[jira] [Commented] (ARTEMIS-4266) Mitigate NPE with bad SSL config
[ https://issues.apache.org/jira/browse/ARTEMIS-4266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718784#comment-17718784 ] ASF subversion and git services commented on ARTEMIS-4266: -- Commit dc0b3ac55ac502123982ae3b42a52a04f8e6ad33 in activemq-artemis's branch refs/heads/main from Justin Bertram [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=dc0b3ac55a ] ARTEMIS-4266 mitigate NPE with bad SSL config > Mitigate NPE with bad SSL config > > > Key: ARTEMIS-4266 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4266 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Justin Bertram >Assignee: Justin Bertram >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > If an {{acceptor}} is configured with {{sslEnabled=true}} and nothing else > the broker will thrown an NPE instead of the proper exception with the proper > explanation of the problem. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4266) Mitigate NPE with bad SSL config
[ https://issues.apache.org/jira/browse/ARTEMIS-4266?focusedWorklogId=860207&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860207 ] ASF GitHub Bot logged work on ARTEMIS-4266: --- Author: ASF GitHub Bot Created on: 03/May/23 04:26 Start Date: 03/May/23 04:26 Worklog Time Spent: 10m Work Description: brusdev merged PR #4459: URL: https://github.com/apache/activemq-artemis/pull/4459 Issue Time Tracking --- Worklog Id: (was: 860207) Remaining Estimate: 0h Time Spent: 10m > Mitigate NPE with bad SSL config > > > Key: ARTEMIS-4266 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4266 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Justin Bertram >Assignee: Justin Bertram >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > If an {{acceptor}} is configured with {{sslEnabled=true}} and nothing else > the broker will thrown an NPE instead of the proper exception with the proper > explanation of the problem. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (AMQ-9254) KahaDB minor fix when db files may be larger than max length
[ https://issues.apache.org/jira/browse/AMQ-9254?focusedWorklogId=860195&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860195 ] ASF GitHub Bot logged work on AMQ-9254: --- Author: ASF GitHub Bot Created on: 02/May/23 23:13 Start Date: 02/May/23 23:13 Worklog Time Spent: 10m Work Description: cshannon commented on PR #1004: URL: https://github.com/apache/activemq/pull/1004#issuecomment-1532267039 @mattrpav - let me know what you think of my commit I just pushed. We should be able to just do a normal merge commit when we merge the PR and keep both commits separate in this case instead of squashing. Issue Time Tracking --- Worklog Id: (was: 860195) Time Spent: 20m (was: 10m) > KahaDB minor fix when db files may be larger than max length > > > Key: AMQ-9254 > URL: https://issues.apache.org/jira/browse/AMQ-9254 > Project: ActiveMQ > Issue Type: Task >Reporter: Matt Pavlovich >Assignee: Matt Pavlovich >Priority: Minor > Fix For: 5.19.0, 5.17.5, 5.18.2 > > Time Spent: 20m > Remaining Estimate: 0h > > Log message: > {noformat} > Caused by: java.io.IOException: Invalid location size: 54:33554460, size: 2412 > at > org.apache.activemq.store.kahadb.disk.journal.DataFileAccessor.readRecord(DataFileAccessor.java:88) > ~[?:?] > at > org.apache.activemq.store.kahadb.disk.journal.Journal.read(Journal.java:953) > ~[?:?] > at > org.apache.activemq.store.kahadb.MessageDatabase.load(MessageDatabase.java:1197) > ~[?:?] > at > org.apache.activemq.store.kahadb.KahaDBStore.loadMessage(KahaDBStore.java:1401) > ~[?:?] > ... 74 more > {noformat} > db-54.log size: 33556877 > Note: This read would have succeeded otherwise. > Reproducible test case: > ref: https://github.com/mattrpav/activemq-jira-9254 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4212) Unexpected Behavior when Routing Type of Destinations Doesn't Match Clients
[ https://issues.apache.org/jira/browse/ARTEMIS-4212?focusedWorklogId=860177&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860177 ] ASF GitHub Bot logged work on ARTEMIS-4212: --- Author: ASF GitHub Bot Created on: 02/May/23 20:41 Start Date: 02/May/23 20:41 Worklog Time Spent: 10m Work Description: jbertram opened a new pull request, #4464: URL: https://github.com/apache/activemq-artemis/pull/4464 - fix syntax used for 'addresses' CLI option - update release notes - enforce new semantics on parsing & add test Issue Time Tracking --- Worklog Id: (was: 860177) Time Spent: 6h (was: 5h 50m) > Unexpected Behavior when Routing Type of Destinations Doesn't Match Clients > --- > > Key: ARTEMIS-4212 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4212 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Justin Bertram >Assignee: Justin Bertram >Priority: Major > Time Spent: 6h > Remaining Estimate: 0h > > When the routing type of an address (and associated queue) does not match the > routing type of a client producer, the resultant behavior is a bit unexpected. > Expected Behavior: > If a client sends a message to an address / queue with the same name, but a > different routing type, the expected behavior would be to throw some sort of > InvalidDestinationException (if auto-create is not enabled), or to create the > matching address and queue with the appropriate routing type. The routing > count on the existing address (with non-matching routing type) should remain > unchanged. > Actual Behavior: > When sending, for example, to a predefined anycast address and queue from a > multiccast (Topic) producer, the routed count on the address is incremented, > but the message count on the matching queue is not. No indication is given at > the client end that the messages failed to get routed - they are silently > dropped. > This is reproducible using a qpid / proton queue producer to send to a > multicast address or using a topic producer to send to an anycast address, > e.g.: > 1. Create a a broker, setting auto-create-queues and auto-create addresses to > "false" for the catch-all address-setting > 2. Start the broker and create a an address and matching queue with a ANYCAST > routing type > 3. Send 1000 messages to the broker using the same queue name but mismatched > routing type: > {code} > ./artemis producer --url amqp://localhost:61616 --user admin --password admin > --destination topic://{QUEUE NAME} --protocol amqp > {code} > No error is emitted and the routing count is incremented by 1000 at the > address level, but remains unchanged at the destination level. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4265) Make more web console tabs conditional on permission
[ https://issues.apache.org/jira/browse/ARTEMIS-4265?focusedWorklogId=860156&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860156 ] ASF GitHub Bot logged work on ARTEMIS-4265: --- Author: ASF GitHub Bot Created on: 02/May/23 19:50 Start Date: 02/May/23 19:50 Worklog Time Spent: 10m Work Description: brusdev commented on PR #4460: URL: https://github.com/apache/activemq-artemis/pull/4460#issuecomment-1532057589 The change LGTM, are you planning to add any console smoke test, i.e. [QueuesTest](https://github.com/apache/activemq-artemis/blob/main/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/QueuesTest.java)? Issue Time Tracking --- Worklog Id: (was: 860156) Time Spent: 20m (was: 10m) > Make more web console tabs conditional on permission > > > Key: ARTEMIS-4265 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4265 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Justin Bertram >Assignee: Justin Bertram >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Many of the tabs on the web console show up even though the user doesn't have > permission to execute the command corresponding to the tab. For example the > "Connections" tab shows up even though the user can't execute the > {{listConnections}} management operation. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (AMQ-9254) KahaDB minor fix when db files may be larger than max length
[ https://issues.apache.org/jira/browse/AMQ-9254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Pavlovich updated AMQ-9254: Fix Version/s: 5.19.0 5.17.5 5.18.2 > KahaDB minor fix when db files may be larger than max length > > > Key: AMQ-9254 > URL: https://issues.apache.org/jira/browse/AMQ-9254 > Project: ActiveMQ > Issue Type: Task >Reporter: Matt Pavlovich >Assignee: Matt Pavlovich >Priority: Minor > Fix For: 5.19.0, 5.17.5, 5.18.2 > > Time Spent: 10m > Remaining Estimate: 0h > > Log message: > {noformat} > Caused by: java.io.IOException: Invalid location size: 54:33554460, size: 2412 > at > org.apache.activemq.store.kahadb.disk.journal.DataFileAccessor.readRecord(DataFileAccessor.java:88) > ~[?:?] > at > org.apache.activemq.store.kahadb.disk.journal.Journal.read(Journal.java:953) > ~[?:?] > at > org.apache.activemq.store.kahadb.MessageDatabase.load(MessageDatabase.java:1197) > ~[?:?] > at > org.apache.activemq.store.kahadb.KahaDBStore.loadMessage(KahaDBStore.java:1401) > ~[?:?] > ... 74 more > {noformat} > db-54.log size: 33556877 > Note: This read would have succeeded otherwise. > Reproducible test case: > ref: https://github.com/mattrpav/activemq-jira-9254 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
[ https://issues.apache.org/jira/browse/ARTEMIS-4269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Domenico Francesco Bruscino updated ARTEMIS-4269: - Fix Version/s: 2.29.0 (was: 2.19.0) > Upgrade netty version to 4.1.92.Final > - > > Key: ARTEMIS-4269 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade >Reporter: Emmanuel Hugonnet >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.29.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Update netty version to 4.1.92.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
[ https://issues.apache.org/jira/browse/ARTEMIS-4269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718661#comment-17718661 ] ASF subversion and git services commented on ARTEMIS-4269: -- Commit 31095682ee9012c694d890e02b745b0c5ab5ca95 in activemq-artemis's branch refs/heads/main from Emmanuel Hugonnet [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=31095682ee ] ARTEMIS-4269 Update Netty from 4.1.86 to 4.1.92 Changes: https://netty.io/news/2023/04/25/4-1-92-Final.html https://netty.io/news/2023/04/03/4-1-91-Final.html https://netty.io/news/2023/03/14/4-1-90-Final.html https://netty.io/news/2023/02/13/4-1-89-Final.html https://netty.io/news/2023/02/12/4-1-88-Final.html https://netty.io/news/2023/01/12/4-1-87-Final.html Issue: https://issues.apache.org/jira/browse/ARTEMIS-4269 Signed-off-by: Emmanuel Hugonnet > Upgrade netty version to 4.1.92.Final > - > > Key: ARTEMIS-4269 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade >Reporter: Emmanuel Hugonnet >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.19.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Update netty version to 4.1.92.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
[ https://issues.apache.org/jira/browse/ARTEMIS-4269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Domenico Francesco Bruscino resolved ARTEMIS-4269. -- Resolution: Fixed > Upgrade netty version to 4.1.92.Final > - > > Key: ARTEMIS-4269 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade >Reporter: Emmanuel Hugonnet >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.19.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Update netty version to 4.1.92.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
[ https://issues.apache.org/jira/browse/ARTEMIS-4269?focusedWorklogId=860143&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860143 ] ASF GitHub Bot logged work on ARTEMIS-4269: --- Author: ASF GitHub Bot Created on: 02/May/23 17:31 Start Date: 02/May/23 17:31 Worklog Time Spent: 10m Work Description: brusdev merged PR #4463: URL: https://github.com/apache/activemq-artemis/pull/4463 Issue Time Tracking --- Worklog Id: (was: 860143) Remaining Estimate: 0h Time Spent: 10m > Upgrade netty version to 4.1.92.Final > - > > Key: ARTEMIS-4269 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade >Reporter: Emmanuel Hugonnet >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.19.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Update netty version to 4.1.92.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3968) Optionally disable Management UI HTTPS SNI host checking
[ https://issues.apache.org/jira/browse/ARTEMIS-3968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718638#comment-17718638 ] Robbie Gemmell commented on ARTEMIS-3968: - Done in ARTEMIS-4245. > Optionally disable Management UI HTTPS SNI host checking > > > Key: ARTEMIS-3968 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3968 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Web Console >Affects Versions: 2.24.0 >Reporter: Aaron Steigerwald >Assignee: Justin Bertram >Priority: Major > > The Management UI, when configured to run in HTTPS mode, returns "HTTP ERROR > 400 Invalid SNI" to the client browser if the web server's certificate > (defined in the {{bootstrap.xml}} file's web element's {{keyStorePath}} > attribute) does not contain the server's DNS name. It also prevents the > browser from using "https://localhost...";. This makes running the broker in a > dev and test environment difficult. A work around is to run it in HTTP mode > but this prevents exercising the HTTPS parameters and certificates. > I think the upgrade from Jetty 9.x to 10.x caused SNI host checking to be > enabled by default or at least more strictly enforced. > I disabled SNI host checking by modifying > {{org.apache.activemq.artemis.component.WebServerComponent}} in the following > way: > Current 2.24.0 version: > {code:java} > httpConfiguration.addCustomizer(new SecureRequestCustomizer());{code} > Modified 2.24.0 version to disable SNI host checking: > {code:java} > SecureRequestCustomizer secureRequestCustomizer = new > SecureRequestCustomizer(); > secureRequestCustomizer.setSniHostCheck(false); > httpConfiguration.addCustomizer(secureRequestCustomizer);{code} > Adding another binding attribute to the {{bootstrap.xml}} file's web element, > like "disableSniHostCheck", and using it to set > "secureRequestCustomizer.setSniHostCheck(false)" would allow a configurable > way to disable SNI host checking. > - > The following is provided for reference: > Server Name Indication (SNI) > https://stackoverflow.com/questions/69945173/http-error-400-invalid-sni-jetty-https-servlet > Search for "jetty.ssl.sniHostCheck" in > https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html > {{artemis.log}} entries: > {noformat} > 2022-08-31 21:35:39,512 WARN [org.eclipse.jetty.server.HttpChannel] > handleException /console org.eclipse.jetty.http.BadMessageException: 400: > Invalid SNI > 2022-08-31 21:35:39,560 WARN [org.eclipse.jetty.server.HttpChannel] > handleException /favicon.ico org.eclipse.jetty.http.BadMessageException: 400: > Invalid SNI{noformat} > Browser message when trying to access https://localhost:8163/console with SNI > host checking enabled and a certificate with a DNS entry that does not match > the server: > {noformat} > HTTP ERROR 400 Invalid SNI > URI: /console > STATUS: 400 > MESSAGE: Invalid SNI > SERVLET: - > CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI > Caused by: > org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI > at > org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266) > at > org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207) > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:501) > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) > at > org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138) > a
[jira] [Resolved] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robbie Gemmell resolved ARTEMIS-4245. - Fix Version/s: 2.29.0 Resolution: Fixed > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.29.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718637#comment-17718637 ] ASF subversion and git services commented on ARTEMIS-4245: -- Commit d2a4837b69ba612d46276cc2aed420c0ccd348cf in activemq-artemis's branch refs/heads/main from Domenico Francesco Bruscino [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=d2a4837b69 ] ARTEMIS-4245 Expose web SNI settings > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1.5h > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?focusedWorklogId=860137&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860137 ] ASF GitHub Bot logged work on ARTEMIS-4245: --- Author: ASF GitHub Bot Created on: 02/May/23 16:18 Start Date: 02/May/23 16:18 Worklog Time Spent: 10m Work Description: gemmellr merged PR #4441: URL: https://github.com/apache/activemq-artemis/pull/4441 Issue Time Tracking --- Worklog Id: (was: 860137) Time Spent: 1.5h (was: 1h 20m) > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1.5h > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?focusedWorklogId=860134&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860134 ] ASF GitHub Bot logged work on ARTEMIS-4245: --- Author: ASF GitHub Bot Created on: 02/May/23 16:12 Start Date: 02/May/23 16:12 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4441: URL: https://github.com/apache/activemq-artemis/pull/4441#discussion_r1182763373 ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java: ## @@ -97,6 +97,8 @@ private void testSetWebBindingProperties(WebServerDTO webServer, String bindingN properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".excludedCipherSuites", "test-excludedCipherSuites,3"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".keyStorePassword", "test-keyStorePassword"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".trustStorePassword", "test-trustStorePassword"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniHostCheck", "true"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniRequired", "true"); Review Comment: oops, for some reason I thought it was asserting the final value on WebServerComponent, not the DTO. Issue Time Tracking --- Worklog Id: (was: 860134) Time Spent: 1h 20m (was: 1h 10m) > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1h 20m > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
[ https://issues.apache.org/jira/browse/ARTEMIS-4269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emmanuel Hugonnet updated ARTEMIS-4269: --- Description: Update netty version to 4.1.92.Final (was: Update netty version to 4.1.68.Final and netty-tcnative version to 2.0.42.Final.) > Upgrade netty version to 4.1.92.Final > - > > Key: ARTEMIS-4269 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade >Reporter: Emmanuel Hugonnet >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.19.0 > > > Update netty version to 4.1.92.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (ARTEMIS-4269) Upgrade netty version to 4.1.92.Final
Emmanuel Hugonnet created ARTEMIS-4269: -- Summary: Upgrade netty version to 4.1.92.Final Key: ARTEMIS-4269 URL: https://issues.apache.org/jira/browse/ARTEMIS-4269 Project: ActiveMQ Artemis Issue Type: Dependency upgrade Reporter: Emmanuel Hugonnet Assignee: Domenico Francesco Bruscino Fix For: 2.19.0 Update netty version to 4.1.68.Final and netty-tcnative version to 2.0.42.Final. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4263) support access to our JaasCallbackhandler from a jdk http Authenticator
[ https://issues.apache.org/jira/browse/ARTEMIS-4263?focusedWorklogId=860133&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860133 ] ASF GitHub Bot logged work on ARTEMIS-4263: --- Author: ASF GitHub Bot Created on: 02/May/23 16:08 Start Date: 02/May/23 16:08 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4458: URL: https://github.com/apache/activemq-artemis/pull/4458#discussion_r1182758196 ## artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticator.java: ## @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Review Comment: sorted. thanks! ## artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticator.java: ## @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.activemq.artemis.spi.core.security.jaas; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; + +import java.nio.charset.StandardCharsets; +import java.security.Principal; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Base64; +import java.util.StringTokenizer; + +import com.sun.net.httpserver.Authenticator; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpPrincipal; +import com.sun.net.httpserver.HttpsExchange; + +/** + * delegate to our JAAS login modules by adapting our handlers to httpserver.httpExchange + */ +public class HttpServerAuthenticator extends Authenticator { + + static final String REALM_PROPERTY_NAME = "httpServerAuthenticator.realm"; + static final String REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME = "httpServerAuthenticator.requestSubjectAttribute"; + static String DEFAULT_SUBJECT_ATTRIBUTE = "org.apache.activemq.artemis.jaasSubject"; + static final String DEFAULT_REALM = "http_server_authenticator"; + static final String AUTHORIZATION_HEADER_NAME = "Authorization"; + + final String realm = System.getProperty(REALM_PROPERTY_NAME, DEFAULT_REALM); + final String subjectRequestAttribute = System.getProperty(REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME, DEFAULT_SUBJECT_ATTRIBUTE); + + @Override + public Result authenticate(HttpExchange httpExchange) { + + try { + LoginContext loginContext = new LoginContext(realm, callbacks -> { +for (Callback callback : callbacks) { + if (callback instanceof PasswordCallback) { + PasswordCallback passwordCallback = (PasswordCallback) callback; + + StringTokenizer stringTokenizer = new StringTokenizer(extractAuthHeader(httpExchange)); + String method = stringTokenizer.nextToken(); + if ("Basic".equalsIgnoreCase(method)) { + byte[] authHeaderBytes = Base64.getDecoder().decode(stringTokenizer.nextToken()); + + // :pass + byte[] password = Arrays.copyOfRange(authHeaderBytes, Arrays.binarySearch(authHeaderBytes, (byte) ':') + 1, authHeaderBytes.length); + passwordCallback.setPassword(new String(password, StandardCharsets.UTF_8).toCharArray()); + } else if ("Bearer".equalsIgnoreCase(method)) { + passwordCallback.setPassword(stringTokenizer.nextToken().toCharArray()); + } +
[jira] [Work logged] (AMQ-9254) KahaDB minor fix when db files may be larger than max length
[ https://issues.apache.org/jira/browse/AMQ-9254?focusedWorklogId=860119&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860119 ] ASF GitHub Bot logged work on AMQ-9254: --- Author: ASF GitHub Bot Created on: 02/May/23 14:34 Start Date: 02/May/23 14:34 Worklog Time Spent: 10m Work Description: mattrpav commented on PR #1004: URL: https://github.com/apache/activemq/pull/1004#issuecomment-1531592623 related: https://github.com/apache/activemq/commit/8c3ef6cadb46d9694c68aa649a7952eb1612279f Issue Time Tracking --- Worklog Id: (was: 860119) Remaining Estimate: 0h Time Spent: 10m > KahaDB minor fix when db files may be larger than max length > > > Key: AMQ-9254 > URL: https://issues.apache.org/jira/browse/AMQ-9254 > Project: ActiveMQ > Issue Type: Task >Reporter: Matt Pavlovich >Assignee: Matt Pavlovich >Priority: Minor > Time Spent: 10m > Remaining Estimate: 0h > > Log message: > {noformat} > Caused by: java.io.IOException: Invalid location size: 54:33554460, size: 2412 > at > org.apache.activemq.store.kahadb.disk.journal.DataFileAccessor.readRecord(DataFileAccessor.java:88) > ~[?:?] > at > org.apache.activemq.store.kahadb.disk.journal.Journal.read(Journal.java:953) > ~[?:?] > at > org.apache.activemq.store.kahadb.MessageDatabase.load(MessageDatabase.java:1197) > ~[?:?] > at > org.apache.activemq.store.kahadb.KahaDBStore.loadMessage(KahaDBStore.java:1401) > ~[?:?] > ... 74 more > {noformat} > db-54.log size: 33556877 > Note: This read would have succeeded otherwise. > Reproducible test case: > ref: https://github.com/mattrpav/activemq-jira-9254 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?focusedWorklogId=860103&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860103 ] ASF GitHub Bot logged work on ARTEMIS-4245: --- Author: ASF GitHub Bot Created on: 02/May/23 13:46 Start Date: 02/May/23 13:46 Worklog Time Spent: 10m Work Description: brusdev commented on code in PR #4441: URL: https://github.com/apache/activemq-artemis/pull/4441#discussion_r1182573038 ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java: ## @@ -97,6 +97,8 @@ private void testSetWebBindingProperties(WebServerDTO webServer, String bindingN properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".excludedCipherSuites", "test-excludedCipherSuites,3"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".keyStorePassword", "test-keyStorePassword"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".trustStorePassword", "test-trustStorePassword"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniHostCheck", "true"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniRequired", "true"); Review Comment: BindingDTO default values for `sniHostCheck` and `sniRequired` are `null` but using WebServerComponent non-default value should to avoid confusion. Issue Time Tracking --- Worklog Id: (was: 860103) Time Spent: 1h 10m (was: 1h) > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-3833) Distributed AMQP large messages lose JMSCorrelationID
[ https://issues.apache.org/jira/browse/ARTEMIS-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718554#comment-17718554 ] ASF subversion and git services commented on ARTEMIS-3833: -- Commit 589157ca5f7b07528e09d207282cb00a7796db67 in activemq-artemis's branch refs/heads/main from Clebert Suconic [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=589157ca5f ] ARTEMIS-4268 AMQPMessage copy constructor shouldn't copy all message annotations During redistribution, we should not copy all message annotations. In particular we should not copy any of the x-opt-ORIG annotations used on DLQ and other copies. this was broken after f632e8104bbdae1fbf3658fec47e180784e957da (ARTEMIS-3833 Preserve JMSCorrelationID of distributed AMQP large messages) The change preserved too much, and as a result of that AmqpLargeMessageRedistributionTest::testSendMessageToBroker0GetFromBroker2 is intermittently failing. There is no test in this commit as this is fixing AmqpLargeMessageRedistributionTest > Distributed AMQP large messages lose JMSCorrelationID > - > > Key: ARTEMIS-3833 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3833 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Fix For: 2.23.0 > > Time Spent: 10m > Remaining Estimate: 0h > > AMQP large messages lose JMSCorrelationID after they are distributed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4268) AMQPMessage copy constructor shouldn't copy all message annotations
[ https://issues.apache.org/jira/browse/ARTEMIS-4268?focusedWorklogId=860063&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860063 ] ASF GitHub Bot logged work on ARTEMIS-4268: --- Author: ASF GitHub Bot Created on: 02/May/23 12:27 Start Date: 02/May/23 12:27 Worklog Time Spent: 10m Work Description: clebertsuconic merged PR #4462: URL: https://github.com/apache/activemq-artemis/pull/4462 Issue Time Tracking --- Worklog Id: (was: 860063) Time Spent: 1h (was: 50m) > AMQPMessage copy constructor shouldn't copy all message annotations > --- > > Key: ARTEMIS-4268 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4268 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Clebert Suconic >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > During redistribution, we should not copy all message annotations. > In particular we should not copy any of the x-opt-ORIG annotations used on > DLQ and other copies. > this was broken after f632e8104bbdae1fbf3658fec47e180784e957da (ARTEMIS-3833 > Preserve JMSCorrelationID of distributed AMQP large messages) > The change preserved too much, and as a result of that > AmqpLargeMessageRedistributionTest::testSendMessageToBroker0GetFromBroker2 is > intermittently failing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-4268) AMQPMessage copy constructor shouldn't copy all message annotations
[ https://issues.apache.org/jira/browse/ARTEMIS-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718553#comment-17718553 ] ASF subversion and git services commented on ARTEMIS-4268: -- Commit 589157ca5f7b07528e09d207282cb00a7796db67 in activemq-artemis's branch refs/heads/main from Clebert Suconic [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=589157ca5f ] ARTEMIS-4268 AMQPMessage copy constructor shouldn't copy all message annotations During redistribution, we should not copy all message annotations. In particular we should not copy any of the x-opt-ORIG annotations used on DLQ and other copies. this was broken after f632e8104bbdae1fbf3658fec47e180784e957da (ARTEMIS-3833 Preserve JMSCorrelationID of distributed AMQP large messages) The change preserved too much, and as a result of that AmqpLargeMessageRedistributionTest::testSendMessageToBroker0GetFromBroker2 is intermittently failing. There is no test in this commit as this is fixing AmqpLargeMessageRedistributionTest > AMQPMessage copy constructor shouldn't copy all message annotations > --- > > Key: ARTEMIS-4268 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4268 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Clebert Suconic >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > During redistribution, we should not copy all message annotations. > In particular we should not copy any of the x-opt-ORIG annotations used on > DLQ and other copies. > this was broken after f632e8104bbdae1fbf3658fec47e180784e957da (ARTEMIS-3833 > Preserve JMSCorrelationID of distributed AMQP large messages) > The change preserved too much, and as a result of that > AmqpLargeMessageRedistributionTest::testSendMessageToBroker0GetFromBroker2 is > intermittently failing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4263) support access to our JaasCallbackhandler from a jdk http Authenticator
[ https://issues.apache.org/jira/browse/ARTEMIS-4263?focusedWorklogId=860056&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860056 ] ASF GitHub Bot logged work on ARTEMIS-4263: --- Author: ASF GitHub Bot Created on: 02/May/23 11:58 Start Date: 02/May/23 11:58 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4458: URL: https://github.com/apache/activemq-artemis/pull/4458#discussion_r1182446328 ## artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticator.java: ## @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.activemq.artemis.spi.core.security.jaas; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; + +import java.nio.charset.StandardCharsets; +import java.security.Principal; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Base64; +import java.util.StringTokenizer; + +import com.sun.net.httpserver.Authenticator; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpPrincipal; +import com.sun.net.httpserver.HttpsExchange; + +/** + * delegate to our JAAS login modules by adapting our handlers to httpserver.httpExchange + */ +public class HttpServerAuthenticator extends Authenticator { + + static final String REALM_PROPERTY_NAME = "httpServerAuthenticator.realm"; + static final String REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME = "httpServerAuthenticator.requestSubjectAttribute"; + static String DEFAULT_SUBJECT_ATTRIBUTE = "org.apache.activemq.artemis.jaasSubject"; + static final String DEFAULT_REALM = "http_server_authenticator"; + static final String AUTHORIZATION_HEADER_NAME = "Authorization"; + + final String realm = System.getProperty(REALM_PROPERTY_NAME, DEFAULT_REALM); + final String subjectRequestAttribute = System.getProperty(REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME, DEFAULT_SUBJECT_ATTRIBUTE); + + @Override + public Result authenticate(HttpExchange httpExchange) { + + try { + LoginContext loginContext = new LoginContext(realm, callbacks -> { +for (Callback callback : callbacks) { + if (callback instanceof PasswordCallback) { + PasswordCallback passwordCallback = (PasswordCallback) callback; + + StringTokenizer stringTokenizer = new StringTokenizer(extractAuthHeader(httpExchange)); + String method = stringTokenizer.nextToken(); + if ("Basic".equalsIgnoreCase(method)) { + byte[] authHeaderBytes = Base64.getDecoder().decode(stringTokenizer.nextToken()); + + // :pass + byte[] password = Arrays.copyOfRange(authHeaderBytes, Arrays.binarySearch(authHeaderBytes, (byte) ':') + 1, authHeaderBytes.length); + passwordCallback.setPassword(new String(password, StandardCharsets.UTF_8).toCharArray()); + } else if ("Bearer".equalsIgnoreCase(method)) { + passwordCallback.setPassword(stringTokenizer.nextToken().toCharArray()); + } + } else if (callback instanceof NameCallback) { + NameCallback nameCallback = (NameCallback) callback; + + StringTokenizer stringTokenizer = new StringTokenizer(extractAuthHeader(httpExchange)); + String method = stringTokenizer.nextToken(); + if ("Basic".equalsIgnoreCase(method)) { + byte[] authHeaderBytes = Base64.getDecoder().decode(stringTokenizer.nextToken()); + + // user: + byte[] user = Arrays.copyOfRange(authHeaderBytes, 0, Arrays.binarySearch(authHeaderBytes, (byte) ':')); + nameCallback.setName(
[jira] [Work logged] (ARTEMIS-4245) Expose web SNI settings
[ https://issues.apache.org/jira/browse/ARTEMIS-4245?focusedWorklogId=860051&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860051 ] ASF GitHub Bot logged work on ARTEMIS-4245: --- Author: ASF GitHub Bot Created on: 02/May/23 11:49 Start Date: 02/May/23 11:49 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4441: URL: https://github.com/apache/activemq-artemis/pull/4441#discussion_r1182438994 ## artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java: ## @@ -245,7 +245,10 @@ private ServerConnector createServerConnector(HttpConfiguration httpConfiguratio SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslFactory, "HTTP/1.1"); - httpConfiguration.addCustomizer(new SecureRequestCustomizer()); + SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer(); + secureRequestCustomizer.setSniHostCheck(binding.getSniHostCheck() != null ? binding.getSniHostCheck() : true); + secureRequestCustomizer.setSniRequired(binding.getSniRequired() != null ? binding.getSniRequired() : false); Review Comment: Perhaps constants for the defaults? ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/web/WebServerDTOConfigTest.java: ## @@ -97,6 +97,8 @@ private void testSetWebBindingProperties(WebServerDTO webServer, String bindingN properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".excludedCipherSuites", "test-excludedCipherSuites,3"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".keyStorePassword", "test-keyStorePassword"); properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".trustStorePassword", "test-trustStorePassword"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniHostCheck", "true"); + properties.put(ActiveMQDefaultConfiguration.getDefaultSystemWebPropertyPrefix() + "bindings." + bindingName + ".sniRequired", "true"); Review Comment: These are both being set true...meaning one is being set to its already-expected default and the other isnt. Perhaps have both set the non-default value? Issue Time Tracking --- Worklog Id: (was: 860051) Time Spent: 1h (was: 50m) > Expose web SNI settings > --- > > Key: ARTEMIS-4245 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4245 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Expose sniHostCheck and sniRequired settings in the web config. > {code:xml} > >http://localhost:8161"; sniHostCheck="false" > sniRequired="false"> > ... > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4259) JMS consumer + FQQN + selector not working
[ https://issues.apache.org/jira/browse/ARTEMIS-4259?focusedWorklogId=860047&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860047 ] ASF GitHub Bot logged work on ARTEMIS-4259: --- Author: ASF GitHub Bot Created on: 02/May/23 11:19 Start Date: 02/May/23 11:19 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4452: URL: https://github.com/apache/activemq-artemis/pull/4452#discussion_r1182398824 ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/jms/multiprotocol/JMSFQQNConsumerTest.java: ## @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.jms.multiprotocol; + +import javax.jms.Connection; +import javax.jms.Message; +import javax.jms.MessageConsumer; +import javax.jms.MessageProducer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.Topic; + +import org.apache.activemq.artemis.utils.CompositeAddress; +import org.apache.activemq.artemis.utils.RandomUtil; +import org.apache.activemq.artemis.utils.Wait; +import org.junit.Test; + +public class JMSFQQNConsumerTest extends MultiprotocolJMSClientTestSupport { + + @Test + public void testFQQNTopicConsumerWithSelectorAMQP() throws Exception { + testFQQNTopicConsumerWithSelector(AMQPConnection); + } + + @Test + public void testFQQNTopicConsumerWithSelectorOpenWire() throws Exception { + testFQQNTopicConsumerWithSelector(OpenWireConnection); + } + + @Test + public void testFQQNTopicConsumerWithSelectorCore() throws Exception { + testFQQNTopicConsumerWithSelector(CoreConnection); + } + + private void testFQQNTopicConsumerWithSelector(ConnectionSupplier supplier) throws Exception { + final String queue = "queue"; + final String address = "address"; + final String filter = "prop='value'"; + try (Connection c = supplier.createConnection()) { + Session s = c.createSession(false, Session.AUTO_ACKNOWLEDGE); + Topic t = s.createTopic(CompositeAddress.toFullyQualified(address, queue)); + MessageConsumer mc = s.createConsumer(t, filter); + Wait.assertTrue(() -> server.locateQueue(queue) != null, 2000, 100); + assertNotNull(server.locateQueue(queue).getFilter()); + assertEquals(filter, server.locateQueue(queue).getFilter().getFilterString().toString()); + } + } + + @Test + public void testFQQNQueueConsumerWithSelectorAMQP() throws Exception { + testFQQNQueueConsumerWithSelector(AMQPConnection); + } + + @Test + public void testFQQNQueueConsumerWithSelectorOpenWire() throws Exception { + testFQQNQueueConsumerWithSelector(OpenWireConnection); + } + + @Test + public void testFQQNQueueConsumerWithSelectorCore() throws Exception { + testFQQNQueueConsumerWithSelector(CoreConnection); + } + + private void testFQQNQueueConsumerWithSelector(ConnectionSupplier supplier) throws Exception { + final String queue = "queue"; + final String address = "address"; + final String prop = "prop"; + final String value = RandomUtil.randomString(); + final String filter = prop + "='" + value + "'"; + try (Connection c = supplier.createConnection()) { + Session s = c.createSession(false, Session.AUTO_ACKNOWLEDGE); + Queue q = s.createQueue(CompositeAddress.toFullyQualified(address, queue)); + MessageConsumer mc = s.createConsumer(q, filter); + Wait.assertTrue(() -> server.locateQueue(queue) != null, 2000, 100); + assertNull(server.locateQueue(queue).getFilter()); + MessageProducer p = s.createProducer(q); + Message m = s.createMessage(); + m.setStringProperty(prop, value); + p.send(m); + c.start(); + assertNotNull(mc.receive(1000)); + m = s.createMessage(); + m.setStringProperty(prop, RandomUtil.randomString()); + assertNull(mc.receive(1000)); Review Comment: The second creation+prop-set for 'm' seems unused since all it does after is check nothing is receive
[jira] [Work logged] (ARTEMIS-4259) JMS consumer + FQQN + selector not working
[ https://issues.apache.org/jira/browse/ARTEMIS-4259?focusedWorklogId=860046&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860046 ] ASF GitHub Bot logged work on ARTEMIS-4259: --- Author: ASF GitHub Bot Created on: 02/May/23 11:18 Start Date: 02/May/23 11:18 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4452: URL: https://github.com/apache/activemq-artemis/pull/4452#discussion_r1182386483 ## artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQSession.java: ## @@ -848,7 +848,7 @@ private ActiveMQMessageConsumer createConsumer(final ActiveMQDestination dest, if (!response.isExists() || !response.getQueueNames().contains(AutoCreateUtil.getCoreQueueName(session, dest.getSimpleAddress( { if (response.isAutoCreateQueues()) { try { - createQueue(dest, RoutingType.MULTICAST, dest.getSimpleAddress(), null, true, true, response); + createQueue(dest, RoutingType.MULTICAST, dest.getSimpleAddress(), coreFilterString, true, true, response); Review Comment: This only auto-creates the queue with the expected filter, if it doesnt already exist. The consumer itself (11 lines down) still has no filter. As such it will continue to erroneously consume invalid/non-matching messages for the applications specified filter, if they happen to exist on the queue. Say, either because the application has changed their filter from what the queue was created with previously, or because the queue exists without any filter at all (e.g, created by a current/previous client version that ignores the filter). The consumer should be filtered such that it only ever gets messages matching the filter used by the appliation. ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/jms/multiprotocol/JMSFQQNConsumerTest.java: ## @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.jms.multiprotocol; + +import javax.jms.Connection; +import javax.jms.Message; +import javax.jms.MessageConsumer; +import javax.jms.MessageProducer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.Topic; + +import org.apache.activemq.artemis.utils.CompositeAddress; +import org.apache.activemq.artemis.utils.RandomUtil; +import org.apache.activemq.artemis.utils.Wait; +import org.junit.Test; + +public class JMSFQQNConsumerTest extends MultiprotocolJMSClientTestSupport { + + @Test + public void testFQQNTopicConsumerWithSelectorAMQP() throws Exception { + testFQQNTopicConsumerWithSelector(AMQPConnection); + } + + @Test + public void testFQQNTopicConsumerWithSelectorOpenWire() throws Exception { + testFQQNTopicConsumerWithSelector(OpenWireConnection); + } + + @Test + public void testFQQNTopicConsumerWithSelectorCore() throws Exception { + testFQQNTopicConsumerWithSelector(CoreConnection); + } + + private void testFQQNTopicConsumerWithSelector(ConnectionSupplier supplier) throws Exception { + final String queue = "queue"; + final String address = "address"; + final String filter = "prop='value'"; + try (Connection c = supplier.createConnection()) { + Session s = c.createSession(false, Session.AUTO_ACKNOWLEDGE); + Topic t = s.createTopic(CompositeAddress.toFullyQualified(address, queue)); + MessageConsumer mc = s.createConsumer(t, filter); + Wait.assertTrue(() -> server.locateQueue(queue) != null, 2000, 100); + assertNotNull(server.locateQueue(queue).getFilter()); + assertEquals(filter, server.locateQueue(queue).getFilter().getFilterString().toString()); + } + } + + @Test + public void testFQQNQueueConsumerWithSelectorAMQP() throws Exception { + testFQQNQueueConsumerWithSelector(AMQPConnection); + } + + @Test + public void testFQQNQueueConsumerWithSelectorOpenWire() throws Exception { + testFQQNQueueConsumerWith
[jira] [Work logged] (ARTEMIS-4251) Support CORE client failover to other live servers
[ https://issues.apache.org/jira/browse/ARTEMIS-4251?focusedWorklogId=860024&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860024 ] ASF GitHub Bot logged work on ARTEMIS-4251: --- Author: ASF GitHub Bot Created on: 02/May/23 09:21 Start Date: 02/May/23 09:21 Worklog Time Spent: 10m Work Description: brusdev commented on code in PR #4447: URL: https://github.com/apache/activemq-artemis/pull/4447#discussion_r1182305601 ## docs/user-manual/en/client-reconnection.md: ## @@ -89,9 +89,20 @@ Client reconnection is configured using the following parameters: ridiculously large values. By setting this parameter you can set an upper limit on that value. The default value is `2000` milliseconds. +- `ha`. This optional parameter determines weather the client will try to + reconnect to the backup node when the live node is not reachable. + The default value is `false`. + For more information on HA, please see [High Availability and Failover](ha.md). + - `reconnectAttempts`. This optional parameter determines the total number of - reconnect attempts to make before giving up and shutting down. A value of - `-1` signifies an unlimited number of attempts. The default value is `0`. + reconnect attempts to make to the current live/backup pair before giving up. Review Comment: done Issue Time Tracking --- Worklog Id: (was: 860024) Time Spent: 1h 20m (was: 1h 10m) > Support CORE client failover to other live servers > -- > > Key: ARTEMIS-4251 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4251 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1h 20m > Remaining Estimate: 0h > > The CORE clients support failover only reconnecting to the current > live/backup pair. Improve the CORE client failover connecting to other live > servers when all reconnect attempts fails, i.e. in a cluster composed of 2 > live servers, when the server to which the CORE client is connected goes down > the CORE client should reconnect its sessions to the other liver broker. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4251) Support CORE client failover to other live servers
[ https://issues.apache.org/jira/browse/ARTEMIS-4251?focusedWorklogId=860023&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860023 ] ASF GitHub Bot logged work on ARTEMIS-4251: --- Author: ASF GitHub Bot Created on: 02/May/23 09:20 Start Date: 02/May/23 09:20 Worklog Time Spent: 10m Work Description: brusdev commented on code in PR #4447: URL: https://github.com/apache/activemq-artemis/pull/4447#discussion_r1182305228 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/client/ServerLocator.java: ## @@ -653,6 +653,21 @@ ClientSessionFactory createSessionFactory(TransportConfiguration transportConfig */ int getInitialConnectAttempts(); + /** +* Sets the maximum number of attempts to establish a connection after a failed reconnection. Review Comment: done, thanks for the suggestion Issue Time Tracking --- Worklog Id: (was: 860023) Time Spent: 1h 10m (was: 1h) > Support CORE client failover to other live servers > -- > > Key: ARTEMIS-4251 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4251 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Domenico Francesco Bruscino >Assignee: Domenico Francesco Bruscino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > The CORE clients support failover only reconnecting to the current > live/backup pair. Improve the CORE client failover connecting to other live > servers when all reconnect attempts fails, i.e. in a cluster composed of 2 > live servers, when the server to which the CORE client is connected goes down > the CORE client should reconnect its sessions to the other liver broker. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4263) support access to our JaasCallbackhandler from a jdk http Authenticator
[ https://issues.apache.org/jira/browse/ARTEMIS-4263?focusedWorklogId=860021&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860021 ] ASF GitHub Bot logged work on ARTEMIS-4263: --- Author: ASF GitHub Bot Created on: 02/May/23 09:16 Start Date: 02/May/23 09:16 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4458: URL: https://github.com/apache/activemq-artemis/pull/4458#discussion_r1182300460 ## artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/AuthenticatorAdapter.java: ## @@ -0,0 +1,128 @@ +/** Review Comment: aah, ok, was looking at the wrong place. see the extra * in the licence template. sorted. thanks Issue Time Tracking --- Worklog Id: (was: 860021) Time Spent: 1h 50m (was: 1h 40m) > support access to our JaasCallbackhandler from a jdk http Authenticator > --- > > Key: ARTEMIS-4263 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4263 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: JAAS >Affects Versions: 2.28.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > > To allow the jolokia jvm agent to utilise jaas with our callback handler, it > is necessary to provide a wrapper that is aware of the capabilities of the > various artemis login modules and provide the necessary callback > implementation > httpserver supports an extension point in the form of a > {{com.sun.net.httpserver.Authenticator}} that we can use. the jolokia jvm > agent has an authenticator that does jaas but is limited to plain > credentials. We can plug in a similar Artemis jaas delegating authenticator > and do proper rbac when the jolokia jvm agent is in play. > This will allow us to reduce the surface are that we expose to support > jolokia, avoiding the need for jetty. > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-4264) MQTT v5 request-response with correlation ID
[ https://issues.apache.org/jira/browse/ARTEMIS-4264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718471#comment-17718471 ] Daniel Martin commented on ARTEMIS-4264: {color:#172b4d}Thanks for looking into it. No particularly strong feelings here. I'd just choose a certain character encoding, say UTF-8, and call {{getBytes(charset)}} / {{new String(bytes, charset)}} to do the conversion.{color} > MQTT v5 request-response with correlation ID > > > Key: ARTEMIS-4264 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4264 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Daniel Martin >Priority: Major > > When sending messages from a JMS producer (ActiveMQ) to a MQTT consumer > (HiveMQ), using `setJMSReplyTo()` and `setJMSCorrelationID()` on the sending > side and `getResponseTopic()` and `getCorrelationData()` on the receiving > side, this information is not received by MQTT. > It seem to me that both protocols are pretty translatable into one another, > having pretty much the same concepts: > * > [https://activemq.apache.org/how-should-i-implement-request-response-with-jms] > * > [https://hivemq.com/blog/mqtt5-essentials-part9-request-response-pattern|https://www.hivemq.com/blog/mqtt5-essentials-part9-request-response-pattern] > I'd additionally ask: is MQTT version 5 truly supported? To what extent? -- This message was sent by Atlassian Jira (v8.20.10#820010)