You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2015/06/10 21:00:00 UTC

[jira] [Resolved] (AMQ-5834) MQTT: Publish when not authorized can stall due to missing server ACK.

     [ https://issues.apache.org/jira/browse/AMQ-5834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish resolved AMQ-5834.
-------------------------------
    Resolution: Fixed

Fixed on master.

> MQTT: Publish when not authorized can stall due to missing server ACK.
> ----------------------------------------------------------------------
>
>                 Key: AMQ-5834
>                 URL: https://issues.apache.org/jira/browse/AMQ-5834
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: MQTT
>    Affects Versions: 5.11.0, 5.11.1
>            Reporter: Timothy Bish
>            Assignee: Timothy Bish
>             Fix For: 5.12.0
>
>
> An MQTT client can freeze during publishing when the client is not logged in with credentials necessary to write to the target destination.
> Both MQTT 3.1 specification and the updated 3.1.1 specification stipulate that the broker should reply with a positive acknowledgement even if the client has no rights to publish on a topic.   
> v3.1 Updated specification for PUBLISH
> {quote}
> MQTT 3.1 ( http://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#publish )
> "...
> Note that if a server implementation does not authorize a PUBLISH to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message.
> ..."
> {quote}
> And v3.1.1 Updated specification for PUBLISH
> {quote}
> MQTT 3.1.1 ( http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718037 )
> "...
> If a Server implementation does not authorize a PUBLISH to be performed by a Client; it has no way of informing that Client. It MUST either make a positive acknowledgement, according to the normal QoS rules, or close the Network Connection [MQTT-3.3.5-2].
> ..."
> {quote}
> In v3.1.1 we would be allowed to close the connection but given that there is no indication to the client as to why it lost its connection it would most likely just reconnect and continue on.
> We can log a warning on each failed PUBLISH due to security constraints to make it easier to debug missing messages.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)