HiveMQ

OnPublishSend skip sending to client

Hello,

I am interested in developing a plugin that will perform a form of “data ACL” ( when referring to ACL in context of topic subscribe/ publish permissions).

My use case is the following:

  • subscriber allowed to subscribe to topic tree “item/<some_type>”
  • type is a concept dynamically controlled by some kind of UI and there users are assigned to values of <some_type>
  • publisher can publish to “item/#”

Subscriber does not have a predefined list of types and also new types come and go therefor he/she will subscribe to “item/#”

when the messages are sent to all subscribers listening on “item/#” this plugin will access the backend application via a rest call and ask if the combination “topic” and “username” is allowed.
Topic being “item/<some_concrete_type>” will be easy to allow or skip sending that message to a particular client_session.

However looking at the possibilities of callback on HiveMQ i found “OnPublishSend” being the closest to what I need. But that callback documentation that “It’s not possible to interferere with HiveMQ directly with this callback.”

Did anyone try to implement something similar? How can I skip sending the message? Throwing a RuntimeException inside the callback will help?

Thank you!

A solution could be to implement a PublishInboundInterceptor and doing the access checks there. If the client is not authorized you could even return him a meaningful response - something like:

publishInboundOutput.preventPublishDelivery(AckReasonCode.NOT_AUTHORIZED);

Hope this helps!

4 Likes

Thank you @PremiumBurger.
It really helps. I even found a convenient sample code at https://www.hivemq.com/docs/hivemq/4.3/extensions/interceptors.html#publish-outbound-prevent

So the way to go for me is PublishOutboundInterceptor.

Thanks again