[jira] [Commented] (ARTEMIS-5724) MQTT Last Will not sent because denied authorization

[Olaf Gustav (Jira)]

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18061977#comment-18061977
 ] 

Olaf Gustav commented on ARTEMIS-5724:
--------------------------------------

Hi [~pshields], is this still an issue when upgrading to Artemis 2.44.0? 
ARTEMIS-5163 fixed a similar problem.

> MQTT Last Will not sent because denied authorization
> ----------------------------------------------------
>
>                 Key: ARTEMIS-5724
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5724
>             Project: Artemis
>          Issue Type: New Feature
>    Affects Versions: 2.42.0
>            Reporter: Paul Shields
>            Priority: Major
>
> We are using the Last Lill and Testament (LWT) feature of MQTT but are also 
> using JWTs for authentication. We are using a custom JASSSecurityManager 
> plugin for this. The usage of JWT and LWT are competing features, since JWT 
> expires and LWT is intended to alert for unplanned disconnect of long-running 
> connections. We are seeing LWT messages not being sent because the LWT SEND 
> message is being sent after the expiration time of the JWT and Artemis issues 
> an ERROR.
> 2025-10-14 15:07:21,076 WARN  [org.apache.activemq.artemis.core.server] 
> AMQ222216: Security problem while authenticating: AMQ229031: Unable to 
> validate user from 127.0.0.6:36441. Username: x3000c0s11b0n0; SSL certificate 
> subject DN: unavailable
> 2025-10-14 15:07:21,077 ERROR 
> [org.apache.activemq.artemis.core.protocol.mqtt] AMQ834007: Authorization 
> failure sending will message: AMQ229031: Unable to validate user from 
> 127.0.0.6:36441. Username: x3000c0s11b0n0; SSL certificate subject DN: 
> unavailable
> It seems that Artemis is performing the authorization for the LWT when the 
> LWT is being sent and not when the client makes the connection to the broker 
> and the LWT is configured/set for the client.  
> A possible solution is that a feature could be added to Artemis so that LWT 
> are authorized on connect to avoid this kind of problem. This behavior would 
> be off by default so as not to impact existing users.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@artemis.apache.org
For additional commands, e-mail: issues-h...@artemis.apache.org