Commit Graph

7925 Commits

Author SHA1 Message Date
Clebert Suconic c3887ed710 ARTEMIS-2887 Adding back Message.toString on audit logger 2020-08-26 21:48:30 -04:00
Clebert Suconic 4d45d0cdd2 ARTEMIS-2887 Adding toString back to AMQPMessage 2020-08-26 17:54:25 -04:00
Clebert Suconic 4e33b53c8f This closes #3246 2020-08-26 17:46:25 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino b85156cc27 NO-JIRA POM on extra-tests to 2.16.0-SNAPSHOT 2020-08-24 16:24:25 +02:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
gtully e3fc5d18b2 refer to infra signing for key generation details 2020-08-24 11:41:01 +01:00
Clebert Suconic 31910b5ed9 This closes #3245 2020-08-23 16:10:03 -04:00
Justin Bertram d86067a65b ARTEMIS-2872 support FQQN syntax for security-settings 2020-08-22 18:24:40 -05:00
Justin Bertram 57b8c22a62 ARTEMIS-2880 support FQQN syntax for JNDI lookup 2020-08-20 15:16:17 -05:00
Justin Bertram 582a430213 ARTEMIS-2882 better support for JMS topics + FQQN
Support FQQN with JMS topics when sending to or consuming from a
specific subscription. This applies to JMS over core, OpenWire,
and AMQP.
2020-08-20 14:32:11 -05:00
Clebert Suconic a2bf85f529 NO-JIRA Fixing java.security location on java11 2020-08-20 11:36:21 -04:00
Clebert Suconic 316618e845 This closes #3244 2020-08-20 11:13:19 -04:00
Clebert Suconic 365663e368 NO-JIRA javadoc on NetUtil 2020-08-20 08:58:55 -04:00
Clebert Suconic b766969187 This closes #3230 2020-08-19 12:04:50 -04:00
Michael Pearce 2c506cc52a [ARTEMIS-2863] Add support to pause dispatch when group rebalance
Add test case
Add implementation
Add docs
2020-08-19 12:04:50 -04:00
Clebert Suconic c63c1f40ca NO-JIRA Small improvement on compatibility tests 2020-08-19 11:47:27 -04:00
Robbie Gemmell 178ccb004a ARTEMIS-2871: update to qpid-jms 0.54.0 2020-08-18 16:46:26 +01:00
Clebert Suconic f6ac058f7f This closes #3242 2020-08-17 13:01:42 -04:00
franz1981 40f20cfe6a ARTEMIS-2877 Fix journal replication scalability
This is allowing journal appends to happen in burst
during replication, by batching replication response
into the network at the end of the append burst.
2020-08-17 13:01:41 -04:00
franz1981 a6bf7d0e04 ARTEMIS-2837 Bursts of open files under high load
This would prevent to push a new opened file if there
is already one available to be consumed
2020-08-17 13:01:41 -04:00
franz1981 851aef1172 Revert "ARTEMIS-2837 Avoiding bursts on writes and pending callbacks"
This reverts commit 1761f763
2020-08-17 13:01:41 -04:00
Clebert Suconic 093cbe237f This closes #3243 2020-08-17 12:52:48 -04:00
Justin Bertram fa5b56ef1d ARTEMIS-2881 deadlock when destroying q and depaging
I couldn't reproduce this with a test, but static code analysis led me
to this solution which is similar to the fix done for ARTEMIS-2592 via
e397a17796.
2020-08-17 10:34:20 -05:00
Robbie Gemmell 3fdc9cf026 ARTEMIS-2871: update to proton-j 0.33.6 and qpid-jms 0.53.0 2020-08-13 09:30:56 +01:00
Clebert Suconic d07c623aee This closes #3235 2020-08-11 10:32:52 -04:00
Robbie Gemmell 131b8b22ec NO-JIRA: fix RandomUtilDistributionTest assertion and improve failure message 2020-08-11 10:32:52 -04:00
Clebert Suconic 8913df664e This closes #3229 2020-08-10 14:16:45 -04:00
Justin Bertram af7c6882da ARTEMIS-2862 activation failure can cause zombie broker
In certain cases with shared-store HA a broker's activation can fail but
the broker will still be holding the journal lock. This results in a
"zombie" broker which can't actually service clients and prevents the
backup from activating.

This commit adds an ActivationFailureListener to catch activation
failures and stop the broker completely.
2020-08-10 14:16:45 -04:00
Clebert Suconic 02b8135e8d This closes #3239 2020-08-07 12:44:10 -04:00
Clebert Suconic c551df770c ARTEMIS-2868 Protect Topology Updates from Split Brain on broker shutdown as well 2020-08-07 12:39:20 -04:00
Clebert Suconic 1945a1765d This closes #3231 2020-08-07 09:51:44 -04:00
Justin Bertram 43e3cd6047 ARTEMIS-2865 make tests more robust 2020-08-06 22:07:42 -05:00
Clebert Suconic f7bc2f78de This closes #3232 2020-08-06 20:20:13 -04:00
Clebert Suconic 27cb9b37b1 ARTEMIS-2868 Protect Topology Updates from Split Brain 2020-08-06 17:40:57 -04:00
Clebert Suconic 9842f45a49 ARTEMIS-2867 Do not cache IPs on DNS Entries for NetworkHealthCheck
In case of a DNS outage, the pinger should still fail
If we cache the InetAddress this would not be possible
2020-08-06 17:40:41 -04:00
Clebert Suconic df2f48a481 NO-JIRA update RandomUtil.randomInterval to deal with (max==min) 2020-08-06 17:08:54 -04:00
Justin Bertram 3c3b7b66cf This closes #3237 2020-08-06 15:22:55 -05:00
Michael Pearce 486896d99e ARTEMIS-2873 Config-managed queues are auto-deleted
auto-delete-queues and auto-delete-created-queues should only apply to
NON configuration managed queues.
2020-08-06 15:19:57 -05:00
Justin Bertram 69cde0fca1 NO-JIRA restore Jira/GitHub integration, etc. 2020-08-06 14:45:01 -05:00
Clebert Suconic 4fea2c4e42 This closes #3231 2020-08-06 15:36:05 -04:00
Justin Bertram 8473946646 ARTEMIS-2865 LegacyLDAPSecuritySettingPlugin can change default security match 2020-08-06 15:36:05 -04:00
franz1981 c14c51c19c This closes #3233 2020-08-06 17:58:50 +02:00
Justin Bertram 1ae8069864 ARTEMIS-2869 JDBC XML conf can't use custom pwd codec 2020-08-04 17:05:19 -05:00
Justin Bertram 19475d9d32 NO-JIRA fuller description of 2.14.0 highlights 2020-08-04 14:32:34 -05:00
Justin Bertram 1e8e19c716 NO-JIRA update versions doc 2020-08-04 14:09:21 -05:00
Justin Bertram 87274675d6 NO-JIRA document SOCKS proxy support 2020-08-04 11:42:55 -05:00
Justin Bertram 92c4c65d31 NO-JIRA a few updates to the logging doc 2020-08-04 11:21:52 -05:00
Clebert Suconic 89cef9bf97 This closes #3217 2020-07-31 08:48:35 -04:00