Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-7553

MQTT Subscription Cleanup Fails for a Client with Expired Credentials

XMLWordPrintable

      In a scenario where an MQTT client connects and subscribes with a token from a provider, if the token expires while the client is still connected, the client continues to receive messages. When the client then tries to close and remove the subscription, the operation fails with:

      2023-01-12 11:00:33,579 ERROR [org.apache.activemq.artemis.core.protocol.mqtt] AMQ834000: Error removing subscription.: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from /10.XXX.XXX.XXX:60849. Username: {TOKEN}; SSL certificate subject DN: unavailable]
              at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticationFailed(SecurityStoreImpl.java:362) [artemis-server-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:260) [artemis-server-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2415) [artemis-server-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2388) [artemis-server-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.deleteQueue(ServerSessionImpl.java:1180) [artemis-server-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.removeSubscription(MQTTSubscriptionManager.java:309) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.clean(MQTTSubscriptionManager.java:381) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.clean(MQTTSession.java:225) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.stop(MQTTSession.java:144) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.disconnect(MQTTConnectionManager.java:187) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.disconnect(MQTTProtocolHandler.java:270) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.disconnect(MQTTProtocolHandler.java:260) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.act(MQTTProtocolHandler.java:195) [artemis-mqtt-protocol-2.21.0.redhat-00041.jar:2.21.0.redhat-00041]
              at org.apache.activemq.artemis.utils.actors.Actor.doTask(Actor.java:33) [artemis-commons-2.21.0.redhat-00041.jar:]
              at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:67) [artemis-commons-2.21.0.redhat-00041.jar:]
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [java.base:]
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [java.base:]
              at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.21.0.redhat-00041.jar:]
      

      The result is that queues are left orphaned on the broker, leading to eventual memory exhaustion. In the event that there are messages left in the queue, if the client subsequently resubscribes, the messages are delivered to the client, even if it is subscribed with the cleanSession flag set true.

              rhn-support-jbertram Justin Bertram
              rhn-support-dhawkins Duane Hawkins
              Tiago Bueno Tiago Bueno
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: