Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
This documentation is for WSO2 Message Broker version 3.2.0. For the latest documentation, see the documentation for WSO2 Enterprise Integrator.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Enabling the transport

The AMQP transport is enabled by default, as shown in the following extract of the broker.xml file:

...

As shown above, if the value of this parameter is true, the AMQP transport is enabled and the AMQP protocol will be applied to messages sent to the specified listening port. The default listening port specified for the AMQP transport is 5672. That is, the AMQP broker will be initialized with this port by default. This value will be incremented based on the offset specified in the carbon.xml.

Configuring the SSL connection

...

  • QoS 1 - At Most One - At this level, messages are delivered to subscribers in the most efficient manner. A message is dispatched only once.
  • QoS 2 - At Least One - At this level, the system will ensure that a message is received by the subscriber at least once. The level of delivery is assured through acknowledged delivery.
  • QoS 3 - Exactly Once - At this level, the message is delivered only once to its subscriber. This level is also defined as Assured Delivery.

Enabling the transport

The Just as the AMQP transport, the MQTT transport can be configured using the <MB_HOME>/repository/conf/broker.xml file contains parameters related to configuring the MQTT transport. The transport can be enabled .

Enabling the transport

The MQTT transport is enabled by default, as shown in the following extract of the broker.xml file.:

Code Block
languagexml
<mqtt enabled="true">
	<defaultConnection enabled="true" port="1883" />
	.......
</mqtt>

As shown above, If the value for this parameter is true, the MQTT transport is enabled and the MQTT protocol will be applied to messages that are sent to the specified listening port. The listening port for the MQTT transport is 1883. The MQTT broker will be initialized with the this specified port by default. This value would will be incremented based on the offset specified in the carbon.xml.

Configuring the SSL connection

You can configure the a secure SSL connection for the MQTT transport using the <sslConnection> element in the broker.xml file. See Enabling SSL Support in the Broker for information.

...

Code Block
languagexml
<mqtt enabled="true">
	..............
    <security>
             <authentication>OPTIONAL</authentication>
             <authenticator>org.wso2.carbon.andes.authentication.andes.CarbonBasedMQTTAuthenticator</authenticator>
			 <!--authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
                <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
				<property name="username">admin</property>
				<property name="password">admin</property>
				<property name="maxConnectionsPerHost">10</property>
				<property name="maxTotalConnections">150</property>
			</authenticator-->
			<authorization>NOT_REQUIRED</authorization>
			<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
				<property name="connectionPermission">/permission/admin/mqtt/connect</property>
			</authorizer>
    </security>
</mqtt>

 

The above configuations are explained below:

 

  • Anchor
    authentication
    authentication
    The <authentication> element instructs the MQTT server on whether clients should always send credentials when establishing a connection. Possible values are as follows:

    OPTIONAL

    This is the default value. If an MQTT client sends credentials, the server will validate them. If the client does not send credentials, the server will allow the client to establish the connection without authentication. This behavior adheres to the MQTT 3.1 specification.

    REQUIRED

    If the MQTT client doesn't send credentials or if the credentials are invalid, the server will reject the connection.
  • The <authenticator> element specifies the class that is implementedimplements authentication. By default, the org.wso2.carbon.andes.authentication.andes.CarbonBasedMQTTAuthenticator class is enabled, which authenticates the user's credentials against the carbon user store.

    If required, you can disable the default authenticator and enable the org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator authenticator class as shown below. This class enables OAuth-based authentication and authorization for MQTT.

    Code Block
    languagexml
    <mqtt enabled="true">
    	..............
        <security>
                 .........
    			 <authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
                    <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
    				<property name="username">admin</property>
    				<property name="password">admin</property>
    				<property name="maxConnectionsPerHost">10</property>
    				<property name="maxTotalConnections">150</property>
    			</authenticator>
    			......
        </security>
    </mqtt>
  • Anchor
    authorization
    authorization
    The <authorization> element instructs the MQTT server on whether clients should be authorized before either publishing or subscribinghave permission to publish messages to the broker or to subscribe to the broker. Possible values are as follows:

    NOT_REQUIRED

    This is the default value. The MQTT will skip the authorization checkclient does not require permission for the purpose of publishing messages or to subscribe.

    REQUIRED

    The permissions granted to the MQTT clients client will be authorized before publishing mesageschecked before allowing the client to publish messages. This check will execute the class given in the authorizer <authorizer> element that is explained below.
    Note that the <authentication> element should be set to REQUIRED for authorization to be REQUIRED.

  • Anchor
    authorizer
    authorizer
    The <authorizer> element specifies the permissions required by a user to connect to the broker. This is applicable if the <authorization> element is set to REQUIRED.

    Code Block
    languagexml
    <mqtt enabled="true">
    	..............
        <security>
                 ........
    			<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
    				<property name="connectionPermission">/permission/admin/mqtt/connect</property>
    			</authorizer>
        </security>
    </mqtt>