/** * Processes a peer's AMQP <em>open</em> frame. * <p> * This default implementation * <ol> * <li>adds a unique connection identifier to the connection's attachments * under key {@link Constants#KEY_CONNECTION_ID}</li> * <li>invokes {@link #processDesiredCapabilities(ProtonConnection, Symbol[])}</li> * <li>sets a timer that closes the connection once the client's token * has expired</li> * <li>sends the AMQP <em>open</em> frame to the peer</li> * </ol> * * @param connection The connection to open. */ protected void processRemoteOpen(final ProtonConnection connection) { final HonoUser clientPrincipal = Constants.getClientPrincipal(connection); LOG.debug("client [container: {}, user: {}] connected", connection.getRemoteContainer(), clientPrincipal.getName()); // attach an ID so that we can later inform downstream components when connection is closed connection.attachments().set(Constants.KEY_CONNECTION_ID, String.class, UUID.randomUUID().toString()); processDesiredCapabilities(connection, connection.getRemoteDesiredCapabilities()); final Duration delay = Duration.between(Instant.now(), clientPrincipal.getExpirationTime()); final WeakReference<ProtonConnection> conRef = new WeakReference<>(connection); vertx.setTimer(delay.toMillis(), timerId -> { if (conRef.get() != null) { closeExpiredConnection(conRef.get()); } }); connection.open(); }
processDesiredCapabilities(connection, connection.getRemoteDesiredCapabilities()); final Duration delay = Duration.between(Instant.now(), clientPrincipal.getExpirationTime()); final WeakReference<ProtonConnection> conRef = new WeakReference<>(connection);
/** * Processes the AMQP <em>open</em> frame received from a peer. * <p> * Checks if the open frame contains a desired <em>ADDRESS_AUTHZ</em> capability and if so, * adds the authenticated clients' authorities to the properties of the open frame sent * to the peer in response. * * @param connection The connection opened by the peer. */ @Override protected void processRemoteOpen(final ProtonConnection connection) { final boolean isAddressAuthz = Arrays.stream(connection.getRemoteDesiredCapabilities()) .anyMatch(symbol -> symbol.equals(CAPABILITY_ADDRESS_AUTHZ)); if (isAddressAuthz) { LOG.debug("client [container: {}] requests transfer of authenticated user's authorities in open frame", connection.getRemoteContainer()); processAddressAuthzCapability(connection); } connection.open(); vertx.setTimer(5000, closeCon -> { if (!connection.isDisconnected()) { LOG.debug("connection with client [{}] timed out after 5 seconds, closing connection", connection.getRemoteContainer()); connection.setCondition(ProtonHelper.condition(Constants.AMQP_ERROR_INACTIVITY, "client must retrieve token within 5 secs after opening connection")).close(); } }); }
props.put(Symbol.valueOf("authenticated-identity"), authUserMap); props.put(Symbol.valueOf("groups"), new ArrayList<>(userData.getGroups())); if(connection.getRemoteDesiredCapabilities() != null && Arrays.asList(connection.getRemoteDesiredCapabilities()).contains(ADDRESS_AUTHZ_CAPABILITY)) { connection.setOfferedCapabilities(new Symbol[] { ADDRESS_AUTHZ_CAPABILITY }); props.put(ADDRESS_AUTHZ_PROPERTY, getPermissionsFromGroups(userData.getGroups()));