we are validating the MQTT protocol implementation before moving from AMQ 6 to 7 and we found a behavior that seems not compliant with the specifications. The publish/subscribe on a not allowed topics (by security pugin) leed the broker to drop the client connection. MQTT 3.1 (from MQTT 3.1 official documentation -

https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#subscribe

)

SUBSCRIBE:

Note that if a server implementation does not authorize a SUBSCRIBE request to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement with a SUBACK, and the client will not be informed that it was not authorized to subscribe.

AMQ7 drop the connection

PUBLISH:

Note that if a server implementation does not authorize a PUBLISH to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message.

AMQ7 drop the connection

MQTT 3.1.1 (from MQTT 3.1.1 official documentation (

https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718063

):

SUBSCRIBE:

no specific action to be taken except for: When the Server receives a SUBSCRIBE Packet from a Client, the Server MUST respond with a SUBACK Packet (so the connection should be kept active)

AMQ7 drop the connection

PUBLISH:

If a Server implementation does not authorize a PUBLISH to be performed by a Client; it has no way of informing that Client. It MUST either make a positive acknowledgement, according to the normal QoS rules, or close the Network Connection [MQTT-3.3.5-2]. So, to be aligned with 3.1 specifications can the broker just make positive acknowledgement without dropping the connection?