diff --git a/mqtt/pom.xml b/mqtt/pom.xml
index 3e79d2e..e08a76a 100644
--- a/mqtt/pom.xml
+++ b/mqtt/pom.xml
@@ -85,6 +85,12 @@
+
+ org.seedstack.seed
+ seed-web-security
+ ${seed.version}
+ test
+
org.seedstack.seed
seed-testing
diff --git a/mqtt/src/main/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResource.java b/mqtt/src/main/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResource.java
index 6136e4b..ef9386a 100644
--- a/mqtt/src/main/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResource.java
+++ b/mqtt/src/main/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResource.java
@@ -16,6 +16,7 @@
import org.seedstack.mqtt.spi.MqttInfo;
import org.seedstack.mqtt.spi.MqttPoolConfiguration;
import org.seedstack.seed.rest.Rel;
+import org.seedstack.seed.security.RequiresPermissions;
import javax.inject.Inject;
import javax.ws.rs.GET;
@@ -48,6 +49,7 @@ public class ClientResource {
@GET
@Rel(value = Rels.CLIENTS, home = true)
@Produces({MediaType.APPLICATION_JSON, "application/hal+json"})
+ @RequiresPermissions("seed:monitoring:mqtt:read")
public Response getClients() {
if (mqttInfo.getClientNames() != null && !mqttInfo.getClientNames().isEmpty()) {
return clientListRepresentation();
@@ -59,6 +61,7 @@ public Response getClients() {
@Path("/{clientId}")
@Rel(value = Rels.CLIENT)
@Produces({MediaType.APPLICATION_JSON, "application/hal+json"})
+ @RequiresPermissions("seed:monitoring:mqtt:read")
public Response getClient() {
boolean clientExists = clientExists(clientId);
if (clientExists) {
diff --git a/mqtt/src/main/resources/META-INF/configuration/mqtt-monitoring-security.props b/mqtt/src/main/resources/META-INF/configuration/mqtt-monitoring-security.props
new file mode 100644
index 0000000..c3eda33
--- /dev/null
+++ b/mqtt/src/main/resources/META-INF/configuration/mqtt-monitoring-security.props
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2013-2016, The SeedStack authors
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+[org.seedstack.seed.security.permissions]
+seed-monitoring-mqtt.reader = seed:monitoring:mqtt:read
diff --git a/mqtt/src/test/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResourceTest.java b/mqtt/src/test/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResourceTest.java
index 23b82c9..5265dd9 100644
--- a/mqtt/src/test/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResourceTest.java
+++ b/mqtt/src/test/java/org/seedstack/monitoring/mqtt/internal/rest/clients/ClientResourceTest.java
@@ -27,6 +27,10 @@
public class ClientResourceTest extends AbstractSeedWebIT {
+ private static final String LOGIN = "reader";
+
+ private static final String PASSWORD = "password";
+
@ArquillianResource
private URL baseURL;
@@ -48,7 +52,7 @@ public static WebArchive createDeployment() {
@RunAsClient
@Test
public void testGetClients() {
- Response response = expect().statusCode(200).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients");
+ Response response = expect().statusCode(200).given().auth().basic(LOGIN, PASSWORD).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients");
int resultSize = from(response.asString()).get("resultSize");
assertThat(resultSize).isEqualTo(1);
}
@@ -56,7 +60,7 @@ public void testGetClients() {
@RunAsClient
@Test
public void testGetClient() {
- Response response = expect().statusCode(200).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients/client_test");
+ Response response = expect().statusCode(200).given().auth().basic(LOGIN, PASSWORD).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients/client_test");
String clientId = from(response.asString()).get("clientId");
assertThat(clientId).isEqualTo("client_test");
}
@@ -64,6 +68,6 @@ public void testGetClient() {
@RunAsClient
@Test
public void testGetClientNotFound() {
- expect().statusCode(404).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients/client_fake");
+ expect().statusCode(404).given().auth().basic(LOGIN, PASSWORD).when().get(baseURL.toString() + "seed-monitoring/mqtt/clients/client_fake");
}
}
diff --git a/mqtt/src/test/resources/META-INF/configuration/mqtt.props b/mqtt/src/test/resources/META-INF/configuration/mqtt.props
index 20d3727..789ed6e 100644
--- a/mqtt/src/test/resources/META-INF/configuration/mqtt.props
+++ b/mqtt/src/test/resources/META-INF/configuration/mqtt.props
@@ -6,6 +6,21 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
+[org.seedstack.seed.security.urls]
+/** = authcBasic
+
+[org.seedstack.seed.security]
+realms = ConfigurationRealm
+
+ConfigurationRealm.role-mapping = ConfigurationRoleMapping
+ConfigurationRealm.role-permission-resolver = ConfigurationRolePermissionResolver
+
+[org.seedstack.seed.security.users]
+reader = password
+
+[org.seedstack.seed.security.roles]
+seed-monitoring-mqtt.reader = *
+
[org.seedstack.mqtt]
clients = client_test