AnyAuth and Integration with BifroMQ
The AnyAuth plugin is a powerful extension built upon the BifroMQ IAuthProvider
interface using PF4J. It is
designed to provide seamless authentication and authorization capabilities for BifroMQ, enabling users to secure access
to messages and resources across a wide range of clients.
BifroMQ in Smart Home
Background
Company A is a firm specializing in the smart home industry. They aim to enhance their product's value and user experience by incorporating IoT (Internet of Things) technology, allowing remote control of their products. They have chosen BifroMQ as their MQTT message middleware, integrated into their IoT platform to connect their smart home devices to the internet.
Key Participants
- Company A: Smart home devices manufacturer looking to enhance product value and user experience through IoT technology.
- Company B: Software development company responsible for developing the IoT platform and WeChat Mini Program for company A.
- BifroMQ: MQTT message middleware providing reliable message transmission services, integrated into the IoT platform by company B.
End Users
As users of the smart home devices, we anticipate the ability to remotely control the devices, e.g. air conditioner, adjust the temperature, check the current indoor temperature, and monitor the air conditioner's operational status through the WeChat Mini Program.
AnyAuth in BifroMQ
The versatility of the AnyAuth plugin lies in its support for various authentication mechanisms, including traditional username/password that is for devices, auth0, and even WeChat integration. This means that users can be authenticated by using their preferred social accounts, simplifying access to BifroMQ.
Furthermore, AnyAuth seamlessly integrates with BifroMQ, offering Role-Based Access Control (RBAC) through Access Control Lists (ACL). This feature empowers administrators to define distinct roles and permissions, which can then ensure fine-grained access control.
For more information and technical design, check the article.
Setup Steps
Integrating AnyAuth with BifroMQ has proven to be remarkably straightforward. Here's a concise rundown to get started:
Prerequisites
Before we dive in, it's essential to understand that AnyAuth's primary focus lies in querying users' credentials and corresponding ACL rules. Handling administrative tasks, such as user registration and ACL specification, falls under the purview of other services. To ensure a smooth data retrieval process, users must complete device registration and specify ACL requirements in advance.
Configure AnyAuth Plugin
AnyAuth's flexibility hinges on the correct configuration of authentication parameters. These parameters can vary
depending on your chosen authentication method (e.g., username/password, auth0 and WeChat). The configuration file can
be found in the bifromq-plugin-anyAuth/auth-plugin/src/main/resources
directory and will be packaged into the JAR file
after compilation. Therefore, it's crucial to configure it first.
tenantId: ${TENANTID}
device:
authUrl: ${AUTH_SERVICE_AUTH_URL}
checkUrl: ${AUTH_SERVICE_CHECK_URL}
auth0:
domain: ${AUTH0_DOMAIN}
wechat:
appId: ${APP_ID}
appSecret: ${APP_SECRET}
requestUrl: https://api.weixin.qq.com/sns/jscode2session?appid=
Setup BifroMQ with Plugin
Now, let's move to the practical implementation. In your AnyAuth project directory, run the following command to generate the necessary output:
cd bifromq-plugin-anyAuth && mvn clean package
This command will generate an auth-plugin-${VERSION}.jar
and auth-service-${VERSION}.tar.gz
file in their respective
target directories.
To ensure BifroMQ correctly loads the AnyAuth plugin, place the corresponding JAR file in the plugins directory
within BifroMQ's target directory, i.e. bifromq-${VERSION}/plugins
. Additionally, specify the Fully Qualified Name (FQN),
e.g. authProviderFQN: bifromq.plugin.auth.AuthProvider
, in BifroMQ's configuration file (conf/standalone.yml
).
Setup AnyAuth Service
The plugin JAR file acts as a client for authentication and authorization, while the AnyAuth service handles database query operations. Deploy the AnyAuth service, specifying MySQL connection parameters for credentials and permission rules queries.
For development or testing purposes, AnyAuth also supports dummy storage, i.e. set type: Dummy
in AnyAuth
service configuration file.
End-to-End Demo
With all the setup steps completed, we can now embark on an exciting journey. Utilize a WeChat MiniProgram to log in to BifroMQ, and a user-friendly GUI application to simulate devices. The video below showcases a typical scenario: a device reporting the current temperature via BifroMQ, and a WeChat MiniProgram receiving the message, subsequently issuing commands based on the data.