Authentication and authorization of pub/sub

example/auth.json

@@ -0,0 +1,70 @@
+{
+	# Configure username/login
+	"authentication": [
+		{
+			# Authenticates user by password using sha256 hash and specified salt for password sha256(salt + password)
+			"name": "u1",
+			"method": "sha256",
+			"salt": "salt",
+			"digest": "38ea2e5e88fcd692fe177c6cada15e9b2db6e70bee0a0d6678c8d3b2a9aae2ad"
+		}
+		,
+		{
+			# Authenticates user by client certificate
+			"name": "u2",
+			"method": "client_cert",
+			"field": "CNAME"
+		}
+		,
+		{
+			# Handles all users that login without username / password
+			"name": "anonymous",
+			"method": "anonymous"
+		}
+		,
+		{
+			# Handles all users that are not authenticated (non-existing user, invalid password)
+			"name": "unauthenticated",
+			"method": "unauthenticated"
+		}
+	],
+
+	# Combine users into groups
+	"groups": [
+		{
+			# Users can be combined into groups, group name starts with @
+			"name": "@g1",
+			"members": ["u1", "u2", "anonymous", "unauthenticated"]
+		}
+	],
+
+	# Give access to topics
+	"authorization": [
+		{
+			# Specified users and groups are denied to publish on this topic
+			"topic": "#",
+			"deny": { "pub": ["@g1"] }
+		},
+		{
+			# Specified users and groups are denied to subscribe on this topic"
+			"topic": "#",
+			"deny": { "sub": ["@g1"] }
+		},
+		{
+			# Specified users and groups are allowed to subscribe and publish on this topic"
+			"topic": "sub/#",
+			"allow": {
+				"sub": ["@g1"],
+				"pub": ["@g1"]
+			}
+		},
+		{
+			# Specified users and groups are denied to subscribe and publish on this topic
+			"topic": "sub/topic1",
+			"deny": {
+				"sub": ["u1", "anonymous"],
+				"pub": ["u1", "anonymous"]
+			}
+		}
+	]	 
+} 

example/broker.conf

@@ -2,6 +2,7 @@
 verbose=1
 certificate=server.crt.pem
 private_key=server.key.pem
+auth_file=auth.json
 
 # 0 means automatic
 # Num of vCPU