Commit Graph

1607 Commits

Author SHA1 Message Date
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
gtully 583bd3602a ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - revert new page-store-name addressSetting, when the page store respects the target address and the size is tallied on the target address store, it is no longer neecessary 2020-10-19 14:04:35 +01:00
Clebert Suconic 621b845d16 ARTEMIS-2951 Fixing Large Message reference counting 2020-10-15 00:07:07 -04:00
gtully 4e8ce9ed10 ARTEMIS-2859 - track owning page store as in a message reference to ensure correct usage tracking, only track size on the owning store, reference everywhere else via refUp 2020-10-15 00:06:43 -04:00
Luis Alves 4584ab16df ARTEMIS-2886 pass FQQN regardless of match 2020-10-14 12:26:19 -05:00
Andy Taylor 0ce173dcb5 ARTEMIS-2838 - migrate to HawtIO 2
https://issues.apache.org/jira/browse/ARTEMIS-2838
2020-10-09 09:20:29 +01:00
Clebert Suconic 8fe4bfb29a ARTEMIS-2936 Adding logging.info on when to enable trace on critical analyzer 2020-10-07 10:40:55 -04:00
franz1981 b4532d944d ARTEMIS-2823 Use datasource with JDBC store db connections fixes
It add additional required fixes:
- Fixed uncommitted deleted tx records
- Fixed JDBC authorization on test
- Using property-based version for commons-dbcp2
- stopping thread pool after activation to allow JDBC lease locks to release the lock
- centralize JDBC network timeout configuration and save repeating it
- adding dbcp2 as the default pooled DataSource to be used
2020-10-06 10:19:06 +02:00
Mikko Uoti 2faafec737 ARTEMIS-2823 Use datasource with JDBC store db connections
Replaces direct jdbc connections with dbcp2 datasource. Adds
configuration options to use alternative datasources and to alter the
parameters. While adding slight overhead, this vastly improves the
management and pooling capabilities with db connections.
2020-10-06 08:32:58 +03:00
gtully 7a472d2782 ARTEMIS-2768 - fix up conditional to include null pageStoreName option, it was a little over eager 2020-09-28 15:53:06 +01:00
Andy Taylor c77bf50db4 ARTEMIS-2908 - Persist Divert Configuration in Bindings journal
https://issues.apache.org/jira/browse/ARTEMIS-2908
2020-09-25 10:03:40 -04:00
gtully 77d1c8cd7f ARTEMIS-2768 - add warning if wildcard subscription does not have a matching page-store-name address setting 2020-09-24 13:52:57 -04:00
Justin Bertram 0f60b5a8e4 ARTEMIS-2906 add lastAckTimestamp to message counter 2020-09-24 12:51:00 -04:00
franz1981 69fa4f3e93 ARTEMIS-2912 Handle NPE due to uninitialized members 2020-09-24 10:26:50 -04:00
franz1981 207c2265bf ARTEMIS-2912 Server start exception before activation can cause a zombie broker 2020-09-24 10:26:50 -04:00
gtully fa04881c6f ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - new page-store-name addressSetting to allow wildcard subscriptions share a single page store 2020-09-24 09:39:31 +01:00
Justin Bertram beaacbfa8d ARTEMIS-2904 prevent acceptor from automatically starting 2020-09-23 20:19:16 -04:00
Justin Bertram f07ad09c07 NO-JIRA fix internal QueueControl method spelling 2020-09-23 12:08:57 -04:00
Justin Bertram 246bf08391 ARTEMIS-2909 revert ARTEMIS-2322
This reverts commit dbb3a90fe6.

The org.apache.activemq.artemis.core.server.Queue#getRate method is for
slow-consumer detection and is designed for internal use only.

Furthermore, it's too opaque to be trusted by a remote user as it only
returns the number of message added to the queue since *the last time
it was called*. The problem here is that the user calling it doesn't
know when it was invoked last. Therefore, they could be getting the
rate of messages added for the last 5 minutes or the last 5
milliseconds. This can lead to inconsistent and misleading results.

There are three main ways for users to track rates of message
production and consumption:

 1. Use a metrics plugin. This is the most feature-rich and flexible
way to track broker metrics, although it requires tools (e.g.
Prometheus) to store the metrics and display them (e.g. Grafana).

 2. Invoke the getMessageCount() and getMessagesAdded() management
methods and store the returned values along with the time they were
retrieved. A time-series database is a great tool for this job. This is
exactly what tools like Prometheus do. That data can then be used to
create informative graphs, etc. using tools like Grafana. Of course, one
can skip all the tools and just do some simple math to calculate rates
based on the last time the counts were retrieved.

 3. Use the broker's message counters. Message counters are the broker's
simple way of providing historical information about the queue. They
provide similar results to the previous solutions, but with less
flexibility since they only track data while the broker is up and
there's not really any good options for graphing.
2020-09-23 12:08:57 -04:00
Bernd Gutjahr 100d070942 ARTEMIS-2878 Add numberOfPages as metric
Added metric 'number.of.pages' to provide numberOfPages for an address.
2020-09-16 09:16:55 -05:00
Justin Bertram 9a90248f49 ARTEMIS-2889 better support for JMS topics with legacy LDAP plugin 2020-09-16 10:14:57 -04:00
Justin Bertram e47eb5ae20 ARTEMIS-589 flow control for individual STOMP subscribers 2020-09-16 10:13:47 -04:00
Justin Bertram 276a8bb029 ARTEMIS-2893 concurrent user admin actions can corrupt properties
When performing concurrent user admin actions (e.g. resetUser, addUser,
removeUser on ActiveMQServerControl) when using the
PropertiesLoginModule with reload=true the underlying user and role
properties files can get corrupted.

This commit fixes the issue via the following changes:
 - Add synchronization to the management commands
 - Add concurrency controls to underlying file access
 - Change CLI user commands to use remote methods instead of modifying
   the files directly. This avoids potential concurrent changes. This
   change forced me to modify the names of some of the commands'
   parameters to disambiguate them from connection-related parameters.
2020-09-16 10:11:23 -04:00
Justin Bertram 6be8966164 ARTEMIS-2901 support namespace for temporary queues 2020-09-16 10:10:28 -04:00
Howard Gao fe5b81fd55 ARTEMIS-2854 Non-durable subscribers stop receiving after failover
In a cluster scenario where non durable subscribers fail over to
backup while another live node forwarding messages to it,
there is a chance that the the live node keeps the old remote
binding for the subs and messages go to those
old remote bindings will result in "binding not found".
2020-09-16 10:03:36 -04:00
Andy Taylor c29a8cda5c ARTEMIS-2902 - expose at queue control messages held in a prepared tx
https://issues.apache.org/jira/browse/ARTEMIS-2902
2020-09-15 11:08:59 -04:00
Clebert Suconic 27c7385315 NO-JIRA using correct queue on RefOperation::rollback and remove TODO
this does not represent an issue as there are no semantic changes here.
I am doing this for correctness
2020-09-15 08:15:07 -04:00
Clebert Suconic 7cf5289efa ARTEMIS-2900 Expose property (getWholeMessageSize) so users can intercept size of messages and large messages 2020-09-14 15:35:46 -04:00
Justin Bertram cf92c16339 ARTEMIS-2886 put address/FQQN into new security manager interface
The default JAAS security manager doesn't need the address/FQQN for
authorization, but I'm putting it back into the interface because there
are other use cases which *do* need it.
2020-09-14 15:35:24 -04:00
gtully ec1c5a96c7 ARTEMIS-2895 - ensure propagated credentials are visible for bind and removed for subsequent mapping operations 2020-09-07 16:32:57 +01:00
Justin Bertram f5a6189e2d ARTEMIS-2890 FQQN security-settings + JMS not working 2020-09-03 16:52:51 -04:00
Luis De Bello 5087471ed3 ARTEMIS-2696 Releasing ByteBuf after reading content on WebSocket 2020-09-03 16:05:27 -04:00
Clebert Suconic c3887ed710 ARTEMIS-2887 Adding back Message.toString on audit logger 2020-08-26 21:48:30 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
Justin Bertram d86067a65b ARTEMIS-2872 support FQQN syntax for security-settings 2020-08-22 18:24:40 -05:00
Michael Pearce 2c506cc52a [ARTEMIS-2863] Add support to pause dispatch when group rebalance
Add test case
Add implementation
Add docs
2020-08-19 12:04:50 -04:00
franz1981 40f20cfe6a ARTEMIS-2877 Fix journal replication scalability
This is allowing journal appends to happen in burst
during replication, by batching replication response
into the network at the end of the append burst.
2020-08-17 13:01:41 -04:00
Justin Bertram fa5b56ef1d ARTEMIS-2881 deadlock when destroying q and depaging
I couldn't reproduce this with a test, but static code analysis led me
to this solution which is similar to the fix done for ARTEMIS-2592 via
e397a17796.
2020-08-17 10:34:20 -05:00
Clebert Suconic c551df770c ARTEMIS-2868 Protect Topology Updates from Split Brain on broker shutdown as well 2020-08-07 12:39:20 -04:00
Clebert Suconic 27cb9b37b1 ARTEMIS-2868 Protect Topology Updates from Split Brain 2020-08-06 17:40:57 -04:00
Clebert Suconic 9842f45a49 ARTEMIS-2867 Do not cache IPs on DNS Entries for NetworkHealthCheck
In case of a DNS outage, the pinger should still fail
If we cache the InetAddress this would not be possible
2020-08-06 17:40:41 -04:00
Michael Pearce 486896d99e ARTEMIS-2873 Config-managed queues are auto-deleted
auto-delete-queues and auto-delete-created-queues should only apply to
NON configuration managed queues.
2020-08-06 15:19:57 -05:00
Justin Bertram 8473946646 ARTEMIS-2865 LegacyLDAPSecuritySettingPlugin can change default security match 2020-08-06 15:36:05 -04:00
Justin Bertram 1ae8069864 ARTEMIS-2869 JDBC XML conf can't use custom pwd codec 2020-08-04 17:05:19 -05:00
Francesco Nigro 60e25b763c ARTEMIS-2844 Improve binding query performance by reusing AddressImpl instances 2020-07-30 23:32:10 -04:00
Justin Bertram 4c79b25dc2 ARTEMIS-2840 missing AddressControl audit logging 2020-07-30 12:01:25 -04:00
Clebert Suconic c00b210629 ARTEMIS-2858 DNS Tests on reconnects and backups
There are no fixes as part of this test addition.  As I wrote this test as I was debugging DNS issues.
2020-07-29 17:56:55 -04:00
Clebert Suconic 3d86d78828 ARTEMIS-2587 Exposing ActiveMQServer::isActivate through management at ActiveMQServerControl 2020-07-29 11:41:41 -04:00