription().getTopicFilter()).thenReturn("#");
DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
}
+ @Test
+ public void test_denied_plus() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("+");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_plus_slash() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("+/");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_hashtag_slash() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("#/");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_hashtag_plus() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("#/+");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_plus_hashtag() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("+/#");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_slash_plus() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("/+");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
+ @Test
+ public void test_denied_slash_hashtag() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("/#");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING);
+ }
+
@Test
public void test_success() {
when(input.getSubscription().getTopicFilter()).thenReturn("topic");
@@ -71,10 +127,27 @@ public void test_success() {
}
@Test
- public void test_success_non_root_wildcard() {
+ public void test_success_non_root_hashtag() {
when(input.getSubscription().getTopicFilter()).thenReturn("topic/#");
DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
verify(output).authorizeSuccessfully();
}
+
+ @Test
+ public void test_success_non_root_plus() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("topic/+");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).authorizeSuccessfully();
+ }
+
+ @Test
+ public void test_success_non_trailing_plus() {
+ when(input.getSubscription().getTopicFilter()).thenReturn("+/topic");
+ DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output);
+
+ verify(output).authorizeSuccessfully();
+ }
+
}