Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-5834

MQTT: Publish when not authorized can stall due to missing server ACK.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.11.0, 5.11.1
    • Fix Version/s: 5.12.0
    • Component/s: MQTT
    • Labels:
      None

      Description

      An MQTT client can freeze during publishing when the client is not logged in with credentials necessary to write to the target destination.

      Both MQTT 3.1 specification and the updated 3.1.1 specification stipulate that the broker should reply with a positive acknowledgement even if the client has no rights to publish on a topic.

      v3.1 Updated specification for PUBLISH

      MQTT 3.1 ( http://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#publish )
      "...
      Note that if a server implementation does not authorize a PUBLISH to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message.
      ..."

      And v3.1.1 Updated specification for PUBLISH

      MQTT 3.1.1 ( http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718037 )
      "...
      If a Server implementation does not authorize a PUBLISH to be performed by a Client; it has no way of informing that Client. It MUST either make a positive acknowledgement, according to the normal QoS rules, or close the Network Connection [MQTT-3.3.5-2].
      ..."

      In v3.1.1 we would be allowed to close the connection but given that there is no indication to the client as to why it lost its connection it would most likely just reconnect and continue on.

      We can log a warning on each failed PUBLISH due to security constraints to make it easier to debug missing messages.

        Attachments

          Activity

            People

            • Assignee:
              tabish121 Timothy Bish
              Reporter:
              tabish121 Timothy Bish
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: