E.g. mosquitto does not
return 0x80 even if access is not allowed to the requested topic.
In general, there is no feedback from the server defined regarding authorisation except in CONNECT/CONNACK. Even a PUBLISH to a topic the user has no access to (and is therefore denied by the broker) is handled as a positive flow between client and broker.
aclfile
topic MQTTClient
user MQTTClient
topic MQTTclient/private
client
$ mosquitto_sub -t 'MQTTClient/private' -v -d -q 2
Client clientID sending CONNECT
Client clientID received CONNACK
Client clientID sending SUBSCRIBE (Mid: 1, Topic: MQTTClient/private, QoS: 2)
Client clientID received SUBACK
Subscribed (mid: 1): 2
^C
$ mosquitto_pub -t 'MQTTClient/private' -m 'xxx' -d -r -q 2
Client clientID sending CONNECT
Client clientID received CONNACK
Client clientID sending PUBLISH (d0, q2, r1, m1, 'MQTTClient/private', ... (3 bytes))
Client clientID received PUBREC (Mid: 1)
Client clientID sending PUBREL (Mid: 1)
Client clientID received PUBCOMP (Mid: 1)
Client clientID sending DISCONNECT
mosquitto
New connection from ::1 on port 1883.
New client connected from ::1 as clientID (c1, k60).
Sending CONNACK to clientID (0, 0)
Received SUBSCRIBE from clientID
MQTTClient/private (QoS 2)
clientID 2 MQTTClient/private
Sending SUBACK to clientID
Socket error on client clientID (0, 0)
Denied PUBLISH from clientID (d0, q2, r1, m1, 'MQTTClient/private', ... (3 bytes))
Sending PUBREC to clientID (Mid: 1)
Received PUBREL from clientID (Mid: 1)
Sending PUBCOMP to clientID (Mid: 1)
Received DISCONNECT from clientID
Client clientID disconnected.
If the topic level requested in the SUBSCRIBE is invalid (e.g. "abc/#/def"), it should be handled as a protocol violation (close connection).