Commit Graph

497 Commits

Author SHA1 Message Date
Justin Bertram 186481bbe8 ARTEMIS-3155 differentiate SSL store type and provider
The provider of an SSL key/trust store is different from that store's
type. However, the broker currently doesn't differentiate these and uses
the provider for both. Changing this *may* potentially break existing
users who are setting the provider, but I don't see any way to avoid
that. This is a bug that needs to be fixed in order to support use-cases
like PKCS#11.

Change summary:
 - Added documentation.
 - Consolidated several 2-way SSL tests classes into a single
   parameterized test class. All these classes were essentially the same
   except for a few key test parameters. Consolidating them avoided
   having to update the same code in multiple places.
 - Expanded tests to include different providers & types.
 - Regenerated all SSL artifacts to allow tests to pass with new
   constraints.
 - Improved logging for when SSL handler initialization fails.
2021-03-24 09:08:33 -04:00
gtully d71d54b38a ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole 2021-03-23 09:51:50 +00:00
Justin Bertram fea5e246e7 ARTEMIS-3166 support disabling configuration file reload 2021-03-17 09:52:13 -05:00
Andy Taylor 9e72460565 ARTEMIS-3129 - added roles needed for the browse tab for clarity
https://issues.apache.org/jira/browse/ARTEMIS-3129
2021-03-02 12:55:45 +01:00
Clebert Suconic 21ee5985ea [maven-release-plugin] prepare for next development iteration 2021-02-11 12:00:04 -05:00
Clebert Suconic 36a771150b [maven-release-plugin] prepare release 2.17.0 2021-02-11 11:59:51 -05:00
Clebert Suconic c0867f0361 [maven-release-plugin] prepare for next development iteration 2021-02-09 12:12:48 -05:00
Clebert Suconic 9b473698e0 [maven-release-plugin] prepare release 2.17.0 2021-02-09 12:12:35 -05:00
Clebert Suconic 6ed1e4c87d [maven-release-plugin] prepare for next development iteration 2021-02-08 15:56:31 -05:00
Clebert Suconic 06b29806ca [maven-release-plugin] prepare release 2.17.0 2021-02-08 15:56:18 -05:00
Domenico Francesco Bruscino 1f825ee424 ARTEMIS-3069 Add option to mask using the configured password-codec 2021-01-15 18:05:59 +01:00
Clebert Suconic a948991fac ARTEMIS-3034 Reverting parameter URL on CLI ConnectionAbstract 2020-12-17 10:03:39 -05:00
Clebert Suconic 02bcb3195f ARTEMIS-3034 CLI Transfer Option 2020-12-16 14:17:04 -05:00
Domenico Francesco Bruscino 7eb22c18db ARTEMIS-3014 Fix JMX RBAC guard 2020-11-30 11:12:25 -06:00
Clebert Suconic 4e7bb97df7 [maven-release-plugin] prepare for next development iteration 2020-11-02 17:45:51 -05:00
Clebert Suconic 9768017530 [maven-release-plugin] prepare release 2.16.0 2020-11-02 17:45:38 -05:00
Clebert Suconic 28919b6ad8 [maven-release-plugin] prepare for next development iteration 2020-10-30 10:16:29 -04:00
Clebert Suconic af5ca9f1e6 [maven-release-plugin] prepare release 2.16.0 2020-10-30 10:16:17 -04:00
franz1981 0c8dd598b7 ARTEMIS-2957 ManagementContext is started twice 2020-10-21 07:33:22 +02:00
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
Domenico Francesco Bruscino 5f4afd8b5e ARTEMIS-2942 Disable hawtio proxy 2020-10-16 22:08:02 -04:00
Andy Taylor 0ce173dcb5 ARTEMIS-2838 - migrate to HawtIO 2
https://issues.apache.org/jira/browse/ARTEMIS-2838
2020-10-09 09:20:29 +01:00
Clebert Suconic 8fe4bfb29a ARTEMIS-2936 Adding logging.info on when to enable trace on critical analyzer 2020-10-07 10:40:55 -04:00
franz1981 207c2265bf ARTEMIS-2912 Server start exception before activation can cause a zombie broker 2020-09-24 10:26:50 -04:00
Justin Bertram 276a8bb029 ARTEMIS-2893 concurrent user admin actions can corrupt properties
When performing concurrent user admin actions (e.g. resetUser, addUser,
removeUser on ActiveMQServerControl) when using the
PropertiesLoginModule with reload=true the underlying user and role
properties files can get corrupted.

This commit fixes the issue via the following changes:
 - Add synchronization to the management commands
 - Add concurrency controls to underlying file access
 - Change CLI user commands to use remote methods instead of modifying
   the files directly. This avoids potential concurrent changes. This
   change forced me to modify the names of some of the commands'
   parameters to disambiguate them from connection-related parameters.
2020-09-16 10:11:23 -04:00
Clebert Suconic 604b7c2aa6 NO-JIRA fixing CheckTest with a Wait assertion 2020-09-14 15:35:46 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
Justin Bertram af7c6882da ARTEMIS-2862 activation failure can cause zombie broker
In certain cases with shared-store HA a broker's activation can fail but
the broker will still be holding the journal lock. This results in a
"zombie" broker which can't actually service clients and prevents the
backup from activating.

This commit adds an ActivationFailureListener to catch activation
failures and stop the broker completely.
2020-08-10 14:16:45 -04:00
Clebert Suconic c551df770c ARTEMIS-2868 Protect Topology Updates from Split Brain on broker shutdown as well 2020-08-07 12:39:20 -04:00
Clebert Suconic c00b210629 ARTEMIS-2858 DNS Tests on reconnects and backups
There are no fixes as part of this test addition.  As I wrote this test as I was debugging DNS issues.
2020-07-29 17:56:55 -04:00
brusdev 3ce9e2e0dc ARTEMIS-2846 Cannot define hawtio.role with whitespace
Move the `hawtio.role` property definition to avoid the word splitting.
2020-07-28 23:51:33 -04:00
Clebert Suconic 6690ba1d24 [maven-release-plugin] prepare for next development iteration 2020-07-09 12:49:08 -04:00
Clebert Suconic a76f41a7ed [maven-release-plugin] prepare release 2.14.0 2020-07-09 12:48:54 -04:00
Justin Bertram 26091f1907 ARTEMIS-2825 wrong calc for DiskStoreUsagePercentage
The calculation used by
ActiveMQServerControlImpl.getDiskStoreUsagePercentage() is incorrect. It
uses disk space info with global-max-size which is for address memory.
Also, the existing getDiskStoreUsage() method *already* returns a
percentage of total disk store usage so this method seems redundant.
2020-07-07 08:18:28 -04:00
Justin Bertram b8add9f2c4 ARTEMIS-2830 NPE in XML exporter 2020-07-01 08:34:47 -04:00
gtully 4e40b42521 ARTEMIS-2809 retain api used by activemq-cli-tools 2020-06-17 15:20:57 +01:00
Emmanuel Hugonnet efe0f468de ARTEMIS-2109: Updating the build to be able to execute it on Java 11 and Java 8. 2020-06-11 18:50:01 +01:00
Clebert Suconic faa83b2ba6 [maven-release-plugin] prepare for next development iteration 2020-05-16 18:38:47 -04:00
Clebert Suconic 5f49d89264 [maven-release-plugin] prepare release 2.13.0 2020-05-16 18:38:34 -04:00
Clebert Suconic c99fcd501b [maven-release-plugin] prepare for next development iteration 2020-05-15 16:42:54 -04:00
Clebert Suconic 47fafac760 [maven-release-plugin] prepare release 2.13.0 2020-05-15 16:42:41 -04:00
brusdev d551163789 NO-JIRA Decrease queue check consume test timeout 2020-05-15 16:03:12 +02:00
Clebert Suconic 15b5616f0a ARTEMIS-2739 Adding Input for queue name 2020-05-15 09:43:02 -04:00
brusdev 8d5a212bd2 ARTEMIS-2739 Artemis health check tool
Add the command `check` to the Command Line utility. This command exposes some
checks for nodes and queues using the management API for most of them.
The checks have been implemented to be modular. Each user can compose his own
health check, ie to produce and consume from a queue the command is
`artemis check queue --name TEST --produce 1 --consume 1`.
2020-05-15 09:43:02 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Clebert Suconic 449e4243e3 ARTEMIS-2747 Upgrade com.sun.minsw to 2.7.0 2020-04-30 16:20:53 -04:00
Clebert Suconic 926ed51d9b NO-JIRA Cleaning ErrorProne Warning
it is intentional to compare brokerURL == DEFAULT_BROKER_URL here
so, I added a @SuppressWarnings to clear the false positivie.

And also added some comment on why this is intentional.
2020-04-23 18:07:10 -04:00
Clebert Suconic ca4c4068df ARTEMIS-2732 Logging cleanup 2020-04-23 17:49:08 -04:00