Mosquitto congfig file:
listener 1883
allow_anonymous true
per_listener_settings false
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/config/dynamic-security.json
I need when a client tries to subscribe to an unauthorized topic the client disconnects from the broker
the broker doesn't deny the client subscribing to this unauthorized topic.
1689767044: Received SUBSCRIBE from testDyn1689766685806
1689767044: asd/qw (QoS 0)
1689767044: Sending SUBACK to testDyn1689766685806
1689767044: Received PINGREQ from f676724b-e1d6-4770-b37c
1689767044: Sending PINGRESP to f676724b-e1d6-4770-b37c
1689767050: Denied PUBLISH from testDyn1689766685806 (d0, q0, r0, m0, 'asd/as', ... (3 bytes))
1689767050: Denied PUBLISH from testDyn1689766685806 (d0, q0, r0, m0, 'asd/as', ... (3 bytes))
You don't, they just don't get any messages for things they are not authorised for.
The broker will respond to the SUBSCRIBE packet with a SUBACK packet which will include information about if the client has succeeded in being granted the subscription. It's also worth noting that a subscription may succeed but still not receive any messages because it contains a wildcard, but all the messages are on a topic that while covered by the wildcard a more focuses ACL entry denies the client.
Depending on which client library you are using the client may get a callback that informs it what topics it has been granted.