To permitted client I only set other.clients.allowed property. This value is resource part in full JID, isn’t it
No, it’s actually a bit more sophisticated that than, it uses XEP-0092 to check the name of the client.
I wonder that why server is not enabled to limit client connection via simple system properties.
People are usually looking to increase the number of users they can support, not limit it. Typically if people want to control the users that can access their Openfire installation they’ll turn off Inband Account Registration or use LDAP to prevent users from creating