[jira] [Created] (ARTEMIS-5751) Don't log stack-trace when MQTT 3.1.1 client isn't authorized to publish

Thu, 06 Nov 2025 13:50:06 -0800 

Justin Bertram created ARTEMIS-5751:
---------------------------------------

             Summary: Don't log stack-trace when MQTT 3.1.1 client isn't 
authorized to publish
                 Key: ARTEMIS-5751
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5751
             Project: ActiveMQ Artemis
          Issue Type: Improvement
            Reporter: Justin Bertram
            Assignee: Justin Bertram


Currently if an MQTT 3.1.1 client attempt to publish a message when it isn't 
authorized to do so a stack-trace is logged, e.g.:
{noformat}
2025-11-04 00:00:36,376 ERROR [org.apache.activemq.artemis.core.protocol.mqtt] 
AMQ834002: Error processing control packet: 
MqttPublishMessage[fixedHeader=MqttFixedHeader[messageType=PUBLISH, 
isDup=false, qosLevel=AT_LEAST_ONCE, isRetain=false, remainingLength=123], 
variableHeader=MqttPublishVariableHeader[topicName=my/topic, packetId=1], 
payload=PooledSlicedByteBuf(ridx: 0, widx: 123, cap: 123/123, unwrapped: 
PooledUnsafeDirectByteBuf(ridx: 123, widx: 123, cap: 123))]
org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229031: 
Unable to validate user from 1.2.3.4:123. Username: myUsername; SSL certificate 
subject DN: unavailable
        at 
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticationFailed(SecurityStoreImpl.java:448)
 
        at 
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:340)
 
        at 
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:515)
 
        at 
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.doSend(ServerSessionImpl.java:2318)
 
        at 
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.send(ServerSessionImpl.java:1948)
 
        at 
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.send(ServerSessionImpl.java:1887)
 
        at 
org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.sendToQueue(MQTTPublishManager.java:241)
 
        at 
org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.handlePublish(MQTTProtocolHandler.java:322)
 
        at 
org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.act(MQTTProtocolHandler.java:164)
 
        at org.apache.activemq.artemis.utils.actors.Actor.doTask(Actor.java:32)
        at 
org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635){noformat}
We should conform to broker norms for logging authorization failures instead.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to