When a user creates a subscription, authorization checks are required to ensure that the user can receive messages on the specified topics.
A subscription can be created either for a single topic or, by using wildcards in the topic specification, for multiple topics. In both cases an access check is performed whenever a message arrives for the subscription, to ensure that the user has permission to access the specific message topic. In addition, when a subscription is created for a single topic an access check is performed when the subscriber session is created.
A non-durable subscription exists for the duration of the subscriber, the subscription stops when the subscriber closes. A durable subscription continues to exist after the subscriber closes; it continues to collect messages on the relevant topic or topics while no subscriber is attached and the subscriber can reactivate the subscription and collect all the messages. A durable subscription can only be reactivated by the user that created it. This allows that user’s authorization permissions to be checked when messages are saved while the subscription is inactive.