Commit Graph

508 Commits

Author SHA1 Message Date
Andy Taylor 658d45f543 ARTEMIS-3202 - add a flag to deleted diverts removed from config
https://issues.apache.org/jira/browse/ARTEMIS-3202
2021-03-24 19:24:16 -04:00
Justin Bertram 186481bbe8 ARTEMIS-3155 differentiate SSL store type and provider
The provider of an SSL key/trust store is different from that store's
type. However, the broker currently doesn't differentiate these and uses
the provider for both. Changing this *may* potentially break existing
users who are setting the provider, but I don't see any way to avoid
that. This is a bug that needs to be fixed in order to support use-cases
like PKCS#11.

Change summary:
 - Added documentation.
 - Consolidated several 2-way SSL tests classes into a single
   parameterized test class. All these classes were essentially the same
   except for a few key test parameters. Consolidating them avoided
   having to update the same code in multiple places.
 - Expanded tests to include different providers & types.
 - Regenerated all SSL artifacts to allow tests to pass with new
   constraints.
 - Improved logging for when SSL handler initialization fails.
2021-03-24 09:08:33 -04:00
gtully d71d54b38a ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole 2021-03-23 09:51:50 +00:00
gtully 06461f146c ARTEMIS-3168 - add PrincipalConversionLoginModule feature 2021-03-23 09:51:50 +00:00
gtully 8fd1b33d16 ARTEMIS-3197 - add selectorAware option to virtualTopicConsumerWildcards for openwire acceptor 2021-03-22 19:15:02 -04:00
AntonRoskvist e9e1e476ee ARTEMIS-3198 Add concurrency option on core bridges 2021-03-22 19:13:06 -04:00
Justin Bertram fea5e246e7 ARTEMIS-3166 support disabling configuration file reload 2021-03-17 09:52:13 -05:00
Justin Bertram eb26f67ab6 ARTEMIS-3137 support XPath filters
Change summary:
 - Remove the existing Xalan-based XPath evaluator since Xalan appears
   to be no longer maintained.
 - Implement a JAXP XPath evaluator (from the ActiveMQ 5.x code-base).
 - Pull in the changes from https://issues.apache.org/jira/browse/AMQ-5333
   to enable configurable XML parser features.
 - Add a method to the base Message interface to make it easier to get
   the message body as a string. This relieves the filter from having
   to deal with message implementation details.
 - Update the Qpid JMS client to get the jms.validateSelector parameter.
2021-03-10 09:32:23 -05:00
gtully 20007ad485 ARTEMIS-3141 - respect the browse page limit on all queue controll/jmx operations that use a queue browser 2021-03-10 08:51:06 -05:00
Erwin Dondorp 8f7970cd59 NO-JIRA clarify REST doc to use ttl parameter 2021-03-09 10:39:14 -06:00
sebthom 026f3859a2 ARTEMIS-3117 Provide CachingOpenSSLContextFactory
to mitigate performance degradation in JDK 11 during TLS connection
initialization.
2021-03-03 10:06:45 -06:00
Jan Šmucr 5dc038b537 NO-JIRA Add a note about the `jms-client-id` session metadata to the docs 2021-02-11 10:43:27 -05:00
Erwin Dondorp 2aedde1c80 NO_JIRA mention that a multiple values are allowed for anycastPrefix/multicastPrefix 2021-02-11 10:35:41 -05:00
Justin Bertram f0cb730672 NO-JIRA clarify clustered grouping docs 2021-02-10 13:44:25 -06:00
Clebert Suconic c81ba279e1 NO-JIRA update versions.md 2021-02-08 12:18:26 -05:00
Justin Bertram 0b62fdcf3d NO-JIRA update versions.md before release 2021-02-08 10:52:33 -06:00
Justin Bertram 86cb888b62 NO-JIRA remove failover-on-server-shutdown from bridge doc 2021-02-08 11:18:23 -05:00
Ryan Yeats 86a2cad12a ARTEMIS-1884 add plugin API for message level authorization policies 2021-01-25 13:44:36 -06:00
Justin Bertram 4fbc8bf67d ARTEMIS-3008 mngmnt op to reload config file 2021-01-25 13:35:19 -06:00
Domenico Francesco Bruscino 7cb95352bd NO-JIRA Add JDBC connection pooling doc 2021-01-25 13:33:13 -06:00
Justin Bertram 8b093ec428 NO-JIRA minor logging doc updates 2021-01-20 12:19:58 -06:00
Andy Taylor 6b6d993a1d NO-JIRA updating the console docs 2021-01-19 09:13:46 +00:00
Urs Roesch 57e6d2757a NO-JIRA: Correct misspellings in documentation 2020-12-07 14:54:16 -05:00
Domenico Francesco Bruscino 03a64f6b50 NO-JIRA Add proxy forwarding doc 2020-12-07 11:33:06 -05:00
Gary Tully 4843a09afe
no jira - indicate what journal-compact-percentage is a percentage of 2020-12-03 12:44:31 +00:00
Justin Bertram c64d4d62e3 ARTEMIS-3010 doc updates 2020-11-27 11:04:08 +00:00
Justin Bertram 05b9c3cb6d NO-JIRA formatting error in versions.md 2020-11-17 15:19:09 -06:00
Justin Bertram 4cacd93fff NO-JIRA update version docs 2020-11-17 12:36:19 -06:00
Urs Roesch f491651fdb NO-JIRA: remove duplicate consecutive words
Removes duplicate consecutives words from markdown
documentation files.
2020-11-16 15:19:29 -06:00
Howard Gao 3ab5dcfc28 NO JIRA - fixing doc typo 2020-11-05 10:28:41 -05:00
Shrikant Chavan 6772314488 ARTEMIS-1730 Adding Restart Sequence of brokers on doc 2020-10-30 08:57:25 -04:00
Clebert Suconic dc7eb5c23d ARTEMIS-2937 Broker connection improvements
- Adding a paragraph about addressing and distinct queue names
- Renaming match on peers, senders and receivers as "address-match"
- Changing qpid dispatch test to use a single listener
- Fixing reconnect attemps message
2020-10-29 15:01:51 -04:00
Robbie Gemmell ef5d257f3f ARTEMIS-2937: improve the docs, particularly around use of 'peer' config to waypoint for Dispatch 2020-10-29 13:02:23 +00:00
Clebert Suconic bf52134dc0 ARTEMIS-2937 Fixing Tests and some review 2020-10-28 15:08:48 -04:00
Clebert Suconic 12280cdaaa ARTEMIS-2937 DOCS & Examples on AMQP Broker Connection 2020-10-28 11:37:25 -04:00
Justin Bertram 75e12b5e1d ARTEMIS-2947 Implement SecurityManager that supports replication 2020-10-19 10:07:57 -04:00
gtully 583bd3602a ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - revert new page-store-name addressSetting, when the page store respects the target address and the size is tallied on the target address store, it is no longer neecessary 2020-10-19 14:04:35 +01:00
Justin Bertram a8d718166d NO-JIRA higher quality logos 2020-09-29 12:19:39 -05:00
Justin Bertram 7ed83a78a0 NO-JIRA update doc logos 2020-09-29 11:34:07 -05:00
Justin Bertram 0f60b5a8e4 ARTEMIS-2906 add lastAckTimestamp to message counter 2020-09-24 12:51:00 -04:00
gtully fa04881c6f ARTEMIS-2888 ARTEMIS-2859 ARTEMIS-2768 - new page-store-name addressSetting to allow wildcard subscriptions share a single page store 2020-09-24 09:39:31 +01:00
Justin Bertram beaacbfa8d ARTEMIS-2904 prevent acceptor from automatically starting 2020-09-23 20:19:16 -04:00
Justin Bertram 9a90248f49 ARTEMIS-2889 better support for JMS topics with legacy LDAP plugin 2020-09-16 10:14:57 -04:00
Justin Bertram e47eb5ae20 ARTEMIS-589 flow control for individual STOMP subscribers 2020-09-16 10:13:47 -04:00
Domenico Francesco Bruscino f467bc0d55 NO-JIRA Fix PDF header and table of content
Override the default theme page.html of gitbook to fix the issue at
https://github.com/GitbookIO/theme-default/pull/80
2020-09-16 10:11:56 -04:00
Justin Bertram 6be8966164 ARTEMIS-2901 support namespace for temporary queues 2020-09-16 10:10:28 -04:00
Urs Roesch 7cf787af55 NO-JIRA: web-server.md documentation typos
Fixing case for `trustStorePath`, `trustStorePassword`, `keyStorePath`
and `keyStorePassword` to prevent org.xml.sax.SAXParseException.
2020-09-16 10:09:38 -04:00
gtully ec1c5a96c7 ARTEMIS-2895 - ensure propagated credentials are visible for bind and removed for subsequent mapping operations 2020-09-07 16:32:57 +01:00
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
Justin Bertram d86067a65b ARTEMIS-2872 support FQQN syntax for security-settings 2020-08-22 18:24:40 -05:00