Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-1564

[MQTT]MQTT client can receive retained messages on a topic not allowed by SimpleAuthenticationPlugin ACL configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • JBoss A-MQ 6.1
    • mqtt
    • None

      MQTT client can receive retained messages on a topic not allowed by SimpleAuthenticationPlugin ACL configurationA client (clientA) publish a message, with retain flag set to true, to a topic that is allowed to publish to by the SimpleAuthenticationPlugin.
      Then if a client (clientB) that isn't allowed to subscribe this topic, tries to subscribe this topic, the SimpleAuthenticationPlugin throws a security exception but the client (clientB) receives the retained message published by clientA.*NOTE*: This is not reproducible on A-MQ 6.2.

        1. activemq.xml
          5 kB
        2. MqttCallbackTest.java
          2 kB
        3. TestSubsRetain.java
          13 kB

            dejanbosanac Dejan Bosanac
            rhn-support-pfox Patrick Fox (Inactive)
            Tomas Kratky Tomas Kratky (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: