Mirror of Apache ActiveMQ Artemis
Go to file
Justin Bertram 90853409a0 ARTEMIS-2886 optimize security auth
Both authentication and authorization will hit the underlying security
repository (e.g. files, LDAP, etc.). For example, creating a JMS
connection and a consumer will result in 2 hits with the *same*
authentication request. This can cause unwanted (and unnecessary)
resource utilization, especially in the case of networked configuration
like LDAP.

There is already a rudimentary cache for authorization, but it is
cleared *totally* every 10 seconds by default (controlled via the
security-invalidation-interval setting), and it must be populated
initially which still results in duplicate auth requests.

This commit optimizes authentication and authorization via the following
changes:

 - Replace our home-grown cache with Google Guava's cache. This provides
simple caching with both time-based and size-based LRU eviction. See more
at https://github.com/google/guava/wiki/CachesExplained. I also thought
about using Caffeine, but we already have a dependency on Guava and the
cache implementions look to be negligibly different for this use-case.
 - Add caching for authentication. Both successful and unsuccessful
authentication attempts will be cached to spare the underlying security
repository as much as possible. Authenticated Subjects will be cached
and re-used whenever possible.
 - Authorization will used Subjects cached during authentication. If the
required Subject is not in the cache it will be fetched from the
underlying security repo.
 - Caching can be disabled by setting the security-invalidation-interval
to 0.
 - Cache sizes are configurable.
 - Management operations exist to inspect cache sizes at runtime.
2020-08-26 13:36:24 -05:00
.github/workflows NO-JIRA: add a basic GitHub Actions build similar to the Travis job 2020-06-17 15:31:19 -04:00
.mvn/wrapper ARTEMIS-613 Artemis build enhancements 2016-07-05 15:13:35 -04:00
.settings ACTIVEMQ6-1 - Initial HornetQ Donation Commit 2014-11-10 10:31:25 -06:00
artemis-boot [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-cdi-client [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-cli ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
artemis-commons ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
artemis-core-client ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
artemis-core-client-all [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-core-client-osgi [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-distribution [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-docker ARTEMIS-2776 Improve Dockerfiles 2020-05-26 20:32:33 -04:00
artemis-dto [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-features ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
artemis-hawtio [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-jdbc-store [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-jms-client [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-jms-client-all [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-jms-client-osgi [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-jms-server [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-journal [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-junit [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-maven-plugin [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-protocols [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-ra [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-rest [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-selector [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-server ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
artemis-server-osgi [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-service-extensions [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-tools [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-web [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
artemis-website [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
docs ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
etc ARTEMIS-2109: Updating the build to be able to execute it on Java 11 and Java 8. 2020-06-11 18:50:01 +01:00
examples ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
integration/activemq-spring-integration [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00
scripts NO-JIRA update docs for gitbox 2019-01-31 09:42:12 -06:00
tests ARTEMIS-2886 optimize security auth 2020-08-26 13:36:24 -05:00
.RELEASING.md.swo NO-JIRA fixing javadoc on SharedStorageStaticCluster.java 2020-07-09 12:00:50 -04:00
.asf.yaml NO-JIRA restore Jira/GitHub integration, etc. 2020-08-06 14:45:01 -05:00
.gitignore ARTEMIS-2790 Fix no examples documentation in the bin archive 2020-06-04 10:15:10 -04:00
.project More name changes to activemq 2014-11-19 16:01:54 -05:00
.travis.yml ARTEMIS-2109: fix ErrorProne compiler config to work on JDK8, and move into a specific profile. 2020-06-16 16:07:48 +01:00
LICENSE ARTEMIS-565 Replace json.org with javax.json 2016-07-25 21:44:57 -04:00
NOTICE NO-JIRA Happy new year! 2020-01-08 20:44:05 -05:00
README.md Adds the Travis CI build status label on the README 2018-04-19 16:45:58 +02:00
RELEASING.md refer to infra signing for key generation details 2020-08-24 11:41:01 +01:00
artemis_doap.rdf Update vendor to ASF 2015-05-30 08:37:28 +02:00
mvnw ARTEMIS-613 Artemis build enhancements 2016-07-05 15:13:35 -04:00
mvnw.cmd ARTEMIS-613 Artemis build enhancements 2016-07-05 15:13:35 -04:00
pom.xml [maven-release-plugin] prepare for next development iteration 2020-08-24 16:03:24 +02:00

README.md

ActiveMQ Artemis

This file describes some minimum 'stuff one needs to know' to get started coding in this project.

Source

For details about the modifying the code, building the project, running tests, IDE integration, etc. see our Hacking Guide.

Build Status

Build Status: Build Status

Building the ASYNC IO library

ActiveMQ Artemis provides two journal persistence types, NIO (which uses the Java NIO libraries), and ASYNCIO which interacts with the linux kernel libaio library. The ASYNCIO journal type should be used where possible as it is far superior in terms of performance.

ActiveMQ Artemis does not ship with the Artemis Native ASYNCIO library in the source distribution. These need to be built prior to running "mvn install", to ensure that the ASYNCIO journal type is available in the resulting build. Don't worry if you don't want to use ASYNCIO or your system does not support libaio, ActiveMQ Artemis will check at runtime to see if the required libraries and system dependencies are available, if not it will default to using NIO.

To build the ActiveMQ Artemis ASYNCIO native libraries, please follow the instructions in the artemis-native/README.

Documentation

Our documentation is always in sync with our releases at the Apache ActiveMQ Artemis website.

Or you can also look at the current master version on github.

Examples

To run an example firstly make sure you have run

$ mvn -Prelease install

If the project version has already been released then this is unnecessary.

Each individual example can be run using this command from its corresponding directory:

$ mvn verify

If you wish to run groups of examples then use this command from a parent directory (e.g. examples/features/standard):

$ mvn -Pexamples verify

Recreating the examples

If you are trying to copy the examples somewhere else and modifying them. Consider asking Maven to explicitly list all the dependencies:

# if trying to modify the 'topic' example:
cd examples/jms/topic && mvn dependency:list

Open Web Application Security Project (OWASP) Report

If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile

$ mvn -Powasp verify

The output will be under ./target/dependency-check-report.html for each sub-module.