You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2015/06/10 20:30:00 UTC

[jira] [Created] (AMQ-5834) MQTT: Publish when not authorized can stall due to missing server ACK.

Timothy Bish created AMQ-5834:
---------------------------------

             Summary: MQTT: Publish when not authorized can stall due to missing server ACK.
                 Key: AMQ-5834
                 URL: https://issues.apache.org/jira/browse/AMQ-5834
             Project: ActiveMQ
          Issue Type: Bug
          Components: MQTT
    Affects Versions: 5.11.1, 5.11.0
            Reporter: Timothy Bish
            Assignee: Timothy Bish
             Fix For: 5.12.0


An MQTT client can freeze during publishing when the client is not logged in with credentials necessary to write to the target destination.

Both MQTT 3.1 specification and the updated 3.1.1 specification stipulate that the broker should reply with a positive acknowledgement even if the client has no rights to publish on a topic.   

v3.1 Updated specification for PUBLISH

{quote}
MQTT 3.1 ( http://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#publish )
"...
Note that if a server implementation does not authorize a PUBLISH to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message.
..."
{quote}

And v3.1.1 Updated specification for PUBLISH

{quote}
MQTT 3.1.1 ( http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718037 )
"...
If a Server implementation does not authorize a PUBLISH to be performed by a Client; it has no way of informing that Client. It MUST either make a positive acknowledgement, according to the normal QoS rules, or close the Network Connection [MQTT-3.3.5-2].
..."
{quote}

In v3.1.1 we would be allowed to close the connection but given that there is no indication to the client as to why it lost its connection it would most likely just reconnect and continue on.

We can log a warning on each failed PUBLISH due to security constraints to make it easier to debug missing messages.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)