mirror of
https://github.com/apache/activemq-artemis.git
synced 2025-02-07 10:38:44 +00:00
90853409a0
Both authentication and authorization will hit the underlying security repository (e.g. files, LDAP, etc.). For example, creating a JMS connection and a consumer will result in 2 hits with the *same* authentication request. This can cause unwanted (and unnecessary) resource utilization, especially in the case of networked configuration like LDAP. There is already a rudimentary cache for authorization, but it is cleared *totally* every 10 seconds by default (controlled via the security-invalidation-interval setting), and it must be populated initially which still results in duplicate auth requests. This commit optimizes authentication and authorization via the following changes: - Replace our home-grown cache with Google Guava's cache. This provides simple caching with both time-based and size-based LRU eviction. See more at https://github.com/google/guava/wiki/CachesExplained. I also thought about using Caffeine, but we already have a dependency on Guava and the cache implementions look to be negligibly different for this use-case. - Add caching for authentication. Both successful and unsuccessful authentication attempts will be cached to spare the underlying security repository as much as possible. Authenticated Subjects will be cached and re-used whenever possible. - Authorization will used Subjects cached during authentication. If the required Subject is not in the cache it will be fetched from the underlying security repo. - Caching can be disabled by setting the security-invalidation-interval to 0. - Cache sizes are configurable. - Management operations exist to inspect cache sizes at runtime.
268 lines
9.2 KiB
XML
268 lines
9.2 KiB
XML
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
|
|
<parent>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-pom</artifactId>
|
|
<version>2.16.0-SNAPSHOT</version>
|
|
</parent>
|
|
|
|
<artifactId>artemis-server</artifactId>
|
|
<packaging>jar</packaging>
|
|
<name>ActiveMQ Artemis Server</name>
|
|
|
|
<properties>
|
|
<activemq.basedir>${project.basedir}/..</activemq.basedir>
|
|
</properties>
|
|
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.jboss.logging</groupId>
|
|
<artifactId>jboss-logging-processor</artifactId>
|
|
<scope>provided</scope>
|
|
<optional>true</optional>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jboss.logging</groupId>
|
|
<artifactId>jboss-logging-annotations</artifactId>
|
|
<scope>provided</scope>
|
|
<optional>true</optional>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.errorprone</groupId>
|
|
<artifactId>error_prone_core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.guava</groupId>
|
|
<artifactId>guava</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jboss.logging</groupId>
|
|
<artifactId>jboss-logging</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jboss.logmanager</groupId>
|
|
<artifactId>jboss-logmanager</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-commons</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-selector</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-journal</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-jdbc-store</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-core-client</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>activemq-artemis-native</artifactId>
|
|
<version>${activemq-artemis-native-version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-core-client</artifactId>
|
|
<type>test-jar</type>
|
|
<version>${project.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jctools</groupId>
|
|
<artifactId>jctools-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-buffer</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-transport</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-codec-http</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-common</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-handler</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-transport-native-epoll</artifactId>
|
|
<classifier>${netty-transport-native-epoll-classifier}</classifier>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-transport-native-kqueue</artifactId>
|
|
<classifier>${netty-transport-native-kqueue-classifier}</classifier>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.netty</groupId>
|
|
<artifactId>netty-codec</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-beanutils</groupId>
|
|
<artifactId>commons-beanutils</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-configuration2</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.micrometer</groupId>
|
|
<artifactId>micrometer-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-io</groupId>
|
|
<artifactId>commons-io</artifactId>
|
|
<version>2.6</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.geronimo.specs</groupId>
|
|
<artifactId>geronimo-json_1.0_spec</artifactId>
|
|
<version>1.0-alpha-1</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.directory.server</groupId>
|
|
<artifactId>apacheds-test-framework</artifactId>
|
|
<version>${directory-version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>xml-apis</groupId>
|
|
<artifactId>xml-apis</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.directory.server</groupId>
|
|
<artifactId>apacheds-server-annotations</artifactId>
|
|
<version>${directory-version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.directory.server</groupId>
|
|
<artifactId>apacheds-core-annotations</artifactId>
|
|
<version>${directory-version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.directory.jdbm</groupId>
|
|
<artifactId>apacheds-jdbm2</artifactId>
|
|
<version>${directory-jdbm2-version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.activemq</groupId>
|
|
<artifactId>artemis-commons</artifactId>
|
|
<version>${project.version}</version>
|
|
<scope>test</scope>
|
|
<type>test-jar</type>
|
|
</dependency>
|
|
<!-- db test -->
|
|
<dependency>
|
|
<groupId>org.apache.derby</groupId>
|
|
<artifactId>derby</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-core</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hamcrest</groupId>
|
|
<artifactId>hamcrest</artifactId>
|
|
<version>${hamcrest.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<profiles>
|
|
<profile>
|
|
<id>release</id>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-javadoc-plugin</artifactId>
|
|
<configuration>
|
|
<useStandardDocletOptions>true</useStandardDocletOptions>
|
|
<minmemory>128m</minmemory>
|
|
<maxmemory>512m</maxmemory>
|
|
<quiet>false</quiet>
|
|
<aggregate>true</aggregate>
|
|
<excludePackageNames>org.apache.activemq.artemis.core:org.apache.activemq.artemis.utils
|
|
</excludePackageNames>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<id>javadocs</id>
|
|
<goals>
|
|
<goal>jar</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</profile>
|
|
</profiles>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-jar-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<phase>test</phase>
|
|
<goals>
|
|
<goal>test-jar</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</project>
|