Hi all! I am new to MQTT and I am currently trying the HiveMQ MQTT broker. I have tried the extension from this website https://www.hivemq.com/extension/file-rbac-extension/
I followed the documentation from this website https://github.com/hivemq/hivemq-file-rbac-extension to setup the authentication for MQTT.
When I try publishing data from MQTT.fx to the broker with the user credentials within local host, it prompts not authorised.
2022-10-13 15:21:39,948 INFO --- BrokerConnectorController : onConnect
2022-10-13 15:21:39,949 INFO --- ScriptsController : Clear console.
2022-10-13 15:21:39,952 INFO --- MqttFX ClientModel : MqttClient with ID 2a23325aaa8248afa577708f6bf2b2ab assigned.
2022-10-13 15:21:39,963 ERROR --- MqttFX ClientModel : Error when connecting
org.eclipse.paho.client.mqttv3.MqttSecurityException: Not authorized to connect
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:988) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:145) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_181]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_181]
2022-10-13 15:21:39,964 ERROR --- MqttFX ClientModel : Please verify your Settings (e.g. Broker Address, Broker Port & Client ID) and the user credentials!
org.eclipse.paho.client.mqttv3.MqttSecurityException: Not authorized to connect
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:988) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:145) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) ~[?:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_181]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_181]
2022-10-13 15:21:39,968 INFO --- ScriptsController : Clear console.
2022-10-13 15:21:39,969 ERROR --- BrokerConnectService : Not authorized to connect
I pretty sure I have entered the correct user credentials. Can anyone help me with the issue or suggest me what I could do to setup the username authentication? Thanks in advance.
The following are my config files.
credentials.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
<users>
<user>
<name>user1</name>
<!--- password hash for "pass1" -->
<password>TUh5SWZlWmRNNzJQeXU0UkF2QmVKZXBBWFl6VU1Jc28=:gDR4bZ8kABBEL0WBflf09IMJahRlb1KGL2wJydlyWElfIu1F65SSU+RZZpjzy+vT4dDPJxiBSHM07wr56+bKsA==</password>
<roles>
<id>User</id>
</roles>
</user>
<user>
<name>admin</name>
<!-- password hash for "adminpass" -->
<password>Vjc1a0lxQ3Nvb0ljNFVHNE9WRnM3RG1IZmdNUFcwVGY=:100:PL2FLqfpdhONG7qXjAMmdVn4wlMiXnypdXiFW09zqorFhKgoiixFQw2EVJJfE9Zn79q45V7Xpc6JeKLp0ntmYA==</password>
<roles>
<id>Admin</id>
</roles>
</user>
</users>
<roles>
<role>
<id>User</id>
<permissions>
<permission>
<!-- PUBLISH and SUBSCRIBE to all topics below "data/<clientid>/" -->
<topic>data/${{clientid}}/#</topic>
</permission>
<permission>
<!-- PUBLISH to topic "outgoing/<clientid>", retained only-->
<topic>outgoing/${{clientid}}</topic>
<activity>PUBLISH</activity>
<retain>RETAINED</retain>
</permission>
<permission>
<!-- SUBSCRIBE to topic "incoming/<clientid>"-->
<topic>incoming/${{username}}/actions</topic>
<activity>SUBSCRIBE</activity>
</permission>
</permissions>
</role>
<role>
<id>Admin</id>
<permissions>
<permission>
<!-- Allow everything -->
<topic>#</topic>
</permission>
</permissions>
</role>
</roles>
</file-rbac>
extension-config.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<extension-configuration>
<!-- Reload interval for credentials in seconds -->
<credentials-reload-interval>60</credentials-reload-interval>
<!-- Optional list of names of listeners this extension is used for
<listener-names>
<listener-name>my-tcp-listener</listener-name>
<listener-name>8883</listener-name>
</listener-names> -->
<!-- If the credentials file is using HASHED or PLAIN passwords -->
<password-type>HASHED</password-type>
<!-- Use this option to toggle the behaviour in case authentication by this extension failed.
false (default) -> client don't get authenticated
true -> instead of failing the authentication we delegate the decision to the next extension with an
authentication implemented (with lower priority), in case no other extension exists we fail
the authentication -->
<!--next-extension-instead-of-fail>true</next-extension-instead-of-fail-->
</extension-configuration>
config.xml
<?xml version="1.0"?>
<hivemq>
<listeners>
<tcp-listener>
<port>1883</port>
<bind-address>0.0.0.0</bind-address>
<name>my-tcp-listener</name>
</tcp-listener>
</listeners>
<anonymous-usage-statistics>
<enabled>false</enabled>
</anonymous-usage-statistics>
</hivemq>