MQTT client with retain set to true receives message sent by a client on a topic not allowed by SimpleAuthenticationPlugin ACL configuration

Solution In Progress - Updated -

Issue

A MQTT client, with retain set to true, can publish on a not allowed topic although not authorized by SimpleAuthenticationPlugin plugin filter implementation and although the security plugin throw a SecurityException during publish attempt.

We configured SimpleAuthenticationPlugin as follows we defined 2 users:

<authenticationUser username="user1" password=“user1" groups="users1”/>
<authenticationUser username="user2" password=“user2" groups="users2”/>

that are allowed to publish/subscribe on 2 different topics

<authorizationEntry topic="USER1.>" read="users1" write="users1" admin="users1" />
<authorizationEntry topic="USER2.>" read="users2" write="users2" admin="users2" />

We connected the client 1 with the credential users1 and subscribe USER1/TOPIC1/TOPIC2.

Then we connected the client 2 with the credential users2 and we publish a message to topic USER1/TOPIC1/TOPIC2.

The broker throw a SecurityException and the client 1 doesn’t receive any message.

But if the client 1 subscribe again the topic USER1/TOPIC1/TOPIC2 it receive the message that client 2 shouldn’t be allowed to sent.

Environment

  • JBoss A-MQ
    • 6.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content