[jira] [Commented] (QPIDJMS-441) Using QPID JMS behind a proxy
[ https://issues.apache.org/jira/browse/QPIDJMS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940680#comment-16940680 ] Stephan Siano commented on QPIDJMS-441: --- I have had a look into this: The implementation does not look too difficult to me, most effort is likely writing the tests. My idea would be to add a PROXY_HANDLER to the JmsConnectionExtensions enum, a setter for a ProxyHandler to the JmsConnectionFactory class, and another attribute (with getter and setter) to the TransportOptions (similar to the SSLContext). In the AMQPProvider class you could set the transport option if the JMS connection extension is set on the connectionInfo, and in the NettyTcpTransport one could finally set this proxy handler to the pipeline of the channel. Before I implement this for serious and invest time in testing this: Would you be interested in a contribution for this feature? How do you think should the tests for this look like, in particular, which additional test dependencies could I include in order to set up a test proxy? > Using QPID JMS behind a proxy > - > > Key: QPIDJMS-441 > URL: https://issues.apache.org/jira/browse/QPIDJMS-441 > Project: Qpid JMS > Issue Type: Wish > Components: qpid-jms-client >Affects Versions: 0.40.0 >Reporter: morten >Priority: Blocker > > I actually did not find a possibility to use the jms qpid client behind a > proxy. I guess there will be a lot of people who needs to run the library > behind a proxy. It would be nice to have the possibility to set a proxy > somehow. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2105) Support Go modules
[
https://issues.apache.org/jira/browse/PROTON-2105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940601#comment-16940601
]
Roddie Kieley commented on PROTON-2105:
---
[~lulf] Took a look. Imported your branch via
{noformat}
module modProject0
require github.com/lulf/qpid-proton PROTON-2105
go 1.13
{noformat}
which go changed to
{noformat}
module modProject0
require github.com/lulf/qpid-proton v0.0.0-20190921201711-83131bc3495d //
indirect
go 1.13
{noformat}
No problem's for 'go get' to get it however atm there's a 'next step' that's
not in place:
{noformat}
i7mbp:modProject0 rkieley$ go mod why
go: finding qpid.apache.org latest
modProject0/pkg imports
qpid.apache.org/amqp: module qpid.apache.org@latest
(v0.0.0-20190926195055-822413ea1ac9) found, but does not contain package
qpid.apache.org/amqp
modProject0/pkg imports
qpid.apache.org/electron: module qpid.apache.org@latest
(v0.0.0-20190926195055-822413ea1ac9) found, but does not contain package
qpid.apache.org/electron
i7mbp:modProject0 rkieley$ go mod graph
modProject0 github.com/lulf/qpid-proton@v0.0.0-20190921201711-83131bc3495d
i7mbp:modProject0 rkieley$
{noformat}
> Support Go modules
> --
>
> Key: PROTON-2105
> URL: https://issues.apache.org/jira/browse/PROTON-2105
> Project: Qpid Proton
> Issue Type: Bug
> Components: go-binding
>Reporter: Ulf Lilleengen
>Assignee: Roddie Kieley
>Priority: Major
>
> As of Go 1.12, go module support is available. In order to manage
> dependencies using go modules, dependencies must also be using go modules.
> Therefore, adding a go.mod file to each module would allow qpid proton go
> bindings to be managed as a go module.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8365) [Broker-J] Upgrade jackson dependencies to version 2.9.10
[ https://issues.apache.org/jira/browse/QPID-8365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940564#comment-16940564 ] ASF subversion and git services commented on QPID-8365: --- Commit 8fc4df81cd50a86f8bffaf4230689d0c2a34bc75 in qpid-broker-j's branch refs/heads/7.1.x from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=8fc4df8 ] QPID-8365: [Broker-J] Upgrade jackson dependencies to version 2.9.10 (cherry picked from commit ccbd1964ab3b57916f5377a467b737e5d53afe7e) > [Broker-J] Upgrade jackson dependencies to version 2.9.10 > - > > Key: QPID-8365 > URL: https://issues.apache.org/jira/browse/QPID-8365 > Project: Qpid > Issue Type: Task > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Upgrade jackson dependencies to version 2.9.10 -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8365) [Broker-J] Upgrade jackson dependencies to version 2.9.10
[ https://issues.apache.org/jira/browse/QPID-8365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940563#comment-16940563 ] ASF subversion and git services commented on QPID-8365: --- Commit ccbd1964ab3b57916f5377a467b737e5d53afe7e in qpid-broker-j's branch refs/heads/master from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=ccbd196 ] QPID-8365: [Broker-J] Upgrade jackson dependencies to version 2.9.10 > [Broker-J] Upgrade jackson dependencies to version 2.9.10 > - > > Key: QPID-8365 > URL: https://issues.apache.org/jira/browse/QPID-8365 > Project: Qpid > Issue Type: Task > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Upgrade jackson dependencies to version 2.9.10 -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8365) [Broker-J] Upgrade jackson dependencies to version 2.9.10
[ https://issues.apache.org/jira/browse/QPID-8365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy reassigned QPID-8365: Assignee: Alex Rudyy > [Broker-J] Upgrade jackson dependencies to version 2.9.10 > - > > Key: QPID-8365 > URL: https://issues.apache.org/jira/browse/QPID-8365 > Project: Qpid > Issue Type: Task > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Upgrade jackson dependencies to version 2.9.10 -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8306) [Broker-J] Add ability to update TLS transport on AMQP port after changing keystore, trustores or other TLS related attributes
[ https://issues.apache.org/jira/browse/QPID-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940559#comment-16940559 ] ASF subversion and git services commented on QPID-8306: --- Commit 46c90b50f50adea6d5d037e5cb9e8b16832cf5e6 in qpid-broker-j's branch refs/heads/7.1.x from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=46c90b5 ] QPID-8306: [Broker-J] Add operation to update port TLS support This closes #31 (cherry picked from commit ce1cb00c795a70ed33f8717250f0ab61838d23f5) > [Broker-J] Add ability to update TLS transport on AMQP port after changing > keystore, trustores or other TLS related attributes > -- > > Key: QPID-8306 > URL: https://issues.apache.org/jira/browse/QPID-8306 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Broker restart is required after changes to AMQP port TLS attributes, > keystore and trust stores. It should be possible to update TLS transport > without affecting existing AMQP connections. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8306) [Broker-J] Add ability to update TLS transport on AMQP port after changing keystore, trustores or other TLS related attributes
[ https://issues.apache.org/jira/browse/QPID-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940560#comment-16940560 ] ASF subversion and git services commented on QPID-8306: --- Commit 3b029a565ce4b616701dc058c58d1ae6117df9af in qpid-broker-j's branch refs/heads/7.1.x from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=3b029a5 ] QPID-8306: Add missing header (cherry picked from commit 4289e149821f0040f4f3465647b18318ea265994) > [Broker-J] Add ability to update TLS transport on AMQP port after changing > keystore, trustores or other TLS related attributes > -- > > Key: QPID-8306 > URL: https://issues.apache.org/jira/browse/QPID-8306 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Broker restart is required after changes to AMQP port TLS attributes, > keystore and trust stores. It should be possible to update TLS transport > without affecting existing AMQP connections. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Created] (QPID-8365) [Broker-J] Upgrade jackson dependencies to version 2.9.10
Alex Rudyy created QPID-8365: Summary: [Broker-J] Upgrade jackson dependencies to version 2.9.10 Key: QPID-8365 URL: https://issues.apache.org/jira/browse/QPID-8365 Project: Qpid Issue Type: Task Components: Broker-J Reporter: Alex Rudyy Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 Upgrade jackson dependencies to version 2.9.10 -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8306) [Broker-J] Add ability to update TLS transport on AMQP port after changing keystore, trustores or other TLS related attributes
[ https://issues.apache.org/jira/browse/QPID-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8306: - Status: Reviewable (was: In Progress) > [Broker-J] Add ability to update TLS transport on AMQP port after changing > keystore, trustores or other TLS related attributes > -- > > Key: QPID-8306 > URL: https://issues.apache.org/jira/browse/QPID-8306 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Broker restart is required after changes to AMQP port TLS attributes, > keystore and trust stores. It should be possible to update TLS transport > without affecting existing AMQP connections. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8360:
-
Status: Reviewable (was: In Progress)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8126) [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is specified but search password is not set
[
https://issues.apache.org/jira/browse/QPID-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy reassigned QPID-8126:
Assignee: Alex Rudyy
> [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is
> specified but search password is not set
> -
>
> Key: QPID-8126
> URL: https://issues.apache.org/jira/browse/QPID-8126
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Trivial
> Fix For: qpid-java-broker-7.1.5
>
>
> Creation of authentication provider with search username and missing search
> password ends up in NPE reported into broker logs like the one below:
> {noformat}
> java.lang.NullPointerException: null
> at java.util.Hashtable.put(Hashtable.java:460)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.setupSearchContext(SimpleLDAPAuthenticationManagerImpl.java:602)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:577)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateOnCreate(SimpleLDAPAuthenticationManagerImpl.java:159)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:879)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:866)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:165)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:153)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:629)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.createAsync(AbstractConfiguredObject.java:865)
> at
> org.apache.qpid.server.model.AbstractConfiguredObjectTypeFactory.createAsync(AbstractConfiguredObjectTypeFactory.java:75)
> at
> org.apache.qpid.server.model.ConfiguredObjectFactoryImpl.createAsync(ConfiguredObjectFactoryImpl.java:145)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.addChildAsync(AbstractConfiguredObject.java:2111)
> at
> org.apache.qpid.server.model.BrokerImpl.addChildAsync(BrokerImpl.java:697)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2068)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2063)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:320)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:313)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:111)
> at
> com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:58)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:75)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Though, it is unlikely that any LDAP server would be configured to allow
> specification of search username without a password, t
[jira] [Closed] (QPID-8126) [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is specified but search password is not set
[
https://issues.apache.org/jira/browse/QPID-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy closed QPID-8126.
Resolution: Fixed
> [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is
> specified but search password is not set
> -
>
> Key: QPID-8126
> URL: https://issues.apache.org/jira/browse/QPID-8126
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Trivial
> Fix For: qpid-java-broker-7.1.5
>
>
> Creation of authentication provider with search username and missing search
> password ends up in NPE reported into broker logs like the one below:
> {noformat}
> java.lang.NullPointerException: null
> at java.util.Hashtable.put(Hashtable.java:460)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.setupSearchContext(SimpleLDAPAuthenticationManagerImpl.java:602)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:577)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateOnCreate(SimpleLDAPAuthenticationManagerImpl.java:159)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:879)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:866)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:165)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:153)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:629)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.createAsync(AbstractConfiguredObject.java:865)
> at
> org.apache.qpid.server.model.AbstractConfiguredObjectTypeFactory.createAsync(AbstractConfiguredObjectTypeFactory.java:75)
> at
> org.apache.qpid.server.model.ConfiguredObjectFactoryImpl.createAsync(ConfiguredObjectFactoryImpl.java:145)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.addChildAsync(AbstractConfiguredObject.java:2111)
> at
> org.apache.qpid.server.model.BrokerImpl.addChildAsync(BrokerImpl.java:697)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2068)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2063)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:320)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:313)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:111)
> at
> com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:58)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:75)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Though, it is unlikely that any LDAP server would be configured to allow
> specification of search username without a password, the creation
[jira] [Commented] (QPID-8126) [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is specified but search password is not set
[
https://issues.apache.org/jira/browse/QPID-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940557#comment-16940557
]
Alex Rudyy commented on QPID-8126:
--
Fixed as part of QPID-8363
> [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is
> specified but search password is not set
> -
>
> Key: QPID-8126
> URL: https://issues.apache.org/jira/browse/QPID-8126
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Priority: Trivial
> Fix For: qpid-java-broker-7.1.5
>
>
> Creation of authentication provider with search username and missing search
> password ends up in NPE reported into broker logs like the one below:
> {noformat}
> java.lang.NullPointerException: null
> at java.util.Hashtable.put(Hashtable.java:460)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.setupSearchContext(SimpleLDAPAuthenticationManagerImpl.java:602)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:577)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateOnCreate(SimpleLDAPAuthenticationManagerImpl.java:159)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:879)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:866)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:165)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:153)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:629)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.createAsync(AbstractConfiguredObject.java:865)
> at
> org.apache.qpid.server.model.AbstractConfiguredObjectTypeFactory.createAsync(AbstractConfiguredObjectTypeFactory.java:75)
> at
> org.apache.qpid.server.model.ConfiguredObjectFactoryImpl.createAsync(ConfiguredObjectFactoryImpl.java:145)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.addChildAsync(AbstractConfiguredObject.java:2111)
> at
> org.apache.qpid.server.model.BrokerImpl.addChildAsync(BrokerImpl.java:697)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2068)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2063)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:320)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:313)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:111)
> at
> com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:58)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:75)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Though, it is unlikely that any LDAP server would be configured to allow
> specification of search username wi
[jira] [Updated] (QPID-8126) [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is specified but search password is not set
[
https://issues.apache.org/jira/browse/QPID-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8126:
-
Fix Version/s: qpid-java-broker-7.1.5
> [Broker-J][SimpleLDAP] NPE is reported into broker logs when serach user is
> specified but search password is not set
> -
>
> Key: QPID-8126
> URL: https://issues.apache.org/jira/browse/QPID-8126
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Priority: Trivial
> Fix For: qpid-java-broker-7.1.5
>
>
> Creation of authentication provider with search username and missing search
> password ends up in NPE reported into broker logs like the one below:
> {noformat}
> java.lang.NullPointerException: null
> at java.util.Hashtable.put(Hashtable.java:460)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.setupSearchContext(SimpleLDAPAuthenticationManagerImpl.java:602)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:577)
> at
> org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.validateOnCreate(SimpleLDAPAuthenticationManagerImpl.java:159)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:879)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$6.execute(AbstractConfiguredObject.java:866)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:165)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:153)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:629)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.createAsync(AbstractConfiguredObject.java:865)
> at
> org.apache.qpid.server.model.AbstractConfiguredObjectTypeFactory.createAsync(AbstractConfiguredObjectTypeFactory.java:75)
> at
> org.apache.qpid.server.model.ConfiguredObjectFactoryImpl.createAsync(ConfiguredObjectFactoryImpl.java:145)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.addChildAsync(AbstractConfiguredObject.java:2111)
> at
> org.apache.qpid.server.model.BrokerImpl.addChildAsync(BrokerImpl.java:697)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2068)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$17.execute(AbstractConfiguredObject.java:2063)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:637)
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:630)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:248)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:320)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:313)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:111)
> at
> com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:58)
> at
> com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:75)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Though, it is unlikely that any LDAP server would be configured to allow
> specification of search username without a password, the creation of provider
[jira] [Updated] (QPID-8306) [Broker-J] Add ability to update TLS transport on AMQP port after changing keystore, trustores or other TLS related attributes
[ https://issues.apache.org/jira/browse/QPID-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8306: - Fix Version/s: qpid-java-broker-7.1.5 > [Broker-J] Add ability to update TLS transport on AMQP port after changing > keystore, trustores or other TLS related attributes > -- > > Key: QPID-8306 > URL: https://issues.apache.org/jira/browse/QPID-8306 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > Broker restart is required after changes to AMQP port TLS attributes, > keystore and trust stores. It should be possible to update TLS transport > without affecting existing AMQP connections. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8306) [Broker-J] Add ability to update TLS transport on AMQP port after changing keystore, trustores or other TLS related attributes
[ https://issues.apache.org/jira/browse/QPID-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy reassigned QPID-8306: Assignee: Alex Rudyy > [Broker-J] Add ability to update TLS transport on AMQP port after changing > keystore, trustores or other TLS related attributes > -- > > Key: QPID-8306 > URL: https://issues.apache.org/jira/browse/QPID-8306 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0 > > > Broker restart is required after changes to AMQP port TLS attributes, > keystore and trust stores. It should be possible to update TLS transport > without affecting existing AMQP connections. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8356) [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider
[
https://issues.apache.org/jira/browse/QPID-8356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8356:
-
Fix Version/s: qpid-java-broker-7.0.9
qpid-java-broker-8.0.0
> [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on
> loading ACL from file in 'RuleBased' access control provider
> --
>
> Key: QPID-8356
> URL: https://issues.apache.org/jira/browse/QPID-8356
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.8, qpid-java-broker-7.1.4
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.0.9,
> qpid-java-broker-7.1.5
>
>
> ACL rule properties 'from_network' and 'from_hostname' are lost on loading
> ACL from file in 'RuleBased' access control provider.
> The following unit test fails:
> {code}
> @Test
> public void testLoadFirewallRules()
> {
> final Map attributes =
> Collections.singletonMap(RuleBasedAccessControlProvider.NAME, getTestName());
> final Broker broker = BrokerTestHelper.createBrokerMock();
> final RuleBasedAccessControlProviderImpl aclProvider = new
> RuleBasedAccessControlProviderImpl(attributes, broker);
> aclProvider.create();
> final String acl = "ACL ALLOW-LOG guest ACCESS VIRTUALHOST
> from_hostname=\"localhost\"";
> final String data = DataUrlUtils.getDataUrlForBytes(acl.getBytes(UTF_8));
> aclProvider.loadFromFile(data);
> final List rules = aclProvider.getRules();
> assertThat(rules, is(notNullValue()));
> assertThat(rules.size(), is(equalTo(1)));
> final AclRule rule = rules.get(0);
> assertThat(rule, is(notNullValue()));
> assertThat(rule.getObjectType(), is(equalTo(ObjectType.VIRTUALHOST)));
> assertThat(rule.getIdentity(), is(equalTo("guest")));
> assertThat(rule.getOperation(), is(equalTo(LegacyOperation.ACCESS)));
> assertThat(rule.getOutcome(), is(equalTo(RuleOutcome.ALLOW_LOG)));
> assertThat(rule.getAttributes(),
> is(equalTo(Collections.singletonMap("from_hostname", "localhost";
> }
> {code}
> The workaround for this defect would changing the ACL rules directly using
> 'rules' attribute.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8350) [Broker-J][AMQP 1.0][Tests] Fix protocol tests
[
https://issues.apache.org/jira/browse/QPID-8350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy reassigned QPID-8350:
Assignee: Alex Rudyy
> [Broker-J][AMQP 1.0][Tests] Fix protocol tests
> --
>
> Key: QPID-8350
> URL: https://issues.apache.org/jira/browse/QPID-8350
> Project: Qpid
> Issue Type: Task
> Components: Java Tests
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Existing protocol tests works on a number of assumptions which are valid for
> Qpid Broker-J but when they are run against different broker the majority of
> test fail straight away due to various reasons like "not respecting
> counterpart settings in attach {{initial-delivery-count}}", lacking
> assertions about published/consumed messages, etc.
> As part of this JIRA we need to make tests amqp broker neutral and amqp
> complient
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8349) [Broker-J][AMQP 1.0][Tests] Improve protocol tests to be able to run the test suite against external broker
[
https://issues.apache.org/jira/browse/QPID-8349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy reassigned QPID-8349:
Assignee: Alex Rudyy
> [Broker-J][AMQP 1.0][Tests] Improve protocol tests to be able to run the test
> suite against external broker
> ---
>
> Key: QPID-8349
> URL: https://issues.apache.org/jira/browse/QPID-8349
> Project: Qpid
> Issue Type: Task
> Components: Java Tests
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> The existing protocol test framework allows to run test against external
> broker only when annotation {{RunBrokerAdmin}} is added to the test class
> with a type pointing to external broker admin type.
> With this approach the implemented test can only be executed with a
> particular broker admin type.
> The original intention of protocol tests was to allow running protocol tests
> against any AMQP compliment broker. The specific broker admin needs to be
> injected into the test framework.
> Currently, we have "external" and "embedded" broker admin type, but, there is
> no way to execute protocol tests even against external Qpid broker.
> We need to modify protocol test framework to allow running existing tests
> against external broker
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8350) [Broker-J][AMQP 1.0][Tests] Fix protocol tests
[
https://issues.apache.org/jira/browse/QPID-8350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8350:
-
Status: Reviewable (was: In Progress)
> [Broker-J][AMQP 1.0][Tests] Fix protocol tests
> --
>
> Key: QPID-8350
> URL: https://issues.apache.org/jira/browse/QPID-8350
> Project: Qpid
> Issue Type: Task
> Components: Java Tests
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Existing protocol tests works on a number of assumptions which are valid for
> Qpid Broker-J but when they are run against different broker the majority of
> test fail straight away due to various reasons like "not respecting
> counterpart settings in attach {{initial-delivery-count}}", lacking
> assertions about published/consumed messages, etc.
> As part of this JIRA we need to make tests amqp broker neutral and amqp
> complient
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8353) [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
[
https://issues.apache.org/jira/browse/QPID-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8353:
-
Fix Version/s: (was: qpid-java-broker-7.1.4)
qpid-java-broker-7.1.5
> [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
>
>
> Key: QPID-8353
> URL: https://issues.apache.org/jira/browse/QPID-8353
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-client-0-x-6.4.0,
> qpid-java-broker-7.1.5, qpid-java-client-0-x-6.3.5
>
>
> As part of QPID-7056 the functionality for establishing TLS connectivity in
> Qpid Broker-J and JMS client for AMQP 0-x have been changed to enforce
> creation of SSLContext with a hard-coded sub-set of TLS protocols (TLSv1.2,
> TLSv1.1, TLS, TLSv1). See {{SSLUtil#tryGetSSLContext()}}. As result, both
> broker and client might not be able to establish TLSv1.3 connections when JDK
> 11 or above is used unless TLSv1.2, TLSv1.1 are explicitly blacklisted. The
> code needs to be improved to allow TLSv1.3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Resolved] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy resolved QPID-8354. -- Resolution: Fixed > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-client-0-x-6.4.0, > qpid-java-broker-7.1.5, qpid-java-client-0-x-6.3.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy reassigned QPID-8354: Assignee: Alex Rudyy > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-client-0-x-6.4.0, > qpid-java-broker-7.1.5, qpid-java-client-0-x-6.3.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Resolved] (QPID-8353) [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
[
https://issues.apache.org/jira/browse/QPID-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy resolved QPID-8353.
--
Fix Version/s: qpid-java-client-0-x-6.3.5
qpid-java-client-0-x-6.4.0
Resolution: Fixed
> [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
>
>
> Key: QPID-8353
> URL: https://issues.apache.org/jira/browse/QPID-8353
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-client-0-x-6.4.0,
> qpid-java-client-0-x-6.3.5, qpid-java-broker-7.1.4
>
>
> As part of QPID-7056 the functionality for establishing TLS connectivity in
> Qpid Broker-J and JMS client for AMQP 0-x have been changed to enforce
> creation of SSLContext with a hard-coded sub-set of TLS protocols (TLSv1.2,
> TLSv1.1, TLS, TLSv1). See {{SSLUtil#tryGetSSLContext()}}. As result, both
> broker and client might not be able to establish TLSv1.3 connections when JDK
> 11 or above is used unless TLSv1.2, TLSv1.1 are explicitly blacklisted. The
> code needs to be improved to allow TLSv1.3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8353) [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
[
https://issues.apache.org/jira/browse/QPID-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy reassigned QPID-8353:
Assignee: Alex Rudyy
> [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
>
>
> Key: QPID-8353
> URL: https://issues.apache.org/jira/browse/QPID-8353
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.4
>
>
> As part of QPID-7056 the functionality for establishing TLS connectivity in
> Qpid Broker-J and JMS client for AMQP 0-x have been changed to enforce
> creation of SSLContext with a hard-coded sub-set of TLS protocols (TLSv1.2,
> TLSv1.1, TLS, TLSv1). See {{SSLUtil#tryGetSSLContext()}}. As result, both
> broker and client might not be able to establish TLSv1.3 connections when JDK
> 11 or above is used unless TLSv1.2, TLSv1.1 are explicitly blacklisted. The
> code needs to be improved to allow TLSv1.3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8354: - Fix Version/s: qpid-java-client-0-x-6.4.0 qpid-java-client-0-x-6.3.5 > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-client-0-x-6.4.0, > qpid-java-broker-7.1.5, qpid-java-client-0-x-6.3.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy reassigned QPID-8363:
Assignee: Alex Rudyy
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8363:
-
Fix Version/s: qpid-java-broker-8.0.0
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8364) [Broker-J] Add support for SPNEGO authentication into HTTP management
[ https://issues.apache.org/jira/browse/QPID-8364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8364: - Status: Reviewable (was: In Progress) > [Broker-J] Add support for SPNEGO authentication into HTTP management > - > > Key: QPID-8364 > URL: https://issues.apache.org/jira/browse/QPID-8364 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The Kerberos Authentication is only supported for messaging connections. The > support for Kerberos SPENEGO Authentication needs to be implemented for HTTP > management. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Assigned] (QPID-8364) [Broker-J] Add support for SPNEGO authentication into HTTP management
[ https://issues.apache.org/jira/browse/QPID-8364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy reassigned QPID-8364: Assignee: Alex Rudyy > [Broker-J] Add support for SPNEGO authentication into HTTP management > - > > Key: QPID-8364 > URL: https://issues.apache.org/jira/browse/QPID-8364 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The Kerberos Authentication is only supported for messaging connections. The > support for Kerberos SPENEGO Authentication needs to be implemented for HTTP > management. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8363:
-
Status: Reviewable (was: In Progress)
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8364) [Broker-J] Add support for SPNEGO authentication into HTTP management
[ https://issues.apache.org/jira/browse/QPID-8364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940555#comment-16940555 ] ASF subversion and git services commented on QPID-8364: --- Commit a9aedc74939cf781143e913398d52f2afb25eceb in qpid-broker-j's branch refs/heads/7.1.x from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=a9aedc7 ] QPID-8364: [Broker-J] Add support for SPNEGO authentication (cherry picked from commit e4687a493b97c3bb4d1101f00139bc09c0618fda) > [Broker-J] Add support for SPNEGO authentication into HTTP management > - > > Key: QPID-8364 > URL: https://issues.apache.org/jira/browse/QPID-8364 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Reporter: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The Kerberos Authentication is only supported for messaging connections. The > support for Kerberos SPENEGO Authentication needs to be implemented for HTTP > management. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940553#comment-16940553
]
ASF subversion and git services commented on QPID-8360:
---
Commit ae197f88b2049936071c240f1533e75b454dcee5 in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=ae197f8 ]
QPID-8360: [Broker-J] Change logger types to upper-case for consistency reasons
(cherry picked from commit f2876f7ce6463d8e7336ea0406dd0f0c82adbcd1)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940556#comment-16940556
]
ASF subversion and git services commented on QPID-8363:
---
Commit 88a37dcb3f41ad6409865f869c41711fd5825386 in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=88a37dc ]
QPID-8363: [Broker-J] Fix test dependency scope
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940554#comment-16940554
]
ASF subversion and git services commented on QPID-8363:
---
Commit 097031e32ad5334ddd1831d563ef0d1680f2a7bd in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=097031e ]
QPID-8363: [Broker-J] Add support for GSSAPI authentication into SimpleLDAP
authentication provider
(cherry picked from commit 4c7aeb273736baebd49cf5c0807359ca3f15ed7e)
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940550#comment-16940550
]
ASF subversion and git services commented on QPID-8360:
---
Commit 1129da1f8bc1ed55bd173de5f3d574ad17f18a6e in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=1129da1 ]
QPID-8360: [Broker-J] Update licenseMerge for 'Eclipse Public License' to
accept license specified as 'MPL 2.0 or EPL 1.0'
(cherry picked from commit 55d664a768580911ce2d6efc546de7726f3b6c3e)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940551#comment-16940551
]
ASF subversion and git services commented on QPID-8360:
---
Commit d2c0c6530e5e95262e85738bd56c02dbf0eb5472 in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=d2c0c65 ]
QPID-8360: [Broker-J] Update depenecies reference file
(cherry picked from commit 7ffbe9859e46a6ae8bbe39d1684f0f21e1954628)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940548#comment-16940548 ] ASF subversion and git services commented on QPID-8354: --- Commit 6af60795102ff97404da21c23c9ff810396dafcc in qpid-broker-j's branch refs/heads/7.1.x from Tomas Vavricka [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=6af6079 ] QPID-8354: [Broker-J] Address review comments from Oleksandr Rudyy This closes #37 (cherry picked from commit d4a3e0cab5fbf3be0760afd6999d23f088f064c4) > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940552#comment-16940552
]
ASF subversion and git services commented on QPID-8360:
---
Commit cde6d07aa6cc949daabe6044fd4837503406c00f in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=cde6d07 ]
QPID-8360: [Broker-J] Clean-up code
(cherry picked from commit b14b35dcf409cf252dc75cf76a28ba712649b538)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8360) [Broker-J] Add broker and virtual host loggers storing log records in database
[
https://issues.apache.org/jira/browse/QPID-8360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940549#comment-16940549
]
ASF subversion and git services commented on QPID-8360:
---
Commit 21c101ae935cb88b7e70b2e20955b14c970ac03f in qpid-broker-j's branch
refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=21c101a ]
QPID-8360: [Broker-J]Add broker and virtual host loggers storing log records in
database
(cherry picked from commit a33aca40bd224453ad8b0939b2f5af385017b946)
> [Broker-J] Add broker and virtual host loggers storing log records in database
> --
>
> Key: QPID-8360
> URL: https://issues.apache.org/jira/browse/QPID-8360
> Project: Qpid
> Issue Type: New Feature
> Components: Broker-J
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
>
> Some environments require audit logging to be stored in remote "off host"
> locations like RDBMS, splunk, etc. The logback logging already has a
> {{DBAppender}} to store logs in RDBMSs. Thus, Broker and VirtualHost
> {{Logger}} s can be added utilizing {{DBAppender}} to store logs remotely
> in RDBMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8363) [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
[
https://issues.apache.org/jira/browse/QPID-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940545#comment-16940545
]
ASF subversion and git services commented on QPID-8363:
---
Commit f966f0c1589be70ab60b71ce7b5fc455b751ed8d in qpid-broker-j's branch
refs/heads/master from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=f966f0c ]
QPID-8363: [Broker-J] Fix test dependency scope
> [Broker-J] Add support for GSSAPI bind into SimpleLDAP authentication provider
> --
>
> Key: QPID-8363
> URL: https://issues.apache.org/jira/browse/QPID-8363
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Reporter: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> The SimpleLDAP authentication provider currently supports only NONE and
> SIMPLE authentication methods for initial binding into LDAP if {{Authenticate
> without search}} is not set. We need to add {{GSSAPI}} authentication method
> when LDAP server supports Kereberos authentication
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8353) [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
[
https://issues.apache.org/jira/browse/QPID-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940542#comment-16940542
]
ASF subversion and git services commented on QPID-8353:
---
Commit 36ede0c01c275ac36765f4723c4878d8a6f3e013 in qpid-jms-amqp-0-x's branch
refs/heads/6.3.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-jms-amqp-0-x.git;h=36ede0c ]
QPID-8353: [JMS AMQP 0-x] Add TLSv1.3 into preferences
(cherry picked from commit d50617333ff52385e3316e11b135a57d1b0859b6)
> [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
>
>
> Key: QPID-8353
> URL: https://issues.apache.org/jira/browse/QPID-8353
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
>Reporter: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.4
>
>
> As part of QPID-7056 the functionality for establishing TLS connectivity in
> Qpid Broker-J and JMS client for AMQP 0-x have been changed to enforce
> creation of SSLContext with a hard-coded sub-set of TLS protocols (TLSv1.2,
> TLSv1.1, TLS, TLSv1). See {{SSLUtil#tryGetSSLContext()}}. As result, both
> broker and client might not be able to establish TLSv1.3 connections when JDK
> 11 or above is used unless TLSv1.2, TLSv1.1 are explicitly blacklisted. The
> code needs to be improved to allow TLSv1.3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940541#comment-16940541 ] ASF subversion and git services commented on QPID-8354: --- Commit e94898f5f46a56ea5ab3f96acc34351d6d92845c in qpid-jms-amqp-0-x's branch refs/heads/6.3.x from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-jms-amqp-0-x.git;h=e94898f ] QPID-8354: [JMS AMQP 0-x] Blacklist TLSv1.1 (cherry picked from commit a10dd9eb75bee0ec13cab38e8291a2498583bbdc) > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8354) [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
[ https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940538#comment-16940538 ] ASF subversion and git services commented on QPID-8354: --- Commit a10dd9eb75bee0ec13cab38e8291a2498583bbdc in qpid-jms-amqp-0-x's branch refs/heads/master from Alex Rudyy [ https://gitbox.apache.org/repos/asf?p=qpid-jms-amqp-0-x.git;h=a10dd9e ] QPID-8354: [JMS AMQP 0-x] Blacklist TLSv1.1 > [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1 > - > > Key: QPID-8354 > URL: https://issues.apache.org/jira/browse/QPID-8354 > Project: Qpid > Issue Type: Improvement > Components: Broker-J, JMS AMQP 0-x >Reporter: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5 > > > The TLSv1.1 is allowed by default for establishing TLS connectivity in both > Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already > blacklisted in both products. We can consider restricting allowed TLS > protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with > JDK8-10 and TLSv1.3 can be used with JDK 11 and above. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8353) [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
[
https://issues.apache.org/jira/browse/QPID-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940539#comment-16940539
]
ASF subversion and git services commented on QPID-8353:
---
Commit d50617333ff52385e3316e11b135a57d1b0859b6 in qpid-jms-amqp-0-x's branch
refs/heads/master from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-jms-amqp-0-x.git;h=d506173 ]
QPID-8353: [JMS AMQP 0-x] Add TLSv1.3 into preferences
> [Broker-J][JMS AMQP 0-x] Add support for TLSv1.3
>
>
> Key: QPID-8353
> URL: https://issues.apache.org/jira/browse/QPID-8353
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
>Reporter: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.4
>
>
> As part of QPID-7056 the functionality for establishing TLS connectivity in
> Qpid Broker-J and JMS client for AMQP 0-x have been changed to enforce
> creation of SSLContext with a hard-coded sub-set of TLS protocols (TLSv1.2,
> TLSv1.1, TLS, TLSv1). See {{SSLUtil#tryGetSSLContext()}}. As result, both
> broker and client might not be able to establish TLSv1.3 connections when JDK
> 11 or above is used unless TLSv1.2, TLSv1.1 are explicitly blacklisted. The
> code needs to be improved to allow TLSv1.3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[GitHub] [qpid-dispatch] nicob87 opened a new pull request #575: optparse to argparse migration
nicob87 opened a new pull request #575: optparse to argparse migration URL: https://github.com/apache/qpid-dispatch/pull/575 Main reason to migrate from optparse to argparse is python documentation itself. - from: https://docs.python.org/2/library/optparse.html Deprecated since version 2.7: The optparse module is deprecated and will not be developed further; development will continue with the argparse module. - from: https://docs.python.org/2/library/argparse.html The argparse module improves on the standard library optparse module in a number of ways including: Handling positional arguments. Supporting sub-commands. Allowing alternative option prefixes like + and /. Handling zero-or-more and one-or-more style arguments. Producing more informative usage messages. Providing a much simpler interface for custom type and action. Regarding to the migration job done in this pr: - optarse library is removed from the source, all library argument parsing is now done with argparse. - version argument is now handled by argparse, that supports special version argument. - qdstat arguments: fully handled by argparse library. - qdmanage arguments: all optparse arguments are now migrated to argparse. - positional argument parsing (operation) remains "unmodified", in the future it may be changed so argparse also parsing positional arguments. - incompatible arguments (like -r, --all-routers) or (-c --all-entities) are now handled by the special "mutually_exclusive_group". - Help message is also handled by argparse. - Usage message is also handled by argparse. - some unittests created to test specifically the parsing. - some more could be added. - some unittests added to the "main" method in command.py module. - help messages could be customized, right now they are being printed with the default argparse format. qdstat_help: ``` usage: qdstat [-h] [-b URL] [-t SECS] [--ssl-certificate CERT] [--ssl-key KEY] [--ssl-trustfile TRUSTED-CA-DB] [--ssl-password PASSWORD] [--ssl-password-file SSL-PASSWORD-FILE] [--sasl-mechanisms SASL-MECHANISMS] [--sasl-username SASL-USERNAME] [--sasl-password SASL-PASSWORD] [--sasl-password-file SASL-PASSWORD-FILE] [--ssl-disable-peer-name-verify] [--version] [-v] [-g | -c | -l | -n | -e | -a | -m | --autolinks | --linkroutes | --log | --all-entities] [--all-routers | -r ROUTER-ID] [--limit LIMIT] optional arguments: -h, --helpshow this help message and exit --version show program's version number and exit -v, --verbose Show maximum detail --limit LIMIT Limit number of output rows Connection: Connection Options -b URL, --bus URL URL of the messaging bus to connect to default 0.0.0.0 -t SECS, --timeout SECS Maximum time to wait for connection in seconds default 5 --ssl-certificate CERT Client SSL certificate (PEM Format) --ssl-key KEY Client SSL private key (PEM Format) --ssl-trustfile TRUSTED-CA-DB Trusted Certificate Authority Database file (PEM Format) --ssl-password PASSWORD Certificate password, will be prompted if not specifed. --ssl-password-file SSL-PASSWORD-FILE Certificate password, will be prompted if not specifed. --sasl-mechanisms SASL-MECHANISMS Allowed sasl mechanisms to be supplied during the sasl handshake. --sasl-username SASL-USERNAME User name for SASL plain authentication --sasl-password SASL-PASSWORD Password for SASL plain authentication --sasl-password-file SASL-PASSWORD-FILE Password for SASL plain authentication --ssl-disable-peer-name-verify Disables SSL peer name verification. WARNING - This option is insecure and must not be used in production environments Display: Choose what kind of information you want to be displayed -g, --general Show General Router Stats -c, --connections Show Connections -l, --links Show Router Links -n, --nodes Show Router Nodes -e, --edgeShow edge connections -a, --address Show Router Addresses -m, --memory Show Router Memory Stats --autolinks Show Auto Links --linkroutes Show Link Routes --log Show recent log entries
