fusesource/mqtt-client

Numerous connect/disconnect when mosca server does not grant access to topic at publish time

rudivk opened this issue · 0 comments

mqtt.zip
We plan to add authentication to our MQTT server using a simple strategy, inspired by what is being discussed on https://auth0.com/docs/integrations/authenticating-devices-using-mqtt. All of our topics contain the user's identification (e.g. /poc/mqtt/user-id/example) so it suffices for us to accept all connections and then deny access to publish on a topic when the user id is not part of the topic. In other words, a user that connected with id "rudi" will not be allowed to publish to "poc/mqtt/joost/example".
I have attached our mqtt configuration and authorization (see mqtt.zip).

What we have noticed is that when the producer connects with e.g. user id "rudi" and then attempts to publish on topic "poc/mqtt/joost/example" the fusesource library produces numerous connect/disconnect resulting in a high CPU load on the mqtt process. Since our mqtt server will be public on the intenert, that high cpu load looks like an easy denial of service attack so I want to avoid that. I have also noticed that when we add a Thread.sleep(2000) into the onDisconnect method of the ConnectionListener, the problem goes away entirely, meaning it is likely a timing issue inside the fusesource library.

I have also attached our "producer" code that reproduces the problem.
producer.zip

To reproduce the problem:

  1. unzip the mqtt.zip in a folder of your choice and execute: node start-mosca.js
  2. unzip producer.zip in a folder of your choice
  3. mvn clean package (optional because maven target directory is part of the zip)
  4. run the producer script (./producer.sh)