Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
This documentation is for WSO2 Message Broker version 3.2.0. For the latest documentation, see the documentation for WSO2 Enterprise Integrator.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Parameter NameDescriptionDefault Value
maximumRedeliveryAttemptsThe maximum number of times WSO2 MB should attempt to redeliver a message that has not reached a subscriber. For example, when this value is set to 10, another 10 attempts will be made to deliver the message. The default value can be changed depending on your reliability requirements. Read more about message redelivery.10
allowSharedTopicSubscriptionsIf this parameter is true, a durable subscription to a topic can be shared among multiple subscribers. That is, multiple clients can subscribe to a topic in WSO2 MB using the same client ID. Read more about durable subscriptions to topics.false
allowStrictNameValidation
If this parameter is true, the queue names and topic names will be validated according to the AMQP specification. When this parameter is set to false, it is possible to use ":" in topic names. Read more about this in 'Adding topics from management console'.
true

Message Queueing and Telemetry Transport (MQTT)

The Message Queueing and Telemetry Transport (MQTT) is a lightweight, broker-based publish/subscribe messaging protocol, which enables an extremely lightweight publish/subscribe messaging model. WSO2 MB 3.0.0 and later versions fully support MQTT version 3.1.0, and partially supports version 3.1.1.

...

Code Block
languagexml
<mqtt enabled="true">
	..............
    <security>
             <authentication>OPTIONAL</authentication>
             <authenticator>org.wso2.carbon.andes.authentication.andes.CarbonBasedMQTTAuthenticator</authenticator>
			 <!--authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
                <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
				<property name="username">admin</property>
				<property name="password">admin</property>
				<property name="maxConnectionsPerHost">10</property>
				<property name="maxTotalConnections">150</property>
			</authenticator-->
			<authorization>NOT_REQUIRED</authorization>
			<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
				<property name="connectionPermission">/permission/admin/mqtt/connect</property>
			</authorizer>
    </security>
</mqtt>

...


The above configuations are configurations are explained below:

 

  • Anchor
    authentication
    authentication
    The <authentication> element instructs the MQTT server on whether clients should always send credentials when establishing a connection. Possible values are as follows:

    OPTIONAL

    This is the default value. If an MQTT client sends credentials, the server will validate them. If the client does not send credentials, the server will allow the client to establish the connection without authentication. This behavior adheres to the MQTT 3.1 specification.

    REQUIRED

    If the MQTT client doesn't send credentials or if the credentials are invalid, the server will reject the connection. Note that if authentication is REQUIRED, the permissions linked to the credentials may also be checked depending on the value specified for <authorization> element.
  • The <authenticator> element specifies the class that implements authentication. By default, the org.wso2.carbon.andes.authentication.andes.CarbonBasedMQTTAuthenticator class is enabled, which authenticates the user's credentials against the carbon Carbon user store.

    If required, you can disable the default authenticator and enable the org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator authenticator class as shown below. This class enables OAuth-based authentication and authorization for MQTT.

    Code Block
    languagexml
    <mqtt enabled="true">
    	..............
        <security>
                 .........
    			 <authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
                    <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
    				<property name="username">admin</property>
    				<property name="password">admin</property>
    				<property name="maxConnectionsPerHost">10</property>
    				<property name="maxTotalConnections">150</property>
    			</authenticator>
    			......
        </security>
    </mqtt>
  • Anchor
    authorization
    authorization
    The <authorization> element instructs the MQTT server on whether clients should have permission to publish messages to the broker or to subscribe to the broker. Possible values are as follows:

    NOT_REQUIRED

    This is the default value. The MQTT client does not require permission for the purpose of publishing messages or to subscribe.

    REQUIRED

    The permissions granted to the MQTT client will be checked before allowing the client to publish messages. This check will execute the class given in the <authorizer> element that is explained below. Note that the <authentication> element should be set to REQUIRED for authorization to be REQUIRED.

  • Anchor
    authorizer
    authorizer
    The <authorizer> element specifies the permissions required by a user to connect to the broker. This is applicable if the <authorization> element is set to REQUIRED.

    Code Block
    languagexml
    <mqtt enabled="true">
    	..............
        <security>
                 ........
    			<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
    				<property name="connectionPermission">/permission/admin/mqtt/connect</property>
    			</authorizer>
        </security>
    </mqtt>