Can we block a device from connecting to a MQTT server?
Can we block a device from Subscribing to a topic?
Do we have any device registration on MQTT server. So that We can only allow known devices? If we have some registration mechanism, Can we do it dynamically using API?
Popular MQTT brokers like HiveMQ and mosquitto allow authentication and authorization. If you happen to use HiveMQ, there is a file authentication plugin available which allows you to restrict access to the broker via the username/password.
If you already have authentication mechanisms like an API you can call with Java (like HTTP REST APIs, SOAP Webservices, databases, ....), it's very easy to plug it into HiveMQ with the plugin system. You can see an example plugin which integrates with a database here on Github. Another plugin you could look at is the Stormpath plugin, the source code is also available on Github.
Obligatory disclaimer: I work for the company behind HiveMQ.
Some features are strictly related to the broker implementation and other depends on MQTT specification.
When a client connects to the broker, it provides a client id and (optionally) username and password. Related to the specific broker implementation, it could provide an authentication mechanism so that you can block devices from connecting based on cliend id, username and password.
With last MQTT 3.1.1 specification, in the SUBACK message you can set an error for refusing subscription. Also in this case depends on broker implementation how you can block a device from subscribing.
As you can see, MQTT specification offers you some features for authentication mechanism but this features are available or not (and in different way) based on specific broker implementation.
Paolo.
