Commit Graph

471 Commits

Author SHA1 Message Date
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
Justin Bertram af7c6882da ARTEMIS-2862 activation failure can cause zombie broker
In certain cases with shared-store HA a broker's activation can fail but
the broker will still be holding the journal lock. This results in a
"zombie" broker which can't actually service clients and prevents the
backup from activating.

This commit adds an ActivationFailureListener to catch activation
failures and stop the broker completely.
2020-08-10 14:16:45 -04:00
Clebert Suconic c551df770c ARTEMIS-2868 Protect Topology Updates from Split Brain on broker shutdown as well 2020-08-07 12:39:20 -04:00
Clebert Suconic c00b210629 ARTEMIS-2858 DNS Tests on reconnects and backups
There are no fixes as part of this test addition.  As I wrote this test as I was debugging DNS issues.
2020-07-29 17:56:55 -04:00
brusdev 3ce9e2e0dc ARTEMIS-2846 Cannot define hawtio.role with whitespace
Move the `hawtio.role` property definition to avoid the word splitting.
2020-07-28 23:51:33 -04:00
Clebert Suconic 6690ba1d24 [maven-release-plugin] prepare for next development iteration 2020-07-09 12:49:08 -04:00
Clebert Suconic a76f41a7ed [maven-release-plugin] prepare release 2.14.0 2020-07-09 12:48:54 -04:00
Justin Bertram 26091f1907 ARTEMIS-2825 wrong calc for DiskStoreUsagePercentage
The calculation used by
ActiveMQServerControlImpl.getDiskStoreUsagePercentage() is incorrect. It
uses disk space info with global-max-size which is for address memory.
Also, the existing getDiskStoreUsage() method *already* returns a
percentage of total disk store usage so this method seems redundant.
2020-07-07 08:18:28 -04:00
Justin Bertram b8add9f2c4 ARTEMIS-2830 NPE in XML exporter 2020-07-01 08:34:47 -04:00
gtully 4e40b42521 ARTEMIS-2809 retain api used by activemq-cli-tools 2020-06-17 15:20:57 +01:00
Emmanuel Hugonnet efe0f468de ARTEMIS-2109: Updating the build to be able to execute it on Java 11 and Java 8. 2020-06-11 18:50:01 +01:00
Clebert Suconic faa83b2ba6 [maven-release-plugin] prepare for next development iteration 2020-05-16 18:38:47 -04:00
Clebert Suconic 5f49d89264 [maven-release-plugin] prepare release 2.13.0 2020-05-16 18:38:34 -04:00
Clebert Suconic c99fcd501b [maven-release-plugin] prepare for next development iteration 2020-05-15 16:42:54 -04:00
Clebert Suconic 47fafac760 [maven-release-plugin] prepare release 2.13.0 2020-05-15 16:42:41 -04:00
brusdev d551163789 NO-JIRA Decrease queue check consume test timeout 2020-05-15 16:03:12 +02:00
Clebert Suconic 15b5616f0a ARTEMIS-2739 Adding Input for queue name 2020-05-15 09:43:02 -04:00
brusdev 8d5a212bd2 ARTEMIS-2739 Artemis health check tool
Add the command `check` to the Command Line utility. This command exposes some
checks for nodes and queues using the management API for most of them.
The checks have been implemented to be modular. Each user can compose his own
health check, ie to produce and consume from a queue the command is
`artemis check queue --name TEST --produce 1 --consume 1`.
2020-05-15 09:43:02 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Clebert Suconic 449e4243e3 ARTEMIS-2747 Upgrade com.sun.minsw to 2.7.0 2020-04-30 16:20:53 -04:00
Clebert Suconic 926ed51d9b NO-JIRA Cleaning ErrorProne Warning
it is intentional to compare brokerURL == DEFAULT_BROKER_URL here
so, I added a @SuppressWarnings to clear the false positivie.

And also added some comment on why this is intentional.
2020-04-23 18:07:10 -04:00
Clebert Suconic ca4c4068df ARTEMIS-2732 Logging cleanup 2020-04-23 17:49:08 -04:00
Clebert Suconic 11a3e810bb [maven-release-plugin] prepare for next development iteration 2020-04-21 17:06:21 -04:00
Clebert Suconic 30272e0c2f [maven-release-plugin] prepare release 2.12.0 2020-04-21 17:06:08 -04:00
brusdev 21d9e3bbbf ARTEMIS-2723 Read the default CLI connector from the related broker
Read the CLI connector from the related broker instance if it isn't set by user.
2020-04-20 14:24:24 -04:00
Clebert Suconic d231e2ac63 [maven-release-plugin] prepare for next development iteration 2020-04-16 16:16:41 -04:00
Clebert Suconic 9636f4a3b0 [maven-release-plugin] prepare release 2.12.0 2020-04-16 16:16:28 -04:00
Justin Bertram 35e0ab63cd ARTEMIS-2715 master broker created w/--replicated should use vote-on-replication-failure=true 2020-04-15 17:35:37 -04:00
Clebert Suconic 9e9f88b6b7 ARTEMIS-2685 Fixing Examples
The examples were broken after the change on ServerUtil.
2020-04-14 11:22:09 -04:00
Justin Bertram 40a6bab898 ARTEMIS-2708 JDK bug causes missed props reload 2020-04-13 16:02:35 -04:00
Justin Bertram 2efa44daf5 ARTEMIS-2692 refactor queue creation
This commit does the following:
- Deprecates existing overloaded createQueue, createSharedQueue,
  createTemporaryQueue, & updateQueue methods for ClientSession,
  ServerSession, ActiveMQServer, & ActiveMQServerControl where
  applicable.
- Deprecates QueueAttributes, QueueConfig, & CoreQueueConfiguration.
- Deprecates existing overloaded constructors for QueueImpl.
- Implements QueueConfiguration with JavaDoc to be the single,
  centralized configuration object for both client-side and broker-side
  queue creation including methods to convert to & from JSON for use in
  the management API.
- Implements new createQueue, createSharedQueue & updateQueue methods
  with JavaDoc for ClientSession, ServerSession, ActiveMQServer, &
  ActiveMQServerControl as well as a new constructor for QueueImpl all
  using the new QueueConfiguration object.
- Changes all internal broker code to use the new methods.
2020-04-13 14:25:30 -05:00
brusdev 68e493029b ARTEMIS-2699 Warn if queue stats are limited by default maxRows
Print a warning if the queues are greater than the max rows value.
2020-04-08 12:52:15 -04:00
Clebert Suconic bd77a536c6 ARTEMIS-2685 Not Block Netty Thread in any way for OpenWire 2020-04-01 18:02:48 -04:00
Justin Bertram 62fef18c65 ARTEMIS-2645 make CLI resources more test friendly
Fix some test race conditions as well.
2020-03-10 10:02:27 -05:00
Justin Bertram 7ad53e5748 ARTEMIS-2645 refactor CLI FQQN support
FQQN support for the CLI was implemented via ARTEMIS-1840 before general
FQQN support was added for producers via ARTEMIS-1867. The CLI's FQQN
functionality is slightly different from what is now generally available
and it can be confusing for users. By refactoring the CLI to use the
general FQQN support the code can be much simpler and consistent with
the expected behavior. Refactoring includes:

 - Deprecating the use of "fqqn://". The CLI commands use JMS so using
   "fqqn://" (instead of "queue://" or "topic://") makes the destination
   type ambiguous which can yield unexpected message routing behavior.
   Now "queue://" and "topic://" can be used with the normal FQQN syntax
   (e.g. address::queue).
 - Eliminating the use of the _AMQ_ROUTE_TO header when sending messags
   to an FQQN. The _AMQ_ROUTE_TO header is an internal header used when
   routing messages over a cluster bridge. Using it in the CLI for FQQN
   support was a clever hack, but using the general FQQN support
   eliminates complexity and makes behavior consistent between
   standalone JMS clients using FQQN and the CLI.
 - De-duplicating MessageSerializer initialization boilerplate.
 - Removing limitation where using an FQQN with an anycast address
   required the same name for the address and queue.
2020-03-05 21:39:18 -05:00
Justin Bertram ed7fee6d9c ARTEMIS-2643 allow masked password when resetting via mgmnt 2020-03-05 21:38:09 -05:00
Justin Bertram ee52dec467 NO-JIRA make ArtemisTest more robust
Change the test to use a pre-created queue rather than an auto-created
one as auto-creation and auto-deletion were causing spurious failures.
2020-02-25 11:20:48 -06:00
Clebert Suconic ddd8ed4402 ARTEMIS-1975 Real Large Message support into AMQP
This is a Large commit where I am refactoring largeMessage Body out of CoreMessage
which is now reused with AMQP.

I had also to fix Reference Counting to fix how Large Messages are Acked

And I also had to make sure Large Messages are transversing correctly when in cluster.
2020-02-25 15:25:01 +01:00
Francesco Nigro 5897909dc9 ARTEMIS-2617 use core pools to reduce GC on journal loading 2020-02-12 13:29:51 -05:00
Justin Bertram fb60795b59 NO-JIRA fix user command parameter docs 2020-02-05 08:36:34 -06:00
Justin Bertram 7d8c0dfc8c ARTEMIS-1676 allow users to override JAVA_ARGS via env vars 2020-01-21 14:20:04 -05:00
Justin Bertram 97735ca72c [maven-release-plugin] prepare for next development iteration 2020-01-10 09:00:58 -06:00
Justin Bertram 25a947f6cb [maven-release-plugin] prepare release 2.11.0 2020-01-10 08:57:46 -06:00
brusdev 5081447d63 ARTEMIS-2585 Remove nested quotes from artemis.profile
Remove the nested quotes around the hawtio.offline value of the JAVA_ARGS line
in the generated artemis.profile.
2020-01-02 16:35:39 +01:00
Clebert Suconic 13278cc45f ARTEMIS-2581 Duplicate Detection on AMQP should be configurable
There is an optimization in AMQP, that properties are only parsed over demand.

It happens that after ARTEMIS-2294 (commit 2dd0671698),
every send would request for the property on the message, resulting the properties to always be parsed upon send.
Even when there's no use of application properties.
2019-12-19 17:54:21 -05:00
brusdev fcc39c583a ARTEMIS-2558 Add the commented out args to dump the java heap on OOME
Add the commented out args to dump the first java heap on OOME for
process and backup the last java heap on OOME at startup.
2019-12-19 13:32:44 -05:00
Justin Bertram c06404406c ARTEMIS-2574 allow security manager config via XML
The test-suite has long used the broker's ability to configure the
security manager. This commit implements this functionality via XML
configuration.
2019-12-12 15:48:43 -05:00
brusdev f680d9f712 ARTEMIS-2466 PageSyncTimer::timeSync isn't configurable using ASYNCIO
Add the config parameter `page-sync-timeout` to set a customized value,
because if the broker is configured to use ASYNCIO journal, the timeout
has the same value of NIO default journal buffer timeout ie 3333333.
2019-11-05 22:44:52 +01:00