Commit Graph

29 Commits

Author SHA1 Message Date
Justin Bertram 186481bbe8 ARTEMIS-3155 differentiate SSL store type and provider
The provider of an SSL key/trust store is different from that store's
type. However, the broker currently doesn't differentiate these and uses
the provider for both. Changing this *may* potentially break existing
users who are setting the provider, but I don't see any way to avoid
that. This is a bug that needs to be fixed in order to support use-cases
like PKCS#11.

Change summary:
 - Added documentation.
 - Consolidated several 2-way SSL tests classes into a single
   parameterized test class. All these classes were essentially the same
   except for a few key test parameters. Consolidating them avoided
   having to update the same code in multiple places.
 - Expanded tests to include different providers & types.
 - Regenerated all SSL artifacts to allow tests to pass with new
   constraints.
 - Improved logging for when SSL handler initialization fails.
2021-03-24 09:08:33 -04:00
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
brusdev af72c008ff ARTEMIS-2663 Add customizer support for the embedded web server 2020-03-18 10:01:41 -05:00
brusdev 1e9be7ddc9 ARTEMIS-2627 simpleSecureServer failing on IBM Java 8 JVM
Remove excluded cipher suites matching the prefix `SSL` because the names of the
IBM Java 8 JVM cipher suites have the prefix `SSL` while the
`DEFAULT_EXCLUDED_CIPHER_SUITES` of org.eclipse.jetty.util.ssl.SslContextFactory
includes "^SSL_.*$". So all IBM JVM cipher suites are excluded by
SslContextFactory using the `DEFAULT_EXCLUDED_CIPHER_SUITES`.
2020-02-25 12:02:51 -06:00
Justin Bertram c06404406c ARTEMIS-2574 allow security manager config via XML
The test-suite has long used the broker's ability to configure the
security manager. This commit implements this functionality via XML
configuration.
2019-12-12 15:48:43 -05:00
Francesco Nigro 417ee543fd ARTEMIS-2354 Fix compilation issues on JDK 8
This reverts partially commit f8d3a8f2 to include only
the changes that makes possible to run tests with JDK 11:
compile on JDK 11 is outside the scope of the issue.
JDK 11 compilation requires Karaf upgrade, that will
break compatibility with Aether on integration-tests.
2019-06-20 11:36:53 -04:00
Francesco Nigro f8d3a8f2f2 ARTEMIS-2354 Improve compatibillity of tests with JDK 11 2019-06-19 10:53:53 -05:00
Šmucr Jan 6d0641b438 ARTEMIS-2169 allow config of JMX RMI registry port
Previously the port was always random. This caused problems with
remote JMX connections that needed to overcome firewalls. As of
this patch it's possible to make the RMI port static and whitelist
it in the firewall settings.
2018-11-09 10:04:13 -06:00
Justin Bertram 07e14c1582 ARTEMIS-2087 support masked passwords in management.xml 2018-09-21 11:50:38 -04:00
Justin Bertram aa1f6a9dd3 ARTEMIS-1917 support logging HTTP access 2018-06-19 00:12:32 -04:00
Howard Gao bb84f67936 ARTEMIS-1600 Support masked passwords in bootstrap.xm and login.config
We provide a feature to mask passwords in the configuration files.
However, passwords in the bootstrap.xml (when the console is
secured with HTTPS) cannot be masked. This enhancement has
been opened to allow passwords in the bootstrap.xml to be masked
using the built-in masking feature provided by the broker.

Also the LDAPLoginModule configuration (in login.config) has a
connection password attribute that also needs this mask support.

In addition the ENC() syntax is supported for password masking
to replace the old 'mask-password' flag.
2018-01-18 08:59:00 -06:00
Andy Taylor 62a2b14dd0 ARTEMIS-1463 - add role based authentication to the JMX objects
This is done by creating a guard and using JAAS to check for access to mbean objects and their methods.

NB this also implements https://issues.apache.org/jira/browse/ARTEMIS-534

https://issues.apache.org/jira/browse/ARTEMIS-1463
2017-10-16 15:39:38 +01:00
Clebert Suconic 6483123417 ARTEMIS-801 Dealing properly with Spaces and Special Characters on broker 2016-10-17 22:04:21 -04:00
Clebert Suconic ec48f9ed00 ARTEMIS-765 Improve Checkstyle 2016-09-30 11:12:09 -04:00
Ville Skyttä e1728f0797 Spelling fixes 2016-08-25 14:22:32 -04:00
Ville Skyttä 149216e8ec Remove unnecessary null checks and assignments 2016-07-05 14:18:01 -04:00
Howard Gao 23475caca9 ARTEMIS-594 support HTTPS access to hawtio 2016-06-24 13:24:23 -05:00
Clebert Suconic 286a4ba9ed ARTEMIS-574 fixing home and instance on DTO, CLI and maven plugin 2016-06-17 15:05:46 -04:00
jbertram 7715b5ee12 ARTEMIS-529 support dual auth
A new feature whereby 2-way SSL connections can be authenticated differently
than non-SSL connections.
2016-06-17 11:07:03 -05:00
Ville Skyttä 3923ae45f4 Fix checkstyle redundant modifier violations 2016-06-13 20:03:54 +03:00
jbertram c40ab12843 ARTEMIS-300 deprecate basic security manager
The old property-file based security manager shouldn't be used anymore. Instead
use the JAAS InVMLoginModule for in-vm tests, embedded use-cases, etc. and use
the other JAAS login modules for normal server use-cases.
2015-11-11 14:17:46 -06:00
jbertram 6ed9c5ae91 ARTEMIS-74 import JAAS auth from 5.x
This change allows the use of JAAS login modules for basic authentication
and authorization.
2015-10-09 11:42:22 -05:00
Clebert Suconic 5ac2c2444b manual checkstyle changes 2015-08-10 10:08:23 -04:00
Clebert Suconic bac96047f5 automatic checkstyle change
this is just calling Idea format on all the files using the new style
I am separating manual changes from automatic changes in case I have to repeat the manual changes again
2015-08-10 09:26:42 -04:00
Thiago Kronig d48b4f4770 ARTEMIS-129 License header should be a normal comment
To reproduce this commit, apply a replace regex rule using:

    search regex: /\*\*\n \* Licensed
    replace: /\*\n \* Licensed

These files had to be changed manually:

    artemis-selector/src/main/javacc/HyphenatedParser.jj
    artemis-selector/src/main/javacc/StrictParser.jj
    artemis-website/src/main/resources/styles/impact/css/pygmentize.css
    artemis-website/src/main/resources/styles/impact/css/site.css
2015-06-03 10:19:45 -04:00
Martyn Taylor a17c828b85 Ensure all references to the project use ActiveMQ Artemis 2015-05-13 11:51:26 +01:00
Clebert Suconic cff9f5b785 Improving tools to use configuration
PrintData / Export and other tools are now reading default configuration from broker.xml
I also did some refactoring so Stop and Run will share some of the basic functions
2015-05-04 16:05:22 -04:00
Justin Bertram 8f52a622d0 ACTIVEMQ6-1 Artemis rename
Based on the Apache ActiveMQ community vote this project is being
renamed "Artemis."
2015-04-27 17:48:02 -04:00
Clebert Suconic f509c075c6 ACTIVEMQ6-1 Artemis rename
This commit is a simple mv of the files.. We required two commits to preserve history,
one to git mv, one for the actual changes...

otherwise history would be lost

Based on the Apache ActiveMQ community vote this project is being
renamed "Artemis."
2015-04-27 17:44:45 -04:00