[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS

[Justin Bertram (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14723496#comment-14723496
 ] 

Justin Bertram commented on ARTEMIS-206:


I made a small change to the NettyConnector to use "https" when SSL is enabled. 
 Do you believe this is sufficient to resolve the issue?

> HTTP Upgrade does not work over HTTPS
> -
>
> Key: ARTEMIS-206
> URL: https://issues.apache.org/jira/browse/ARTEMIS-206
> Project: ActiveMQ Artemis
>  Issue Type: Bug
>  Components: Broker
>Affects Versions: 1.0.0
>Reporter: Jeff Mesnil
>Assignee: Justin Bertram
>
> For security reasons, we need to support creating Artemis connections over 
> HTTPS Upgrade.
> Currently, the Upgrade code works only over HTTP.
> We need to also support it over HTTPS for increased security.
> This means that the NettyConnector code that deals with httpUpgradeEnabled 
> must also check if sslEnabled is set.
> If that's the case, the GET request to upgrade the connection must be done 
> over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL 
> handshake)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS

[Justin Bertram (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14723496#comment-14723496
 ] 

Justin Bertram edited comment on ARTEMIS-206 at 8/31/15 2:48 PM:
-

I just made a small change to the NettyConnector to use "https" when SSL is 
enabled.  Do you believe this is sufficient to resolve the issue?


was (Author: jbertram):
I made a small change to the NettyConnector to use "https" when SSL is enabled. 
 Do you believe this is sufficient to resolve the issue?

> HTTP Upgrade does not work over HTTPS
> -
>
> Key: ARTEMIS-206
> URL: https://issues.apache.org/jira/browse/ARTEMIS-206
> Project: ActiveMQ Artemis
>  Issue Type: Bug
>  Components: Broker
>Affects Versions: 1.0.0
>Reporter: Jeff Mesnil
>Assignee: Justin Bertram
>
> For security reasons, we need to support creating Artemis connections over 
> HTTPS Upgrade.
> Currently, the Upgrade code works only over HTTP.
> We need to also support it over HTTPS for increased security.
> This means that the NettyConnector code that deals with httpUpgradeEnabled 
> must also check if sslEnabled is set.
> If that's the case, the GET request to upgrade the connection must be done 
> over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL 
> handshake)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (AMQ-5951) failover maxReconnect=0 url can block on reconnect

[Gary Tully (JIRA)]

Gary Tully created AMQ-5951:
---

 Summary: failover maxReconnect=0 url can block on reconnect
 Key: AMQ-5951
 URL: https://issues.apache.org/jira/browse/AMQ-5951
 Project: ActiveMQ
  Issue Type: Bug
  Components: JMS client
Affects Versions: 5.12.0
Reporter: Gary Tully
Assignee: Gary Tully
 Fix For: 5.13.0


client with {code}failover:(tcp://localhost:61616)?maxReconnectAttempts=0{code}
with exception listener that attempts to use the connection, ie: do a 
rollback/ack/shutdown, can block pending transport close.
A retrying failover oneway send will block the mutex transport in error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (AMQ-5951) failover maxReconnect=0 url can block on reconnect

[Gary Tully (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMQ-5951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gary Tully resolved AMQ-5951.
-
Resolution: Fixed

Fix is to not retry in the oneway with the lock held if there won't be any 
reconnect.

> failover maxReconnect=0 url can block on reconnect
> --
>
> Key: AMQ-5951
> URL: https://issues.apache.org/jira/browse/AMQ-5951
> Project: ActiveMQ
>  Issue Type: Bug
>  Components: JMS client
>Affects Versions: 5.12.0
>Reporter: Gary Tully
>Assignee: Gary Tully
> Fix For: 5.13.0
>
>
> client with 
> {code}failover:(tcp://localhost:61616)?maxReconnectAttempts=0{code}
> with exception listener that attempts to use the connection, ie: do a 
> rollback/ack/shutdown, can block pending transport close.
> A retrying failover oneway send will block the mutex transport in error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMQ-5951) failover maxReconnect=0 url can block on reconnect

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/AMQ-5951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14723508#comment-14723508
 ] 

ASF subversion and git services commented on AMQ-5951:
--

Commit ae9af4b8b29e792db213ca2cc2879ddc7c4118e5 in activemq's branch 
refs/heads/master from [~gtully]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=ae9af4b ]

https://issues.apache.org/jira/browse/AMQ-5951 - ensure failover oneway won't 
retry if reconnect will not happen


> failover maxReconnect=0 url can block on reconnect
> --
>
> Key: AMQ-5951
> URL: https://issues.apache.org/jira/browse/AMQ-5951
> Project: ActiveMQ
>  Issue Type: Bug
>  Components: JMS client
>Affects Versions: 5.12.0
>Reporter: Gary Tully
>Assignee: Gary Tully
> Fix For: 5.13.0
>
>
> client with 
> {code}failover:(tcp://localhost:61616)?maxReconnectAttempts=0{code}
> with exception listener that attempts to use the connection, ie: do a 
> rollback/ack/shutdown, can block pending transport close.
> A retrying failover oneway send will block the mutex transport in error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMQ-5951) failover maxReconnect=0 url can block on reconnect

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/AMQ-5951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14723750#comment-14723750
 ] 

ASF subversion and git services commented on AMQ-5951:
--

Commit 3619724d971c64717d304bfb1ebeba47bc904789 in activemq's branch 
refs/heads/activemq-5.12.x from [~gtully]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=3619724 ]

https://issues.apache.org/jira/browse/AMQ-5951 - ensure failover oneway won't 
retry if reconnect will not happen

(cherry picked from commit ae9af4b8b29e792db213ca2cc2879ddc7c4118e5)


> failover maxReconnect=0 url can block on reconnect
> --
>
> Key: AMQ-5951
> URL: https://issues.apache.org/jira/browse/AMQ-5951
> Project: ActiveMQ
>  Issue Type: Bug
>  Components: JMS client
>Affects Versions: 5.12.0
>Reporter: Gary Tully
>Assignee: Gary Tully
> Fix For: 5.13.0
>
>
> client with 
> {code}failover:(tcp://localhost:61616)?maxReconnectAttempts=0{code}
> with exception listener that attempts to use the connection, ie: do a 
> rollback/ack/shutdown, can block pending transport close.
> A retrying failover oneway send will block the mutex transport in error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (AMQ-5951) failover maxReconnect=0 url can block on reconnect

[Timothy Bish (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMQ-5951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Timothy Bish updated AMQ-5951:
--
Fix Version/s: 5.12.1

> failover maxReconnect=0 url can block on reconnect
> --
>
> Key: AMQ-5951
> URL: https://issues.apache.org/jira/browse/AMQ-5951
> Project: ActiveMQ
>  Issue Type: Bug
>  Components: JMS client
>Affects Versions: 5.12.0
>Reporter: Gary Tully
>Assignee: Gary Tully
> Fix For: 5.12.1, 5.13.0
>
>
> client with 
> {code}failover:(tcp://localhost:61616)?maxReconnectAttempts=0{code}
> with exception listener that attempts to use the connection, ie: do a 
> rollback/ack/shutdown, can block pending transport close.
> A retrying failover oneway send will block the mutex transport in error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14723909#comment-14723909
 ] 

ASF GitHub Bot commented on ARTEMIS-206:


GitHub user jbertram opened a pull request:

https://github.com/apache/activemq-artemis/pull/147

ARTEMIS-206 HTTP Upgrade does not work over HTTPS



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/jbertram/activemq-artemis ARTEMIS-206

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq-artemis/pull/147.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #147


commit 853d3665df22faf03623b42a71b310b214a8f3d6
Author: jbertram 
Date:   2015-08-27T18:15:27Z

ARTEMIS-206 HTTP Upgrade does not work over HTTPS




> HTTP Upgrade does not work over HTTPS
> -
>
> Key: ARTEMIS-206
> URL: https://issues.apache.org/jira/browse/ARTEMIS-206
> Project: ActiveMQ Artemis
>  Issue Type: Bug
>  Components: Broker
>Affects Versions: 1.0.0
>Reporter: Jeff Mesnil
>Assignee: Justin Bertram
>
> For security reasons, we need to support creating Artemis connections over 
> HTTPS Upgrade.
> Currently, the Upgrade code works only over HTTP.
> We need to also support it over HTTPS for increased security.
> This means that the NettyConnector code that deals with httpUpgradeEnabled 
> must also check if sslEnabled is set.
> If that's the case, the GET request to upgrade the connection must be done 
> over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL 
> handshake)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS

[clebert suconic (JIRA)]

 [ 
https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

clebert suconic closed ARTEMIS-206.
---
Resolution: Fixed

> HTTP Upgrade does not work over HTTPS
> -
>
> Key: ARTEMIS-206
> URL: https://issues.apache.org/jira/browse/ARTEMIS-206
> Project: ActiveMQ Artemis
>  Issue Type: Bug
>  Components: Broker
>Affects Versions: 1.0.0
>Reporter: Jeff Mesnil
>Assignee: Justin Bertram
> Fix For: 1.1.0
>
>
> For security reasons, we need to support creating Artemis connections over 
> HTTPS Upgrade.
> Currently, the Upgrade code works only over HTTP.
> We need to also support it over HTTPS for increased security.
> This means that the NettyConnector code that deals with httpUpgradeEnabled 
> must also check if sslEnabled is set.
> If that's the case, the GET request to upgrade the connection must be done 
> over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL 
> handshake)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ARTEMIS-187) Hold server.lock on tools

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14724063#comment-14724063
 ] 

ASF GitHub Bot commented on ARTEMIS-187:


GitHub user clebertsuconic opened a pull request:

https://github.com/apache/activemq-artemis/pull/148

ARTEMIS-187 Hold lock between server running and data tools to avoid data 
damaged



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/clebertsuconic/activemq-artemis lock

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq-artemis/pull/148.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #148


commit 1af221f1214c0a78df1be373047c007e81e98201
Author: Clebert Suconic 
Date:   2015-08-31T21:13:31Z

ARTEMIS-187 Hold lock between server running and data tools to avoid data 
damaged




> Hold server.lock on tools
> -
>
> Key: ARTEMIS-187
> URL: https://issues.apache.org/jira/browse/ARTEMIS-187
> Project: ActiveMQ Artemis
>  Issue Type: Improvement
>Reporter: clebert suconic
> Fix For: 1.1.0
>
>
> This is to avoid the data being changed while server is running.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ARTEMIS-187) Hold server.lock on tools

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14724098#comment-14724098
 ] 

ASF GitHub Bot commented on ARTEMIS-187:


Github user asfgit closed the pull request at:

https://github.com/apache/activemq-artemis/pull/148


> Hold server.lock on tools
> -
>
> Key: ARTEMIS-187
> URL: https://issues.apache.org/jira/browse/ARTEMIS-187
> Project: ActiveMQ Artemis
>  Issue Type: Improvement
>Reporter: clebert suconic
> Fix For: 1.1.0
>
>
> This is to avoid the data being changed while server is running.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ARTEMIS-187) Hold server.lock on tools

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/ARTEMIS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14724097#comment-14724097
 ] 

ASF subversion and git services commented on ARTEMIS-187:
-

Commit 511bfc7e15df26200dd98a008cc66fb23ecd7967 in activemq-artemis's branch 
refs/heads/master from Clebert Suconic
[ https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.git;h=511bfc7 ]

ARTEMIS-187 Hold lock between server running and data tools to avoid data 
damaged


> Hold server.lock on tools
> -
>
> Key: ARTEMIS-187
> URL: https://issues.apache.org/jira/browse/ARTEMIS-187
> Project: ActiveMQ Artemis
>  Issue Type: Improvement
>Reporter: clebert suconic
> Fix For: 1.1.0
>
>
> This is to avoid the data being changed while server is running.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (AMQ-5860) Encrypt connectionPassword in login,conf file when using LDAPLoginModule

[Christopher L. Shannon (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMQ-5860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christopher L. Shannon reassigned AMQ-5860:
---

Assignee: Christopher L. Shannon

> Encrypt connectionPassword in login,conf file when using LDAPLoginModule
> 
>
> Key: AMQ-5860
> URL: https://issues.apache.org/jira/browse/AMQ-5860
> Project: ActiveMQ
>  Issue Type: Improvement
>  Components: Broker
>Affects Versions: 5.11.1
>Reporter: JIE CHEN
>Assignee: Christopher L. Shannon
>Priority: Critical
>
> Current the connectionPassword can only be clear text in login.conf file if 
> using LDAPLoginModule. It is important to encrypt the password otherwise it 
> will be a big security issue in some user case



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (AMQ-5950) Active MQ broker exposing data persistent layer when using oracle database

[Dean Smith (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMQ-5950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dean Smith updated AMQ-5950:

Description: 
When stress testing the broker and producers are sending messages quicker than 
your consumers consuming, and the table-space limit is hit, the broker throws 
this exception:

{code}
javax.jms.JMSException: ORA-01653: unable to extend table 
ACTIVEMQ_OWNER.ACTIVEMQ_MSGS by 8192 in tablespace ACTIVEMQ_DATA

at 
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:54)
at 
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1419)
at 
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1345)
at org.apache.activemq.ActiveMQSession.send(ActiveMQSession.java:1963)
at 
org.apache.activemq.ActiveMQMessageProducer.send(ActiveMQMessageProducer.java:289)
at 
org.apache.activemq.ActiveMQMessageProducer.send(ActiveMQMessageProducer.java:224)
at 
org.apache.activemq.ActiveMQMessageProducerSupport.send(ActiveMQMessageProducerSupport.java:269)
at Producer.sendMessages(Producer.java:30)
at ProducerContainer.run(ProducerContainer.java:79)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: ORA-01653: unable to extend table 
ACTIVEMQ_OWNER.ACTIVEMQ_MSGS by 8192 in tablespace ACTIVEMQ_DATA

at 
org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
at 
org.apache.activemq.store.jdbc.TransactionContext.close(TransactionContext.java:146)
at 
org.apache.activemq.store.jdbc.JDBCMessageStore.addMessage(JDBCMessageStore.java:163)
at 
org.apache.activemq.store.memory.MemoryTransactionStore.addMessage(MemoryTransactionStore.java:343)
at 
org.apache.activemq.store.memory.MemoryTransactionStore$1.addMessage(MemoryTransactionStore.java:143)
at org.apache.activemq.broker.region.Queue.doMessageSend(Queue.java:836)
at org.apache.activemq.broker.region.Queue.send(Queue.java:727)
at 
org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java:390)
at 
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:455)
at 
org.apache.activemq.broker.jmx.ManagedRegionBroker.send(ManagedRegionBroker.java:297)
at org.apache.activemq.broker.BrokerFilter.send(BrokerFilter.java:152)
at 
org.apache.activemq.broker.CompositeDestinationBroker.send(CompositeDestinationBroker.java:96)
at 
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:307)
at 
org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:157)
at 
org.apache.activemq.broker.TransportConnection.processMessage(TransportConnection.java:540)
at 
org.apache.activemq.command.ActiveMQMessage.visit(ActiveMQMessage.java:756)
at 
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:333)
at 
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:187)
at 
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at 
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
at 
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:270)
at 
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
at 
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:214)
at 
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)
{code}

The reason why it failed is acceptable but the stack trace is exposing the 
internal database tables to the client which should be encapsulated.

  was:
When stress testing the broker and producers are sending messages quicker than 
your consumers consuming, and the table-space limit is hit, the broker throws 
this exception:

{code}
javax.jms.JMSException: ORA-01653: unable to extend table 
ACTIVEMQ_OWNER.ACTIVEMQ_MSGS by 8192 in tablespace ACTIVEMQ_DATA

at 
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:54)
at 
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1419)
at 
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1345)
at org.apache.activemq.ActiveMQSession.send(ActiveMQSession.java:1963)
at 
org.apache.activemq.ActiveMQMessageProducer.send(ActiveMQMessageProducer.java:289)
at 
org.apache.activemq.ActiveMQMessageProducer.send(ActiveMQMessageProducer.java:224)
at 
org.apache.activemq.ActiveMQMessageProducerSupport.send(ActiveMQMessageProducerSupport.java:269)
at Producer.sendMessages(Producer.java:30)
at ProducerContainer.run(ProducerContainer.java:79)
at