Configureable: AUTH_DENY_UNAUTHENTICATED_CONNECTIONS

[Quandt2k]

Problem or use case

Maybe the problem belongs to the following issue: Notification if HiveMQ starts without Security Extension in CE #56

We are using HiveMQ CE in our Spring mircoservice environment. To secure the communication with the IoT platform, we developed an Authenticator and Authorizer Extension with Spring Boot, Spring Security und Spring Cloud.

HiveMQ CE Version: 2019.1
HiveMQ SDK Version: 4.0.0

Problem

1. In some cases it's possible for devices to connect with the HiveMQ broker before the extension is ready or if it failed on start up. This can cause data loss in some cases, e. g. if the device connects and sends data with QoS 0.

Is there a way to configure the InternalConfigurations.AUTH_DENY_UNAUTHENTICATED_CONNECTIONS property?

2. The HiveMQ doesn't shut down if the extension fails. Here we need to configure the environment to detect HiveMQ instances without running extensions.

Is there a way to prevent the start up if an extension fails? Is it planned to add a "mandatory" flag for extensions (like "disabled")?

Preferred solution or suggestions

1. It would be great if the property, inside the HiveMQ CE implementation, InternalConfigurations.AUTH_DENY_UNAUTHENTICATED_CONNECTIONS is configureable via XML file.

2. A "mandatory" flag for extensions and a shutdown of the HiveMQ broker if the mandatory extension fails.

Best regards,
Florian Freimann

[SgtSilvio]

Hi @Quandt2k

Thank you for your feedback and sorry for the late response.
We included the feature request already for internal discussion and will keep you updated in the ticket here.
Please also watch the issue you linked (#56 ) as it is related to this.

Kind regards
Silvio

[SgtSilvio]

With #126 the default behaviour is to deny connections when no security extension is present.
If a security extension startup fails, HiveMQ can be safely stopped without creating a time window where unauthenticated clients can connect.