Commit Graph

528 Commits

Author SHA1 Message Date
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
gtully 583bd3602a ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - revert new page-store-name addressSetting, when the page store respects the target address and the size is tallied on the target address store, it is no longer neecessary 2020-10-19 14:04:35 +01:00
Justin Bertram a8d718166d NO-JIRA higher quality logos 2020-09-29 12:19:39 -05:00
Justin Bertram 7ed83a78a0 NO-JIRA update doc logos 2020-09-29 11:34:07 -05:00
Justin Bertram 0f60b5a8e4 ARTEMIS-2906 add lastAckTimestamp to message counter 2020-09-24 12:51:00 -04:00
gtully fa04881c6f ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - new page-store-name addressSetting to allow wildcard subscriptions share a single page store 2020-09-24 09:39:31 +01:00
Justin Bertram beaacbfa8d ARTEMIS-2904 prevent acceptor from automatically starting 2020-09-23 20:19:16 -04:00
Justin Bertram 9a90248f49 ARTEMIS-2889 better support for JMS topics with legacy LDAP plugin 2020-09-16 10:14:57 -04:00
Justin Bertram e47eb5ae20 ARTEMIS-589 flow control for individual STOMP subscribers 2020-09-16 10:13:47 -04:00
Domenico Francesco Bruscino f467bc0d55 NO-JIRA Fix PDF header and table of content
Override the default theme page.html of gitbook to fix the issue at
https://github.com/GitbookIO/theme-default/pull/80
2020-09-16 10:11:56 -04:00
Justin Bertram 6be8966164 ARTEMIS-2901 support namespace for temporary queues 2020-09-16 10:10:28 -04:00
Urs Roesch 7cf787af55 NO-JIRA: web-server.md documentation typos
Fixing case for `trustStorePath`, `trustStorePassword`, `keyStorePath`
and `keyStorePassword` to prevent org.xml.sax.SAXParseException.
2020-09-16 10:09:38 -04:00
gtully ec1c5a96c7 ARTEMIS-2895 - ensure propagated credentials are visible for bind and removed for subsequent mapping operations 2020-09-07 16:32:57 +01:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Justin Bertram d86067a65b ARTEMIS-2872 support FQQN syntax for security-settings 2020-08-22 18:24:40 -05:00
Michael Pearce 2c506cc52a [ARTEMIS-2863] Add support to pause dispatch when group rebalance
Add test case
Add implementation
Add docs
2020-08-19 12:04:50 -04:00
Justin Bertram 19475d9d32 NO-JIRA fuller description of 2.14.0 highlights 2020-08-04 14:32:34 -05:00
Justin Bertram 1e8e19c716 NO-JIRA update versions doc 2020-08-04 14:09:21 -05:00
Justin Bertram 87274675d6 NO-JIRA document SOCKS proxy support 2020-08-04 11:42:55 -05:00
Justin Bertram 92c4c65d31 NO-JIRA a few updates to the logging doc 2020-08-04 11:21:52 -05:00
gtully 90273e6818 no jira - give some love to the migration guide 2020-07-23 14:17:33 +01:00
brusdev 427dc4dcb0 NO-JIRA Add updateDivert in management doc 2020-07-07 08:20:48 -04:00
Jan Šmucr 85e07a8afe ARTEMIS-2820 Undeploy diverts by removing them from broker.xml 2020-06-24 22:01:56 +01:00
Jan Šmucr 5070e7a72c ARTEMIS-2797 - Reset queue properties by unsetting them in broker.xml
Now it is possible to reset queue parameters to their defaults by removing them
from broker.xml and redeploying the configuration.

Originally this PR covered the "filter" parameter only.
2020-06-23 11:20:03 +02:00
Justin Bertram 36a2c575e5 NO-JIRA clarify check-for-live-server doc 2020-06-17 13:02:14 -05:00
Justin Bertram 8e8bbc93ac Clarify doc on embedding 2020-06-17 12:36:11 -05:00
Faldrian 0fda791fe0 NO-JIRA fixed typo in code example 2020-06-09 15:19:48 -04:00
Michael Pearce 99f6c7bf20 ARTEMIS-2787 - Add ability to disable and enable a queue
Add feature
Add tests
Add docs
Add missing bits noticed in ring-size
Address comments
2020-06-08 18:02:48 -04:00
Justin Bertram 7096bc187a ARTEMIS-2649 always over-write ORIG message props
ORIG message propertes like _AMQ_ORIG_ADDRESS are added to messages
during various broker operations (e.g. diverting a message, expiring a
message, etc.). However, if multiple operations try to set these
properties on the same message (e.g. administratively moving a message
which eventually gets sent to a dead-letter address) then important
details can be lost. This is particularly problematic when using
auto-created dead-letter or expiry resources which use filters based on
_AMQ_ORIG_ADDRESS and can lead to message loss.

This commit simply over-writes the existing ORIG properties rather than
preserving them so that the most recent information is available.
2020-06-01 15:19:34 -04:00
Justin Bertram 4b7b612eb9 ARTEMIS-2771 support JVM GC & thread metrics 2020-05-20 15:53:15 -04:00
Emmanuel Hugonnet a88815d9b3 [ARTEMIS-2704]: Provide a SPI to manage and cache SSLContext.
* Adding a new SPI to allow for SSLContext reuse accross the broker.
 * Providing a default behaviour similar to the existing one.

[ARTEMIS-2718]: Take advantage of ARTEMIS-2704 to cache SSLContexts.
* Adding a cache for SSLContexts and reusing them accross acceptors and
  connectors.

Issue: https://issues.apache.org/jira/browse/ARTEMIS-2704
Issue: https://issues.apache.org/jira/browse/ARTEMIS-2718
2020-05-15 16:19:50 -04:00
Justin Bertram 3bd0d8bf38 ARTEMIS-2758 support disabling metrics per address 2020-05-14 15:16:23 -04:00
Clebert Suconic 4fe4220ff0 ARTEMIS-2372 / ARTEMIS-2740 Improving Message Annotations support in AMQP
- when sending messages to DLQ or Expiry we now use x-opt legal names
- we now support filtering thorugh annotations if using m. as a prefix.
- enabling hyphenated_props: to allow m. as a prefix
2020-05-13 10:55:36 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Havret ee85989995 NO-JIRA Remove repeated words and fix spelling and grammar 2020-05-03 11:59:25 +02:00
Justin Bertram 6709883d0e ARTEMIS-2738 implement per-acceptor security domains 2020-04-28 21:45:38 -04:00
Justin Bertram 4b97e06890 ARTEMIS-2726 implement min/max expiry-delay 2020-04-23 17:56:51 -04:00
Clebert Suconic 5e594cc18f ARTEMIS-2732 Updating hacking guide 2020-04-22 23:08:46 -04:00
gamedev8 65b23e2238 NO-JIRA Doc change. Updating `connectionTtl` to `connectionTTL` 2020-04-13 16:48:07 -04:00
brusdev cd72f4db82 NO-JIRA Document NO-JIRA use cases 2020-04-08 12:54:16 -04:00
Justin Bertram fdfe3ba3fa ARTEMIS-2679 deprecate message-expiry-thread-priority
Due to the changes in 6b5fff40cb the
config parameter message-expiry-thread-priority is no longer needed. The
code now uses a ScheduledExecutorService and a thread pool rather than
dedicating a thread 100% to the expiry scanner. The pool's size can be
controlled via scheduled-thread-pool-max-size.
2020-03-25 16:43:38 -04:00
brusdev af72c008ff ARTEMIS-2663 Add customizer support for the embedded web server 2020-03-18 10:01:41 -05:00
Justin Bertram f9d4438f40 NO-JIRA doc STOMP routing behavior & config options 2020-03-05 20:52:16 -06:00
Justin Bertram a9e6dbb0e3 NO-JIRA reconcile STOMP prop names b/w code & doc 2020-03-05 20:49:25 -06:00
Justin Bertram 8c259116a8 NO-JIRA clarify & verify web socket support for MQTT 2020-03-05 21:34:53 -05:00
avi5kdonrh e90a10b195 NO-JIRA clarify default id-cache-size in the doc
The default id cache size is 20000, not 2000
2020-03-04 10:56:59 -06:00
brusdev 1e9be7ddc9 ARTEMIS-2627 simpleSecureServer failing on IBM Java 8 JVM
Remove excluded cipher suites matching the prefix `SSL` because the names of the
IBM Java 8 JVM cipher suites have the prefix `SSL` while the
`DEFAULT_EXCLUDED_CIPHER_SUITES` of org.eclipse.jetty.util.ssl.SslContextFactory
includes "^SSL_.*$". So all IBM JVM cipher suites are excluded by
SslContextFactory using the `DEFAULT_EXCLUDED_CIPHER_SUITES`.
2020-02-25 12:02:51 -06:00
Clebert Suconic ddd8ed4402 ARTEMIS-1975 Real Large Message support into AMQP
This is a Large commit where I am refactoring largeMessage Body out of CoreMessage
which is now reused with AMQP.

I had also to fix Reference Counting to fix how Large Messages are Acked

And I also had to make sure Large Messages are transversing correctly when in cluster.
2020-02-25 15:25:01 +01:00
Justin Bertram 72f5a1f5bc NO-JIRA fix up docs for security-ldap example 2020-02-24 13:32:02 -06:00
Justin Bertram d0758f34f6 ARTEMIS-2624 auto-create expiry resources 2020-02-20 17:44:56 -05:00