Commit Graph

464 Commits

Author SHA1 Message Date
Justin Bertram cf92c16339 ARTEMIS-2886 put address/FQQN into new security manager interface
The default JAAS security manager doesn't need the address/FQQN for
authorization, but I'm putting it back into the interface because there
are other use cases which *do* need it.
2020-09-14 15:35:24 -04:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Domenico Francesco Bruscino 32bf9680f2 [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
Domenico Francesco Bruscino a549fcedde [maven-release-plugin] prepare release 2.15.0 2020-08-24 16:03:12 +02:00
Clebert Suconic 6690ba1d24 [maven-release-plugin] prepare for next development iteration 2020-07-09 12:49:08 -04:00
Clebert Suconic a76f41a7ed [maven-release-plugin] prepare release 2.14.0 2020-07-09 12:48:54 -04:00
Clebert Suconic 6254a70ddc NO-JIRA Fixing some javadoc statements 2020-07-09 12:23:46 -04:00
Clebert Suconic 3d3fda168b NO-JIRA fixing javadoc on SharedStorageStaticCluster.java 2020-07-09 12:00:50 -04:00
Robbie Gemmell 12bc494f72 ARTEMIS-2109: use default 1.8 compiler source/target config as with other examples, newest JDKs no longer target 1.6. Fix SSL example. Allows building on JDK 14+. 2020-06-11 18:50:01 +01:00
Robbie Gemmell 502bfcfc56 ARTEMIS-2109: Update extra-tests bits. Disable errorprone for examples, at least for now, to avoid updating hundreds of poms. Allows building on 11+ 2020-06-11 18:50:01 +01:00
brusdev a8c278a80e ARTEMIS-2790 Fix no examples documentation in the bin archive
Move the markdown generator for the examples to artemis-distribution.
2020-06-04 10:15:10 -04:00
Clebert Suconic faa83b2ba6 [maven-release-plugin] prepare for next development iteration 2020-05-16 18:38:47 -04:00
Clebert Suconic 5f49d89264 [maven-release-plugin] prepare release 2.13.0 2020-05-16 18:38:34 -04:00
Clebert Suconic c99fcd501b [maven-release-plugin] prepare for next development iteration 2020-05-15 16:42:54 -04:00
Clebert Suconic 47fafac760 [maven-release-plugin] prepare release 2.13.0 2020-05-15 16:42:41 -04:00
Andy Taylor 8a04ee07de ARTEMIS-2648 - audit logging improvements
https://issues.apache.org/jira/browse/ARTEMIS-2648
2020-05-04 15:19:08 +01:00
Justin Bertram 7bcb67718d NO-JIRA doc fix for Symmetric Cluster example 2020-04-30 09:13:51 -05:00
Justin Bertram 6709883d0e ARTEMIS-2738 implement per-acceptor security domains 2020-04-28 21:45:38 -04:00
Clebert Suconic 11a3e810bb [maven-release-plugin] prepare for next development iteration 2020-04-21 17:06:21 -04:00
Clebert Suconic 30272e0c2f [maven-release-plugin] prepare release 2.12.0 2020-04-21 17:06:08 -04:00
Clebert Suconic d231e2ac63 [maven-release-plugin] prepare for next development iteration 2020-04-16 16:16:41 -04:00
Clebert Suconic 9636f4a3b0 [maven-release-plugin] prepare release 2.12.0 2020-04-16 16:16:28 -04:00
Clebert Suconic f874a02d17 ARTEMIS-2673 PageStore should only be removed when Address is removed
& ARTEMIS-2674 AMQP should use a separate executor for IO
2020-03-23 20:02:17 -04:00
Chandra Shekhar 8eaaefb4b7 removed flag ' -l qpidtypes' from proton-cpp example 2020-03-23 17:02:09 -04:00
Justin Bertram 72f5a1f5bc NO-JIRA fix up docs for security-ldap example 2020-02-24 13:32:02 -06:00
Christopher L. Shannon (cshannon) 3966e47338 ARTEMIS-2613: Add support for DivertBindings for federated addresses
This will allow federated addresses to create remote consumers based on
the existing of divert bindings and matching queue bindings
2020-02-17 12:15:18 -05:00
Christopher L. Shannon (cshannon) 0b8c33bb0f NO-JIRA: Adding missing module to broker-federation pom 2020-02-11 08:56:08 -05:00
brusdev 832f1e5b92 NO-JIRA Fix federated-address-downstream pom 2020-02-11 08:33:06 +01:00
Justin Bertram 97735ca72c [maven-release-plugin] prepare for next development iteration 2020-01-10 09:00:58 -06:00
Justin Bertram 25a947f6cb [maven-release-plugin] prepare release 2.11.0 2020-01-10 08:57:46 -06:00
Justin Bertram 81c83e05fa NO-JIRA regenerate expired SSL test resources 2020-01-08 14:09:33 +08:00
Justin Bertram fd6a98a4f8 ARTEMIS-2574 fix example 2019-12-16 10:12:24 -06:00
Justin Bertram c06404406c ARTEMIS-2574 allow security manager config via XML
The test-suite has long used the broker's ability to configure the
security manager. This commit implements this functionality via XML
configuration.
2019-12-12 15:48:43 -05:00
Christopher L. Shannon (cshannon) fb54707e2d ARTEMIS-2549 - Add Downstream support to Federation
This commit introduces the ability to configure a downstream connection
for federation.  This works by sending information to the remote broker
and that broker will parse the message and create a new upstream back
to the original broker.
2019-11-20 08:47:16 -05:00
brusdev f3b7cf88ed NO-JIRA Fixing shared-storage-static-cluster parent 2019-10-09 11:39:38 -04:00
Clebert Suconic 2f5691c3f7 NO-JIRA moving shared-storage-static-cluster under clustering examples 2019-10-03 13:47:35 -04:00
Clebert Suconic 104ee10a3e NO-JIRA fixing client-side-load-balancing example 2019-10-03 13:18:58 -04:00
Clebert Suconic 91f4d0a633 [maven-release-plugin] prepare for next development iteration 2019-09-23 11:19:54 -04:00
Clebert Suconic 86a975fdad [maven-release-plugin] prepare release 2.10.1 2019-09-23 11:19:42 -04:00
Clebert Suconic 1928180a7c ARTEMIS-2467 Allowing create of static clusters through CLI 2019-09-10 15:04:18 -04:00
Clebert Suconic 5016f69daa [maven-release-plugin] prepare for next development iteration 2019-08-26 10:42:13 -04:00
Clebert Suconic f092d5396a [maven-release-plugin] prepare release 2.10.0 2019-08-26 10:42:01 -04:00
Justin Bertram d92c9bbf1f NO-JIRA a few example updates 2019-06-20 11:42:00 -04:00
Justin Bertram dbb2b54fa7 [maven-release-plugin] prepare for next development iteration 2019-05-29 22:02:00 -05:00
Justin Bertram 88c686cc99 [maven-release-plugin] prepare release 2.9.0 2019-05-29 21:59:18 -05:00
Clebert Suconic 2ae732cfc8 [maven-release-plugin] prepare for next development iteration 2019-05-16 09:58:27 -04:00
Clebert Suconic 481b9824a8 [maven-release-plugin] prepare release 2.8.1 2019-05-16 09:58:15 -04:00
Clebert Suconic 56152a9e7c [maven-release-plugin] prepare for next development iteration 2019-05-02 16:39:10 -04:00
Clebert Suconic a8e7f9d07a [maven-release-plugin] prepare release 2.8.0 2019-05-02 16:38:58 -04:00
Jiri Danek b33874488b ARTEMIS-2320 Assorted small code fixes, mostly from IntelliJ autofixes 2019-04-29 11:28:10 +01:00
Clebert Suconic 228f6af4ca [maven-release-plugin] prepare for next development iteration 2019-04-25 16:52:09 -04:00
Clebert Suconic 09d2ba18a7 [maven-release-plugin] prepare release 2.8.0 2019-04-25 16:51:57 -04:00
Clebert Suconic 516b1a1b9f [maven-release-plugin] prepare for next development iteration 2019-03-14 12:41:04 -04:00
Clebert Suconic c3eb6c12ad [maven-release-plugin] prepare release 2.7.0 2019-03-14 12:40:52 -04:00
Michael André Pearce 4a5af776d8 ARTEMIS-2265 Support Federated Queues and Addresses
Implement Federated Queue (builds on recent consumer priority)
Implement Federated Address (builds on recent queue level auto-delete)
Add Functional Tests
Add Failure Tests (remote and local shutdowns)
Add Documentation
2019-03-07 14:37:00 -05:00
andytaylor f99db14c3a ARTEMIS-2249 - update cpp example to use correct client libs
https://issues.apache.org/jira/browse/ARTEMIS-2249
2019-03-05 15:27:08 -05:00
Clebert Suconic 1a20499a06 ARTEMIS-2189 Fixing queueRequestor example 2019-01-30 15:38:07 -05:00
Martyn Taylor 569ce9d8a3 Add Interceptor Example 2019-01-22 10:48:10 +00:00
Francesco Nigro cfd520e38c ARTEMIS-2162 Remove -XX:+AggressiveOpts to improve JDK 11 compatibility 2018-12-13 10:55:30 -06:00
Matt Slonetsky a65b62b4ed ARTEMIS-2194 Typo in word 'update' in class MessageCounterInfo 2018-12-13 10:48:44 -06:00
gtully b812bfdbed ARTEMIS-2103 - use the full openwire consumer queue for the mapped virtual topic queue binding, fix and test 2018-10-10 18:48:11 -04:00
Justin Bertram 5d329a70d1 ARTEMIS-2087 fix NPE; mask password in example 2018-09-26 09:20:24 -04:00
Justin Bertram ad7c0ea12d ARTEMIS-2060 OpenSSL tests broken after Netty upgrade 2018-08-28 11:02:45 -05:00
Ricardo Zanini 550c79b134 ARTEMIS-2033 add spring-boot-integration example 2018-08-14 23:45:31 +01:00
Justin Bertram d35f01d25d ARTEMIS-1954 eliminate all possible usage of JMSServerManager 2018-07-12 14:24:44 -04:00
Clebert Suconic d805074b94 ARTEMIS-1948 dotnet example with high performant load 2018-06-21 11:23:58 -04:00
Justin Bertram 57ed5b0530 ARTEMIS-1926 refactor SSLSupport 2018-06-18 16:15:13 -04:00
Justin Bertram 3b6c010739 ARTEMIS-1931 Add camel example 2018-06-18 15:46:35 -04:00
Justin Bertram 2b5d8f3b80 ARTEMIS-1912 big doc refactor
- Split protocols into individual chapters
- Reorganize summary to flow more logically
- Fill in missing parameters in configuration index
- Normalize spaces for ordered and unordered lists
- Re-wrap lots of text for readability
- Fix incorrect XML snippets
- Normalize table formatting
- Improve internal links with anchors
- Update content to reflect new address model
- Resized architecture images to avoid excessive white-space
- Update some JavaDoc
- Update some schema elements
- Disambiguate AIO & ASYNCIO where necessary
- Use URIs instead of Objects in code examples
2018-06-07 11:26:36 -04:00
Clebert Suconic b6fba64d9e ARTEMIS-1913 Dependency to netty tcpnative should be optional 2018-06-06 16:13:31 -04:00
Justin Bertram b97bf8fac4 ARTEMIS-1872 fix examples broken after authn change 2018-05-24 15:18:42 -05:00
Howard Gao 7c53855c11 ARTEMIS-1853 Adding Netty OpenSSL provider example
Added an example to demonstrate how to configure and use openssl
Moved/Added netty-tcnative dependency to artemis-distribution
Changed artemis-jms-client-all pom to exclude io.netty from relocation
so that the native openssl can be loaded
2018-05-23 15:47:10 -04:00
Clebert Suconic af56b67e38 [maven-release-plugin] prepare for next development iteration 2018-05-16 11:03:26 -04:00
Clebert Suconic bcaa11c2ee [maven-release-plugin] prepare release 2.6.0 2018-05-16 11:03:14 -04:00
Robbie Gemmell f0bac1bf18 ARTEMIS-1862: fix 'amqpLowCredits' XML config, update related code defaults 2018-05-11 21:07:02 +01:00
Jiri Danek 67ee34d4d9 ARTEMIS-1449 Remove deprecated -XX:+UseFastAccessorMethods JVM option
This option was removed in JRE 10 and its presence causes error on startup.

Artemis still does not compile on JDK 9 and up, so what I tried was
to compile on JDK 1.8 and then start Artemis on 1.8 and 10.
That now works for me.
2018-05-01 13:58:29 -04:00
Pat Fox 6df09d6e12 ARTEMIS-1815 adding exclusive-queue example 2018-04-17 16:58:30 -04:00
Clebert Suconic 186bc4464c NO-JIRA fixing checkstyle on virtual topic mapping example 2018-04-17 15:10:15 -04:00
Pat Fox 2f0149c759 ARTEMIS-1809 adding example of mapping ActiveMQ 5.x Virtual Topic consumers 2018-04-17 10:30:26 +08:00
Clebert Suconic 32090121d2 Revert "NO-JIRA fixing variable on a few examples"
This reverts commit eb3cc5cb67.

Reverting PR #1983
2018-04-03 20:33:12 -04:00
Ingemar Allqvist eb3cc5cb67 NO-JIRA fixing variable on a few examples 2018-04-02 18:49:55 -04:00
Clebert Suconic 4f1c94898f NO-JIRA Fixing examples 2018-03-14 23:34:28 -04:00
Clebert Suconic a00245dd06 NO-JIRA Fixing CDI example 2018-03-14 14:18:36 -04:00
Clebert Suconic 920af19adb [maven-release-plugin] prepare for next development iteration 2018-03-12 12:46:27 -04:00
Clebert Suconic 5f5b1dcf8f [maven-release-plugin] prepare release 2.5.0 2018-03-12 12:46:16 -04:00
Clebert Suconic 5ab187b7fe ARTEMIS-1562 Fixing typos on examples 2018-03-09 18:10:01 -05:00
Dmitry Volodin 43759790ae ARTEMIS-1723 Migrate AMQP C# examples to the common .NET version 2018-03-06 12:12:11 -06:00
Justin Bertram e9991838c8 NO-JIRA Adjust slow consumer example timing 2018-03-06 12:39:43 -05:00
Justin Bertram afd7d8b30f NO-JIRA fix-up examples 2018-03-01 14:58:56 -06:00
Justin Bertram 53bfb47b34 NO-JIRA fix JMX examples 2018-02-26 19:12:14 +00:00
Clebert Suconic d6d895c558 ARTEMIS-1562 fixing typo on example 2018-02-22 20:54:03 -05:00
Stanislav Knot 6520c5a644 NO-JIRA typo in jmx-ssl example pom file 2018-02-22 15:21:30 -06:00
Justin Bertram 67b8359a78 NO-JIRA build fixes 2018-02-21 11:06:25 -06:00
Justin Bertram 9ebe2e2220 ARTEMIS-1678 inherit maven-compiler-plugin version 2018-02-20 11:25:47 -05:00
Justin Bertram 04298136b7 ARTEMIS-609 fix interceptor XML docs 2018-01-22 17:44:50 -05:00
Clebert Suconic 61a1123ee1 ARTEMIS-1613 Integrating JDBC into CLI (create print-data and exp) 2018-01-18 20:55:00 -06:00
Jiri Danek 472e429540 NO-JIRA fix warnings from w3c/link-checker in docs
also update URLs and `s/http/https` in docs wherever possible
2018-01-10 13:07:40 +01:00
raul.valdoleiros 8c0e1e96ed ARTEMIS-1548 Support CRL
Add support for CRL in client authentication
2018-01-04 12:56:25 -06:00
Clebert Suconic 24876d3fd1 NO-JIRA fixing checkstyle on example 2017-12-20 20:48:23 -05:00
Michael André Pearce 3ef98044f8 ARTEMIS-1516 - Ensure JNDI via Tomcat Resource works
Apply fix so that when using JNDI via tomcat resource it works. 
Replace original extract of JNDIStorable taken from Qpid, and use ActiveMQ5's as fits better to address this issue. (which primary use case is users migrating from 5.x)
Refactored ActiveMQConnectionFactory to externalise and turn into reference by StringRefAddr's instead of custom RefAddr which isnt standard.
Refactored ActiveMQDestinations similar
Refactored ActiveMQDestination to remove redundent and duplicated name field and ensured getters still behave the same
2017-12-19 09:20:35 -05:00