Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-1564

[MQTT]MQTT client can receive retained messages on a topic not allowed by SimpleAuthenticationPlugin ACL configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • JBoss A-MQ 6.1
    • mqtt
    • None

      MQTT client can receive retained messages on a topic not allowed by SimpleAuthenticationPlugin ACL configurationA client (clientA) publish a message, with retain flag set to true, to a topic that is allowed to publish to by the SimpleAuthenticationPlugin.
      Then if a client (clientB) that isn't allowed to subscribe this topic, tries to subscribe this topic, the SimpleAuthenticationPlugin throws a security exception but the client (clientB) receives the retained message published by clientA.*NOTE*: This is not reproducible on A-MQ 6.2.

        1. activemq.xml
          5 kB
        2. MqttCallbackTest.java
          2 kB
        3. TestSubsRetain.java
          13 kB

              dejanbosanac Dejan Bosanac
              rhn-support-pfox Patrick Fox (Inactive)
              Tomas Kratky Tomas Kratky (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: