Commit Graph

429 Commits

Author SHA1 Message Date
Ryan Yeats 86a2cad12a ARTEMIS-1884 add plugin API for message level authorization policies 2021-01-25 13:44:36 -06:00
Urs Roesch f491651fdb NO-JIRA: remove duplicate consecutive words
Removes duplicate consecutives words from markdown
documentation files.
2020-11-16 15:19:29 -06:00
Clebert Suconic 4e7bb97df7 [maven-release-plugin] prepare for next development iteration 2020-11-02 17:45:51 -05:00
Clebert Suconic 9768017530 [maven-release-plugin] prepare release 2.16.0 2020-11-02 17:45:38 -05:00
Clebert Suconic 28919b6ad8 [maven-release-plugin] prepare for next development iteration 2020-10-30 10:16:29 -04:00
Clebert Suconic af5ca9f1e6 [maven-release-plugin] prepare release 2.16.0 2020-10-30 10:16:17 -04:00
Robbie Gemmell 7a5f325b72 ARTEMIS-2937: remove a couple of unecessary lines for alt stores, left over by mistake (c&p error) 2020-10-30 11:38:01 +00:00
Robbie Gemmell 1af8be353f ARTEMIS-2937: use more realistic key/truststore and client+broker setup in SSL example, remove non-SSL acceptors 2020-10-29 15:13:38 -04:00
Clebert Suconic dc7eb5c23d ARTEMIS-2937 Broker connection improvements
- Adding a paragraph about addressing and distinct queue names
- Renaming match on peers, senders and receivers as "address-match"
- Changing qpid dispatch test to use a single listener
- Fixing reconnect attemps message
2020-10-29 15:01:51 -04:00
Clebert Suconic 9335cd83ed ARTEMIS-2937 Changing BrokerConnection SSL example to also use SSL on the client 2020-10-29 10:09:36 -04:00
Clebert Suconic bf52134dc0 ARTEMIS-2937 Fixing Tests and some review 2020-10-28 15:08:48 -04:00
Clebert Suconic 12280cdaaa ARTEMIS-2937 DOCS & Examples on AMQP Broker Connection 2020-10-28 11:37:25 -04:00
gtully 583bd3602a ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - revert new page-store-name addressSetting, when the page store respects the target address and the size is tallied on the target address store, it is no longer neecessary 2020-10-19 14:04:35 +01:00
gtully fa04881c6f ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - new page-store-name addressSetting to allow wildcard subscriptions share a single page store 2020-09-24 09:39:31 +01:00
Justin Bertram b99401a84f ARTEMIS-2903 support admin objects in JCA RA
Supporting admin objects will allow easier integration with Java EE
application servers. I tested this in Wildfly 18.
2020-09-16 10:10:07 -04:00
Justin Bertram cf92c16339 ARTEMIS-2886 put address/FQQN into new security manager interface
The default JAAS security manager doesn't need the address/FQQN for
authorization, but I'm putting it back into the interface because there
are other use cases which *do* need it.
2020-09-14 15:35:24 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
Clebert Suconic 6690ba1d24 [maven-release-plugin] prepare for next development iteration 2020-07-09 12:49:08 -04:00
Clebert Suconic a76f41a7ed [maven-release-plugin] prepare release 2.14.0 2020-07-09 12:48:54 -04:00
Clebert Suconic 6254a70ddc NO-JIRA Fixing some javadoc statements 2020-07-09 12:23:46 -04:00
Clebert Suconic 3d3fda168b NO-JIRA fixing javadoc on SharedStorageStaticCluster.java 2020-07-09 12:00:50 -04:00
Robbie Gemmell 12bc494f72 ARTEMIS-2109: use default 1.8 compiler source/target config as with other examples, newest JDKs no longer target 1.6. Fix SSL example. Allows building on JDK 14+. 2020-06-11 18:50:01 +01:00
Robbie Gemmell 502bfcfc56 ARTEMIS-2109: Update extra-tests bits. Disable errorprone for examples, at least for now, to avoid updating hundreds of poms. Allows building on 11+ 2020-06-11 18:50:01 +01:00
brusdev a8c278a80e ARTEMIS-2790 Fix no examples documentation in the bin archive
Move the markdown generator for the examples to artemis-distribution.
2020-06-04 10:15:10 -04:00
Clebert Suconic faa83b2ba6 [maven-release-plugin] prepare for next development iteration 2020-05-16 18:38:47 -04:00
Clebert Suconic 5f49d89264 [maven-release-plugin] prepare release 2.13.0 2020-05-16 18:38:34 -04:00
Clebert Suconic c99fcd501b [maven-release-plugin] prepare for next development iteration 2020-05-15 16:42:54 -04:00
Clebert Suconic 47fafac760 [maven-release-plugin] prepare release 2.13.0 2020-05-15 16:42:41 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Justin Bertram 7bcb67718d NO-JIRA doc fix for Symmetric Cluster example 2020-04-30 09:13:51 -05:00
Justin Bertram 6709883d0e ARTEMIS-2738 implement per-acceptor security domains 2020-04-28 21:45:38 -04:00
Clebert Suconic 11a3e810bb [maven-release-plugin] prepare for next development iteration 2020-04-21 17:06:21 -04:00
Clebert Suconic 30272e0c2f [maven-release-plugin] prepare release 2.12.0 2020-04-21 17:06:08 -04:00
Clebert Suconic d231e2ac63 [maven-release-plugin] prepare for next development iteration 2020-04-16 16:16:41 -04:00
Clebert Suconic 9636f4a3b0 [maven-release-plugin] prepare release 2.12.0 2020-04-16 16:16:28 -04:00
Clebert Suconic f874a02d17 ARTEMIS-2673 PageStore should only be removed when Address is removed
& ARTEMIS-2674 AMQP should use a separate executor for IO
2020-03-23 20:02:17 -04:00
Chandra Shekhar 8eaaefb4b7 removed flag ' -l qpidtypes' from proton-cpp example 2020-03-23 17:02:09 -04:00
Justin Bertram 72f5a1f5bc NO-JIRA fix up docs for security-ldap example 2020-02-24 13:32:02 -06:00
Christopher L. Shannon (cshannon) 3966e47338 ARTEMIS-2613: Add support for DivertBindings for federated addresses
This will allow federated addresses to create remote consumers based on
the existing of divert bindings and matching queue bindings
2020-02-17 12:15:18 -05:00
Christopher L. Shannon (cshannon) 0b8c33bb0f NO-JIRA: Adding missing module to broker-federation pom 2020-02-11 08:56:08 -05:00
brusdev 832f1e5b92 NO-JIRA Fix federated-address-downstream pom 2020-02-11 08:33:06 +01:00
Justin Bertram 97735ca72c [maven-release-plugin] prepare for next development iteration 2020-01-10 09:00:58 -06:00
Justin Bertram 25a947f6cb [maven-release-plugin] prepare release 2.11.0 2020-01-10 08:57:46 -06:00
Justin Bertram 81c83e05fa NO-JIRA regenerate expired SSL test resources 2020-01-08 14:09:33 +08:00
Justin Bertram fd6a98a4f8 ARTEMIS-2574 fix example 2019-12-16 10:12:24 -06:00
Justin Bertram c06404406c ARTEMIS-2574 allow security manager config via XML
The test-suite has long used the broker's ability to configure the
security manager. This commit implements this functionality via XML
configuration.
2019-12-12 15:48:43 -05:00
Christopher L. Shannon (cshannon) fb54707e2d ARTEMIS-2549 - Add Downstream support to Federation
This commit introduces the ability to configure a downstream connection
for federation.  This works by sending information to the remote broker
and that broker will parse the message and create a new upstream back
to the original broker.
2019-11-20 08:47:16 -05:00
brusdev f3b7cf88ed NO-JIRA Fixing shared-storage-static-cluster parent 2019-10-09 11:39:38 -04:00