Commit Graph

398 Commits

Author SHA1 Message Date
Clebert Suconic bff242bba7 NO-JIRA Small tweaks on PrintData.java 2021-06-11 10:53:48 -04:00
Clebert Suconic 05498c350e ARTEMIS-3261 Remove need to lookup replaceableRecords on the hot path
We known it's a replaceable record as part of the logic, no need to lookup the record type unless it's a reload from the system.
2021-06-09 14:52:06 -04:00
Clebert Suconic 0edf599adc ARTEMIS-3261 Updating logic to use only replaceable records on compacting verification 2021-06-07 13:05:02 -04:00
Justin Bertram 3ca02955bf NO-JIRA make TransferTest more robust, readable 2021-05-27 13:02:10 -05:00
Clebert Suconic 0716189518 ARTEMIS-3309 Improving test reliability 2021-05-27 11:46:48 -04:00
Clebert Suconic a06494db85 ARTEMIS-3297 Moving journal-retention-directory commented out element
Just moving it close to the journal locations, as it was my original intent
2021-05-24 16:49:59 -04:00
Domenico Francesco Bruscino e03c4fe193 ARTEMIS-3309 Add a parameter to limit messages to move or transfer 2021-05-24 14:09:20 -04:00
Clebert Suconic 23a28dc1d8 NO-JIRA Removing comment from PrintData 2021-05-24 10:34:58 -04:00
Clebert Suconic 27c343913f ARTEMIS-3297 Journal Retention Feature 2021-05-18 16:29:18 -04:00
Clebert Suconic fe361d3fae ARTEMIS-3273 Moving verification of directory 2021-05-14 22:20:05 -04:00
Clebert Suconic 909f6f4492 NO-JIRA avoiding println on PrintData for Paged Files 2021-05-05 16:09:23 -04:00
Clebert Suconic b0f8f515c5 ARTEMIS-3273 Recover tool and PrintData enhancements 2021-04-30 18:41:05 -04:00
Clebert Suconic 62395dcd44 ARTEMIS-3261 Fixing tests and allowing configuration to reload data files on start 2021-04-24 21:30:56 -04:00
Clebert Suconic 1392cb5f0b ARTEMIS-3261 Enhance compact to deal with Rollbacks and update records that can be replaced 2021-04-23 15:17:06 -04:00
Domenico Francesco Bruscino 78401dcf64 ARTEMIS-3226 Add version output to cli 2021-04-09 11:48:19 -04:00
Clebert Suconic 158a94a836 ARTEMIS-3224 Removing Artemis-tools migration tool from 1.x address model 2021-04-07 10:53:34 -04:00
Domenico Francesco Bruscino 2f851cbbe0 ARTEMIS-3203 Match filter field names with view field names
The filter and the view use different convection for field names, ie the
connection view uses the `sessionID` field name while the connection filter
uses the `SESSION_ID` field name. This commit replace the field names used
by the filter with the field names used by the view preserving the backward
compatibility.
2021-04-01 12:23:00 -05:00
Justin Bertram 186481bbe8 ARTEMIS-3155 differentiate SSL store type and provider
The provider of an SSL key/trust store is different from that store's
type. However, the broker currently doesn't differentiate these and uses
the provider for both. Changing this *may* potentially break existing
users who are setting the provider, but I don't see any way to avoid
that. This is a bug that needs to be fixed in order to support use-cases
like PKCS#11.

Change summary:
 - Added documentation.
 - Consolidated several 2-way SSL tests classes into a single
   parameterized test class. All these classes were essentially the same
   except for a few key test parameters. Consolidating them avoided
   having to update the same code in multiple places.
 - Expanded tests to include different providers & types.
 - Regenerated all SSL artifacts to allow tests to pass with new
   constraints.
 - Improved logging for when SSL handler initialization fails.
2021-03-24 09:08:33 -04:00
gtully d71d54b38a ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole 2021-03-23 09:51:50 +00:00
Justin Bertram fea5e246e7 ARTEMIS-3166 support disabling configuration file reload 2021-03-17 09:52:13 -05:00
Andy Taylor 9e72460565 ARTEMIS-3129 - added roles needed for the browse tab for clarity
https://issues.apache.org/jira/browse/ARTEMIS-3129
2021-03-02 12:55:45 +01:00
Domenico Francesco Bruscino 1f825ee424 ARTEMIS-3069 Add option to mask using the configured password-codec 2021-01-15 18:05:59 +01:00
Clebert Suconic a948991fac ARTEMIS-3034 Reverting parameter URL on CLI ConnectionAbstract 2020-12-17 10:03:39 -05:00
Clebert Suconic 02bcb3195f ARTEMIS-3034 CLI Transfer Option 2020-12-16 14:17:04 -05:00
Domenico Francesco Bruscino 7eb22c18db ARTEMIS-3014 Fix JMX RBAC guard 2020-11-30 11:12:25 -06:00
franz1981 0c8dd598b7 ARTEMIS-2957 ManagementContext is started twice 2020-10-21 07:33:22 +02:00
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
Domenico Francesco Bruscino 5f4afd8b5e ARTEMIS-2942 Disable hawtio proxy 2020-10-16 22:08:02 -04:00
Andy Taylor 0ce173dcb5 ARTEMIS-2838 - migrate to HawtIO 2
https://issues.apache.org/jira/browse/ARTEMIS-2838
2020-10-09 09:20:29 +01:00
Clebert Suconic 8fe4bfb29a ARTEMIS-2936 Adding logging.info on when to enable trace on critical analyzer 2020-10-07 10:40:55 -04:00
franz1981 207c2265bf ARTEMIS-2912 Server start exception before activation can cause a zombie broker 2020-09-24 10:26:50 -04:00
Justin Bertram 276a8bb029 ARTEMIS-2893 concurrent user admin actions can corrupt properties
When performing concurrent user admin actions (e.g. resetUser, addUser,
removeUser on ActiveMQServerControl) when using the
PropertiesLoginModule with reload=true the underlying user and role
properties files can get corrupted.

This commit fixes the issue via the following changes:
 - Add synchronization to the management commands
 - Add concurrency controls to underlying file access
 - Change CLI user commands to use remote methods instead of modifying
   the files directly. This avoids potential concurrent changes. This
   change forced me to modify the names of some of the commands'
   parameters to disambiguate them from connection-related parameters.
2020-09-16 10:11:23 -04:00
Clebert Suconic 604b7c2aa6 NO-JIRA fixing CheckTest with a Wait assertion 2020-09-14 15:35:46 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Justin Bertram af7c6882da ARTEMIS-2862 activation failure can cause zombie broker
In certain cases with shared-store HA a broker's activation can fail but
the broker will still be holding the journal lock. This results in a
"zombie" broker which can't actually service clients and prevents the
backup from activating.

This commit adds an ActivationFailureListener to catch activation
failures and stop the broker completely.
2020-08-10 14:16:45 -04:00
Clebert Suconic c551df770c ARTEMIS-2868 Protect Topology Updates from Split Brain on broker shutdown as well 2020-08-07 12:39:20 -04:00
Clebert Suconic c00b210629 ARTEMIS-2858 DNS Tests on reconnects and backups
There are no fixes as part of this test addition.  As I wrote this test as I was debugging DNS issues.
2020-07-29 17:56:55 -04:00
brusdev 3ce9e2e0dc ARTEMIS-2846 Cannot define hawtio.role with whitespace
Move the `hawtio.role` property definition to avoid the word splitting.
2020-07-28 23:51:33 -04:00
Justin Bertram 26091f1907 ARTEMIS-2825 wrong calc for DiskStoreUsagePercentage
The calculation used by
ActiveMQServerControlImpl.getDiskStoreUsagePercentage() is incorrect. It
uses disk space info with global-max-size which is for address memory.
Also, the existing getDiskStoreUsage() method *already* returns a
percentage of total disk store usage so this method seems redundant.
2020-07-07 08:18:28 -04:00
Justin Bertram b8add9f2c4 ARTEMIS-2830 NPE in XML exporter 2020-07-01 08:34:47 -04:00
gtully 4e40b42521 ARTEMIS-2809 retain api used by activemq-cli-tools 2020-06-17 15:20:57 +01:00
Emmanuel Hugonnet efe0f468de ARTEMIS-2109: Updating the build to be able to execute it on Java 11 and Java 8. 2020-06-11 18:50:01 +01:00
brusdev d551163789 NO-JIRA Decrease queue check consume test timeout 2020-05-15 16:03:12 +02:00
Clebert Suconic 15b5616f0a ARTEMIS-2739 Adding Input for queue name 2020-05-15 09:43:02 -04:00
brusdev 8d5a212bd2 ARTEMIS-2739 Artemis health check tool
Add the command `check` to the Command Line utility. This command exposes some
checks for nodes and queues using the management API for most of them.
The checks have been implemented to be modular. Each user can compose his own
health check, ie to produce and consume from a queue the command is
`artemis check queue --name TEST --produce 1 --consume 1`.
2020-05-15 09:43:02 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Clebert Suconic 926ed51d9b NO-JIRA Cleaning ErrorProne Warning
it is intentional to compare brokerURL == DEFAULT_BROKER_URL here
so, I added a @SuppressWarnings to clear the false positivie.

And also added some comment on why this is intentional.
2020-04-23 18:07:10 -04:00
Clebert Suconic ca4c4068df ARTEMIS-2732 Logging cleanup 2020-04-23 17:49:08 -04:00
brusdev 21d9e3bbbf ARTEMIS-2723 Read the default CLI connector from the related broker
Read the CLI connector from the related broker instance if it isn't set by user.
2020-04-20 14:24:24 -04:00
Justin Bertram 35e0ab63cd ARTEMIS-2715 master broker created w/--replicated should use vote-on-replication-failure=true 2020-04-15 17:35:37 -04:00