Commit Graph

7756 Commits

Author SHA1 Message Date
Justin Bertram 276a8bb029 ARTEMIS-2893 concurrent user admin actions can corrupt properties
When performing concurrent user admin actions (e.g. resetUser, addUser,
removeUser on ActiveMQServerControl) when using the
PropertiesLoginModule with reload=true the underlying user and role
properties files can get corrupted.

This commit fixes the issue via the following changes:
 - Add synchronization to the management commands
 - Add concurrency controls to underlying file access
 - Change CLI user commands to use remote methods instead of modifying
   the files directly. This avoids potential concurrent changes. This
   change forced me to modify the names of some of the commands'
   parameters to disambiguate them from connection-related parameters.
2020-09-16 10:11:23 -04:00
Clebert Suconic 054b14829e This closes #3260 2020-09-16 10:10:28 -04:00
Justin Bertram 6be8966164 ARTEMIS-2901 support namespace for temporary queues 2020-09-16 10:10:28 -04:00
Clebert Suconic ba902a9816 This closes #3263 2020-09-16 10:10:07 -04:00
Justin Bertram b99401a84f ARTEMIS-2903 support admin objects in JCA RA
Supporting admin objects will allow easier integration with Java EE
application servers. I tested this in Wildfly 18.
2020-09-16 10:10:07 -04:00
Clebert Suconic 411009213f This closes #3264 2020-09-16 10:09:38 -04:00
Urs Roesch 7cf787af55 NO-JIRA: web-server.md documentation typos
Fixing case for `trustStorePath`, `trustStorePassword`, `keyStorePath`
and `keyStorePassword` to prevent org.xml.sax.SAXParseException.
2020-09-16 10:09:38 -04:00
Clebert Suconic 42d7c33268 This closes #3228 2020-09-16 10:03:36 -04:00
Howard Gao fe5b81fd55 ARTEMIS-2854 Non-durable subscribers stop receiving after failover
In a cluster scenario where non durable subscribers fail over to
backup while another live node forwarding messages to it,
there is a chance that the the live node keeps the old remote
binding for the subs and messages go to those
old remote bindings will result in "binding not found".
2020-09-16 10:03:36 -04:00
Clebert Suconic 3e557f1070 ARTEMIS-2902 Fixing QueueControlUsingCoreTest Class Cast Exception on Long to Integer 2020-09-16 09:56:41 -04:00
Clebert Suconic e366692626 This closes #3261 2020-09-15 11:08:59 -04:00
Andy Taylor c29a8cda5c ARTEMIS-2902 - expose at queue control messages held in a prepared tx
https://issues.apache.org/jira/browse/ARTEMIS-2902
2020-09-15 11:08:59 -04:00
Clebert Suconic 1dd901a8e7 This closes #3262 2020-09-15 11:08:16 -04:00
Clebert Suconic c0c638d61f NO-JIRA Fixing intermittent failure on a REST test 2020-09-15 08:56:07 -04:00
Clebert Suconic 27c7385315 NO-JIRA using correct queue on RefOperation::rollback and remove TODO
this does not represent an issue as there are no semantic changes here.
I am doing this for correctness
2020-09-15 08:15:07 -04:00
Clebert Suconic e66ec38707 This closes #3259 2020-09-14 15:35:46 -04:00
Clebert Suconic 604b7c2aa6 NO-JIRA fixing CheckTest with a Wait assertion 2020-09-14 15:35:46 -04:00
Clebert Suconic 7cf5289efa ARTEMIS-2900 Expose property (getWholeMessageSize) so users can intercept size of messages and large messages 2020-09-14 15:35:46 -04:00
Clebert Suconic 3fc2fedcf9 This closes #3254 2020-09-14 15:35:24 -04:00
Justin Bertram cf92c16339 ARTEMIS-2886 put address/FQQN into new security manager interface
The default JAAS security manager doesn't need the address/FQQN for
authorization, but I'm putting it back into the interface because there
are other use cases which *do* need it.
2020-09-14 15:35:24 -04:00
Clebert Suconic 24ba4daf94 This closes #3255 2020-09-10 15:07:38 -04:00
Stefan Krutzler 1783aa15cb ARTEMIS-2875 - retry to reattach sessions on failed failover for the specified amount of times set in reconnectAttempts parameter 2020-09-10 08:21:18 +02:00
gtully ec1c5a96c7 ARTEMIS-2895 - ensure propagated credentials are visible for bind and removed for subsequent mapping operations 2020-09-07 16:32:57 +01:00
Clebert Suconic 77bbf49a4f This closes #3249 2020-09-03 16:52:51 -04:00
Justin Bertram f5a6189e2d ARTEMIS-2890 FQQN security-settings + JMS not working 2020-09-03 16:52:51 -04:00
Clebert Suconic 3152521864 This closes #3252 2020-09-03 16:27:29 -04:00
Luis De Bello 5087471ed3 ARTEMIS-2696 Releasing ByteBuf after reading content on WebSocket 2020-09-03 16:05:27 -04:00
Robbie Gemmell d934dc6f67 NO-JIRA: enable full build output for GitHub Actions jobs, split main and example builds to simplift viewing output 2020-09-01 16:10:33 +01:00
Clebert Suconic cb7f3111bb This closes #3250 2020-09-01 10:40:21 -04:00
Domenico Francesco Bruscino 729f86e2cd NO-JIRA Update the releasing document 2020-09-01 14:10:13 +02:00
Clebert Suconic e19af8ee45 This closes #3247 2020-08-27 10:16:03 -04:00
Clebert Suconic c3887ed710 ARTEMIS-2887 Adding back Message.toString on audit logger 2020-08-26 21:48:30 -04:00
Clebert Suconic 4d45d0cdd2 ARTEMIS-2887 Adding toString back to AMQPMessage 2020-08-26 17:54:25 -04:00
Clebert Suconic 4e33b53c8f This closes #3246 2020-08-26 17:46:25 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino b85156cc27 NO-JIRA POM on extra-tests to 2.16.0-SNAPSHOT 2020-08-24 16:24:25 +02:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
gtully e3fc5d18b2 refer to infra signing for key generation details 2020-08-24 11:41:01 +01:00
Clebert Suconic 31910b5ed9 This closes #3245 2020-08-23 16:10:03 -04:00
Justin Bertram d86067a65b ARTEMIS-2872 support FQQN syntax for security-settings 2020-08-22 18:24:40 -05:00
Justin Bertram 57b8c22a62 ARTEMIS-2880 support FQQN syntax for JNDI lookup 2020-08-20 15:16:17 -05:00
Justin Bertram 582a430213 ARTEMIS-2882 better support for JMS topics + FQQN
Support FQQN with JMS topics when sending to or consuming from a
specific subscription. This applies to JMS over core, OpenWire,
and AMQP.
2020-08-20 14:32:11 -05:00
Clebert Suconic a2bf85f529 NO-JIRA Fixing java.security location on java11 2020-08-20 11:36:21 -04:00
Clebert Suconic 316618e845 This closes #3244 2020-08-20 11:13:19 -04:00
Clebert Suconic 365663e368 NO-JIRA javadoc on NetUtil 2020-08-20 08:58:55 -04:00
Clebert Suconic b766969187 This closes #3230 2020-08-19 12:04:50 -04:00
Michael Pearce 2c506cc52a [ARTEMIS-2863] Add support to pause dispatch when group rebalance
Add test case
Add implementation
Add docs
2020-08-19 12:04:50 -04:00
Clebert Suconic c63c1f40ca NO-JIRA Small improvement on compatibility tests 2020-08-19 11:47:27 -04:00
Robbie Gemmell 178ccb004a ARTEMIS-2871: update to qpid-jms 0.54.0 2020-08-18 16:46:26 +01:00