Modified: websites/production/activemq/content/run-broker.html
==============================================================================
--- websites/production/activemq/content/run-broker.html (original)
+++ websites/production/activemq/content/run-broker.html Sat Jun 27 21:23:55
2015
@@ -32,15 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Run Broker
@@ -82,44 +73,31 @@
<tr>
<td valign="top" width="100%">
<div class="wiki-content maincontent"><h1
id="RunBroker-RunninganActiveMQBroker">Running an ActiveMQ Broker</h1><p>Note
if you want to use an <strong>embedded broker</strong> then see <a shape="rect"
href="how-do-i-embed-a-broker-inside-a-connection.html">How do I embed a Broker
inside a Connection</a></p><p>This page describes how to run a broker using 4.x
or later of ActiveMQ.</p><p>The <a shape="rect" href="download.html">binary
distribution</a> of ActiveMQ comes with a script called 'activemq' which allows
you to run a broker. Typing the following will run an ActiveMQ Broker using the
out of the box configuration</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq
]]></script>
</div></div><p>There are a number of different command line options to be able
to run a broker. To see them type</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq -?
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq -?
]]></script>
</div></div><p>For more details regarding the activemq script file and other
script files refer to <a shape="rect"
href="activemq-command-line-tools-reference.html">ActiveMQ Command Line Tools
Reference</a></p><p>You can then use a <a shape="rect"
href="broker-configuration-uri.html">Broker Configuration URI</a> to specify
how to start and configure your broker using a single URI. For example</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq
broker:(tcp://localhost:61616,network:static:tcp://remotehost:61616)?persistent=false&useJmx=true
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq
broker:(tcp://localhost:61616,network:static:tcp://remotehost:61616)?persistent=false&useJmx=true
]]></script>
</div></div><p>Or you can a <a shape="rect"
href="broker-xbean-uri.html">Broker XBean URI</a> to customize the Message
Broker using the <a shape="rect" href="xml-configuration.html">Xml
Configuration</a> to suit your needs. You can run a broker with a specific XML
configuration as</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq xbean:foo.xml
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq xbean:foo.xml
]]></script>
</div></div><p>Or you can use a <a shape="rect"
href="broker-properties-uri.html">Broker Properties URI</a> to customize the
Message Broker using a properties file; which avoids the dependency on Spring,
xbean-spring and XML.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq properties:foo.properties
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq properties:foo.properties
]]></script>
-</div></div> <div class="aui-message problem shadowed information-macro">
- <p class="title">Unix shell warning</p>
- <span class="aui-icon icon-problem">Icon</span>
- <div class="message-content">
- <p>If you are running a broker on a remote unix
machine via telnet/ssh, when you exit your shell the broker will terminate too.
If you want to keep the broker running you may want to use the /etc/init.d type
services to run the broker. Or try use <strong>nohup</strong>. e.g.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[nohup activemq > /dev/null &
+</div></div><div class="confluence-information-macro
confluence-information-macro-warning"><p class="title">Unix shell
warning</p><span class="aui-icon aui-icon-small aui-iconfont-error
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>If you are running a broker on a
remote unix machine via telnet/ssh, when you exit your shell the broker will
terminate too. If you want to keep the broker running you may want to use the
/etc/init.d type services to run the broker. Or try use <strong>nohup</strong>.
e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[nohup activemq > /dev/null &
]]></script>
-</div></div>
- </div>
- </div>
-<h3 id="RunBroker-RunningthebrokerasaUnixService">Running the broker as a Unix
Service</h3><p>See the <a shape="rect" href="unix-service.html">Unix
Service</a> for details.</p><h3
id="RunBroker-RunningthebrokerusingtheJavaServiceWrapperImplementation">Running
the broker using the Java Service Wrapper Implementation</h3><p>See the <a
shape="rect" href="java-service-wrapper.html">Java Service Wrapper Page</a> for
details.</p><h3 id="RunBroker-Monitoringthebroker">Monitoring the
broker</h3><p>You can monitor ActiveMQ using the <a shape="rect"
href="web-console.html">Web Console</a> by pointing your browser at</p><p><a
shape="rect" class="external-link" href="http://localhost:8161/admin";
rel="nofollow">http://localhost:8161/admin</a></p> <div class="aui-message
hint shadowed information-macro">
- <span class="aui-icon icon-hint">Icon</span>
- <div class="message-content">
- <p>From ActiveMQ 5.8 onwards the web apps is
secured out of the box.<br clear="none"> The default username and password is
admin/admin. You can configure this in the conf/jetty-real.properties file.</p>
- </div>
- </div>
-<p>Or you can use the <a shape="rect" href="jmx.html">JMX</a> support to view
the running state of ActiveMQ.</p><p>For more information see the file
<code>docs/WebConsole-README.txt</code> in the distribution.</p><h3
id="RunBroker-RunningthebrokerinsideaServletEngine">Running the broker inside a
Servlet Engine</h3><p>See the source code (or WAR) of the <a shape="rect"
href="web-console.html">Web Console</a> for an example of how to run the broker
inside a web application using Spring.</p><h3
id="RunBroker-RunningthebrokerinsideyourJ2EE1.4ApplicationServer">Running the
broker inside your J2EE 1.4 Application Server</h3><p>Whether its Apache
Geronmio, JBoss 4, WebLogic 9 or some other J2EE 1.4 container you should be
able to just reconfigure and then deploy the activemq-*.rar which is included
in the binary distribution as a deployment unit in your app server. By default
the rar is not configured to start an embedded broker. But by setting the
brokerXmlConfig on the resource adapter c
onfiguration, the resource adapter will start an embedded broker.</p><p>For
more details see <a shape="rect" href="j2ee.html">J2EE</a></p><h3
id="RunBroker-Runningthebrokerfromthesourcecode">Running the broker from the
source code</h3><p>From the latest <a shape="rect"
href="source.html">checkout</a> of the code you can run a broker using the <a
shape="rect" href="activemq-performance-module-users-manual.html">ActiveMQ
Performance Plugin</a></p><h3 id="RunBroker-Runningthebrokerfrommaven">Running
the broker from maven</h3><p>You can download and install the ActiveMQ Startup
Maven Plugin via the following command if you are in a directory with a
pom.xml. More detailed usage <a shape="rect"
href="maven2-activemq-broker-plugin.html">here</a></p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[mvn
org.apache.activemq.tooling:maven-activemq-plugin:5.0-SNAPSHOT:run
+</div></div></div></div><h3
id="RunBroker-RunningthebrokerasaUnixService">Running the broker as a Unix
Service</h3><p>See the <a shape="rect" href="unix-service.html">Unix
Service</a> for details.</p><h3
id="RunBroker-RunningthebrokerusingtheJavaServiceWrapperImplementation">Running
the broker using the Java Service Wrapper Implementation</h3><p>See the <a
shape="rect" href="java-service-wrapper.html">Java Service Wrapper Page</a> for
details.</p><h3 id="RunBroker-Monitoringthebroker">Monitoring the
broker</h3><p>You can monitor ActiveMQ using the <a shape="rect"
href="web-console.html">Web Console</a> by pointing your browser at</p><p><a
shape="rect" class="external-link" href="http://localhost:8161/admin";
rel="nofollow">http://localhost:8161/admin</a></p><div
class="confluence-information-macro
confluence-information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body
"><p>From ActiveMQ 5.8 onwards the web apps is secured out of the box.<br
clear="none"> The default username and password is admin/admin. You can
configure this in the conf/jetty-real.properties file.</p></div></div><p>Or you
can use the <a shape="rect" href="jmx.html">JMX</a> support to view the running
state of ActiveMQ.</p><p>For more information see the file
<code>docs/WebConsole-README.txt</code> in the distribution.</p><h3
id="RunBroker-RunningthebrokerinsideaServletEngine">Running the broker inside a
Servlet Engine</h3><p>See the source code (or WAR) of the <a shape="rect"
href="web-console.html">Web Console</a> for an example of how to run the broker
inside a web application using Spring.</p><h3
id="RunBroker-RunningthebrokerinsideyourJ2EE1.4ApplicationServer">Running the
broker inside your J2EE 1.4 Application Server</h3><p>Whether its Apache
Geronmio, JBoss 4, WebLogic 9 or some other J2EE 1.4 container you should be
able to just reconfigure and then deploy the activemq-*.
rar which is included in the binary distribution as a deployment unit in your
app server. By default the rar is not configured to start an embedded broker.
But by setting the brokerXmlConfig on the resource adapter configuration, the
resource adapter will start an embedded broker.</p><p>For more details see <a
shape="rect" href="j2ee.html">J2EE</a></p><h3
id="RunBroker-Runningthebrokerfromthesourcecode">Running the broker from the
source code</h3><p>From the latest <a shape="rect"
href="source.html">checkout</a> of the code you can run a broker using the <a
shape="rect" href="activemq-performance-module-users-manual.html">ActiveMQ
Performance Plugin</a></p><h3 id="RunBroker-Runningthebrokerfrommaven">Running
the broker from maven</h3><p>You can download and install the ActiveMQ Startup
Maven Plugin via the following command if you are in a directory with a
pom.xml. More detailed usage <a shape="rect"
href="maven2-activemq-broker-plugin.html">here</a></p><div class="code panel
pdl" s
tyle="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[mvn
org.apache.activemq.tooling:maven-activemq-plugin:5.0-SNAPSHOT:run
]]></script>
</div></div><p>You can also include it the pom and run it using:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[mvn activemq:run
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[mvn activemq:run
]]></script>
</div></div><h2 id="RunBroker-HandlingJMSbrokersgoingdown">Handling JMS
brokers going down</h2><p>A common requirement is that if the JMS broker goes
down you want to automatically detect the failure and try to reconnect under
the covers so that your application does not have to worry about
reconnection.</p><p>There is detailed documentation on this in <a shape="rect"
href="configuring-transports.html">Configuring Transports</a>;
briefly...</p><p>Just change your connection URI in 4.x to</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[failover:tcp://host:port
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[failover:tcp://host:port
]]></script>
</div></div><p>And the JMS client will auto-reconnect to the broker if it is
shutdown and restarted later on.</p></div>
</td>
Modified: websites/production/activemq/content/runtime-configuration.html
==============================================================================
--- websites/production/activemq/content/runtime-configuration.html (original)
+++ websites/production/activemq/content/runtime-configuration.html Sat Jun 27
21:23:55 2015
@@ -32,15 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Runtime Configuration
@@ -88,7 +79,7 @@ The addition of a new store could entail
<p>The plugin is configured via the broker xml configuration as follows:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[<broker
xmlns="http://activemq.apache.org/schema/core"
start="false" ... >
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<broker
xmlns="http://activemq.apache.org/schema/core"
start="false" ... >
<plugins>
<runtimeConfigurationPlugin checkPeriod="1000" />
</plugins>
Modified: websites/production/activemq/content/sample-camel-routes.html
==============================================================================
--- websites/production/activemq/content/sample-camel-routes.html (original)
+++ websites/production/activemq/content/sample-camel-routes.html Sat Jun 27
21:23:55 2015
@@ -32,15 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushXml.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Sample Camel Routes
@@ -84,7 +75,7 @@
<div class="wiki-content maincontent"><h3
id="SampleCamelRoutes-ExampleofaconfigurationthatshowhowtouseCamelrouteswithJuelandXpath.">Example
of a configuration that show how to use Camel routes with Juel and Xpath.</h3>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<beans>
<!-- Allows us to use system properties as variables in this
configuration file -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
Modified: websites/production/activemq/content/scaling-queues.html
==============================================================================
--- websites/production/activemq/content/scaling-queues.html (original)
+++ websites/production/activemq/content/scaling-queues.html Sat Jun 27
21:23:55 2015
@@ -32,15 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Scaling Queues
@@ -82,7 +73,7 @@
<tr>
<td valign="top" width="100%">
<div class="wiki-content maincontent"><p>Scaling to tens of thousands of
Queues in a single broker is relatively straightforward - but requires some
configuration changes from the default.</p><h2
id="ScalingQueues-ReducingThreads">Reducing Threads</h2><p>With the default
configuration, ActiveMQ is configured to use a dispatch thread per Queue - you
can use set the optimizedDispatch property on the destination policy entry -
see <a shape="rect" href="per-destination-policies.html">configuring
Queues</a>.</p><p>ActiveMQ can optionally use internally a thread pool to
control dispatching of messages - but as a lot of deployment operating systems
are good at handling a large number of threads, this is off by default. To
enable this option, either set the ACTIVEMQ_OPTS to disable dedicated task
runners in the start up script, INSTALL_DIR/bin/activemq -e.g.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ACTIVEMQ_OPTS="-Xmx512M
-Dorg.apache.activemq.UseDedicatedTaskRunner=false"
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[ACTIVEMQ_OPTS="-Xmx512M
-Dorg.apache.activemq.UseDedicatedTaskRunner=false"
]]></script>
</div></div><p>or you can set ACTIVEMQ_OPTS in /etc/activemq.conf.</p><p>To
reduce the number of threads used for the transport - take a look at using the
NIO transport - see <a shape="rect"
href="configuring-transports.html">Configuring Transports</a></p><p>Here is an
<a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/assembly/src/sample-conf/activemq-scalability.xml";>example</a>
of this in use in one of the provided sample broker configuration
files.</p><h2 id="ScalingQueues-ReducingMemoryConsumption">Reducing Memory
Consumption</h2><p>Reduce the memory used per thread - see <a shape="rect"
href="javalangoutofmemory.html">reducing memory consumption</a></p><h2
id="ScalingQueues-Reducenumberoffiledescriptors">Reduce number of file
descriptors</h2><p>ActiveMQ uses the amqPersistenceAdapter by default for
persistent messages. Unfortunately, this persistence adapter (as well as the
kahaPersistenceAdapter) opens a file descriptor for each queue.
When creating large numbers of queues, you'll quickly run into the limit for
your OS.</p><p>You can either choose another <a shape="rect"
href="persistence.html">persistence option</a></p><p>or - try out the new <a
shape="rect" href="kahadb.html">KahaDB</a> in version 5.3 and higher</p><h2
id="ScalingQueues-Increasethelimitonfiledescriptorsperprocess">Increase the
limit on file descriptors per process</h2><p>Try <a shape="rect"
class="external-link" href="http://tinyurl.com/o9qs2f"; rel="nofollow">googling
for the OS you are using</a></p></div>
</td>
Modified: websites/production/activemq/content/security-advisories.html
==============================================================================
--- websites/production/activemq/content/security-advisories.html (original)
+++ websites/production/activemq/content/security-advisories.html Sat Jun 27
21:23:55 2015
@@ -72,7 +72,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2
id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2">CVE-2014-3600</a>
- Apache ActiveMQ XXE with XPath selectors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2">CVE-2014-3612</a>
- ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and
Wildcard Interpretation</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2">CVE-2014-8110</a>
- <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site
Scripting</span><br clear="none"><span style="line-height: 1.4285715;"><br
clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQA
pollo"><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3
id="SecurityAdvisories-2014.1"><span style="line-height:
1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span
style="line-height: 1.4285715;"> </span></span><a shape="rect"
href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2">CVE-2014-3579</a><span
style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath
selectors</span></li></ul><p><span style="line-height:
1.4285715;"> </span></p></div>
+<div class="wiki-content maincontent"><h2
id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2"
data-linked-resource-id="52035730" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3600-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="1">CVE-2014-3600</a> - Apache
ActiveMQ XXE with XPath selectors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2"
data-linked-resource-id="52035731" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3612-announce
ment.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="1">CVE-2014-3612</a> - ActiveMQ
JAAS: LDAPLoginModule allows empty password authentication and Wildcard
Interpretation</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2"
data-linked-resource-id="52035732" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-8110-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="1">CVE-2014-8110</a> - <span
style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site
Scripting</span><br clear="none"><span style="line-height: 1.4285715;"><br
clear="none"></span></li></ul><h2 id="SecurityAdviso
ries-ActiveMQApollo"><span style="line-height: 1.4285715;">ActiveMQ
Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span style="line-height:
1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span
style="line-height: 1.4285715;"> </span></span><a shape="rect"
href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2"
data-linked-resource-id="52035737" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3579-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="1">CVE-2014-3579</a><span
style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath
selectors</span></li></ul><p><span style="line-height:
1.4285715;"> </span></p></div>
</td>
<td valign="top">
<div class="navigation">
Modified: websites/production/activemq/content/security.html
==============================================================================
--- websites/production/activemq/content/security.html (original)
+++ websites/production/activemq/content/security.html Sat Jun 27 21:23:55 2015
@@ -32,17 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushXml.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushPlain.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Security
@@ -84,7 +73,7 @@
<tr>
<td valign="top" width="100%">
<div class="wiki-content maincontent"><p>ActiveMQ 4.x and greater provides
pluggable security through various different providers.</p><p>The most common
providers are</p><ul><li><a shape="rect" class="external-link"
href="http://java.sun.com/products/jaas/"; rel="nofollow">JAAS</a> for
authentication</li><li>a default authorization mechanism using a simple XML
configuration file.</li></ul><h3
id="Security-Authentication">Authentication</h3><p>The default <a shape="rect"
class="external-link" href="http://java.sun.com/products/jaas/";
rel="nofollow">JAAS</a> plugin relies on the standard JAAS mechanism for
authentication. Refer to the <a shape="rect" class="external-link"
href="http://java.sun.com/products/jaas/reference/docs/index.html";
rel="nofollow">documentation</a> for more detail.</p><p>Typically you configure
JAAS using a config file like <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/login.config
">this one</a> and set the <strong>java.security.auth.login.config</strong>
system property to point to it. If no system property is specified then by
default the ActiveMQ JAAS plugin will look for <strong>login.config</strong> on
the classpath and use that.</p><h4
id="Security-AuthenticationExample">Authentication Example</h4><p>Here is an
example <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/login.config";>login.config</a>
which then points to these files</p><ul><li><a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/users.properties";>users.properties</a></li><li><a
shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/groups.properties";>groups.properties</a></li></ul><h4
id="Security-SimpleAut
henticationPlugin">Simple Authentication Plugin</h4><p>If you have modest
authentication requirements (or just want to quickly set up your testing
environment) you can use SimpleAuthenticationPlugin. With this plugin you can
define users and groups directly in the broker's XML configuration. Take a look
at the following snippet for example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<simpleAuthenticationPlugin>
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system"
password="manager"
groups="users,admins"/>
@@ -95,7 +84,7 @@
</simpleAuthenticationPlugin>
]]></script>
</div></div><p>Users and groups defined in this way can be later used with the
appropriate authorization plugin.</p><h5
id="Security-Anonymousaccess">Anonymous access</h5><p>From version 5.4.0
onwards, you can configure simple authentication plugin to allow anonymous
access to the broker.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<simpleAuthenticationPlugin
anonymousAccessAllowed="true">
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<simpleAuthenticationPlugin
anonymousAccessAllowed="true">
<users>
<authenticationUser username="system"
password="manager"
groups="users,admins"/>
@@ -106,7 +95,7 @@
</simpleAuthenticationPlugin>
]]></script>
</div></div><p>To allow anonymous access to the broker, use
<code>anonymousAccessAllowed</code> attribute and set it to <code>true</code>
as shown above. Now, when the client connects without username and password
provided, a default username (<code>anonymous</code>) and group
(<code>anonymous</code>) will be assigned to its security context. You can use
this username and password to authorize client's access to appropriate broker
resources (see the next section). You can also change username and group that
will be assigned to <em>anonymous</em> users by using
<code>anonymousUser</code> and <code>anonymousGroup</code> attributes.</p><h3
id="Security-Authorization">Authorization</h3><p>In ActiveMQ we use a number of
operations which you can associate with user roles and either individual queues
or topics or you can use wildcards to attach to hierarchies of topics and
queues.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="conflu
enceTh"><p>Operation</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>read</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>You can browse and consume from the
destination</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>write</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>You can send messages to the
destination</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>admin</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>You can lazily create the destination if it does not
yet exist. This allows you fine grained control over which new destinations can
be dynamically created in what part of the queue/topic
hierarchy</p></td></tr></tbody></table></div><p>Queues/Topics can specified
using the ActiveMQ <a shape="rect" href="wildcards.html">Wildcards</a>
syntax.</p><h4 id="Security-AuthorizationExample">Authorization Example</h4>
<p>The following <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/jaas-broker.xml";>example</a>
shows these 2 plugins in operation. Though note its very easy to write your
own plugin.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
@@ -151,7 +140,7 @@
</beans>
]]></script>
</div></div><p><strong>Note</strong> that full access rights should generally
be given to the ActiveMQ.Advisory destinations because by default an
ActiveMQConnection uses destination advisories to get early knowledge of temp
destination creation and deletion. In addition, dynamic network connectors use
advisories to determine consumer demand.<br clear="none"> If necessary, the use
of advisories in this manner can be disabled via the
<em>watchTopicAdvisories</em> boolean attribute of ActiveMQConnectionFactory
and for a networkConnector, via the network connector
<em>staticBridge</em>(5.6) boolean attribute.</p><h3
id="Security-Broker-to-BrokerAuthenticationandAuthorization">Broker-to-Broker
Authentication and Authorization</h3><p>If you have enabled authentication for
a particular message broker, then other brokers that wish to connect to that
broker must provide the proper authentication credentials via their
<networkConnector> element. For example, suppose that we have a netw
ork of brokers with the following configuration:</p><ul
class="alternate"><li>The network of brokers comprises two brokers (BrokerA and
BrokerB)</li><li>Authentication for BrokerA has been enabled via the example
<simpleAuthenticationPlugin> element.</li><li>Authentication for BrokerB
has not been enabled.</li><li>BrokerA only listens for connections. In other
words, BrokerA has a <transportConnector> element, but no
<networkConnector> elements.</li></ul><p>In order for BrokerB to connect
to BrokerA, the corresponding <networkConnector> element in BrokerB's XML
configuration file must be set up as follows.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<networkConnectors>
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<networkConnectors>
<networkConnector name="brokerAbridge"
userName="user"
password="password"
@@ -159,7 +148,7 @@
</networkConnectors>
]]></script>
</div></div><p>Note how BrokerB's <networkConnector> element must
provide the proper credentials in order to connect to BrokerA. If authorization
has been enabled on BrokerA, then the userName assigned to the
<networkConnector> element must also have the proper authorization
credentials. Messages cannot be forwarded from BrokerB to BrokerA if BrokerA
has authorization enabled and BrokerB's corresponding <networkConnector>
element's userName has not been given the proper authorization
credentials.</p><p>Also, if BrokerA is given a <networkConnector> element
so that it can initiate a connection to BrokerB, then that
<networkConnector> must be given a userName/password combination that is
defined in the <simpleAuthenticationPlugin> element; this is required
even though BrokerB does not have authentication services enabled.</p><h3
id="Security-ControllingAccessToTemporaryDestinations">Controlling Access To
Temporary Destinations</h3><p>To control acce
ss to temporary destinations, you will need to add a
<tempDestinationAuthorizationEntry> element to the authorizationMap.
Through this element, you control access to all temporary destinations. If this
element is not present, read, write, and admin privileges for temporary
destinations will be granted to all. In the example below, read, write, and
admin privileges for temporary destinations are only granted to those clients
that have been assigned to the 'admin' group.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<broker>
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<broker>
..
<plugins>
..
@@ -181,14 +170,8 @@
..
</broker>
]]></script>
-</div></div><h3 id="Security-LDAPAuthenticationUsingtheJAASPlugin">LDAP
Authentication Using the JAAS Plugin</h3> <div class="aui-message hint
shadowed information-macro">
- <span class="aui-icon icon-hint">Icon</span>
- <div class="message-content">
- <p>A new/better ldap authorization module is
available since 5.6. See <a shape="rect"
href="cached-ldap-authorization-module.html">Cached LDAP Authorization
Module</a> for more info.</p>
- </div>
- </div>
-<p>1. Configure the JAAS LDAPLoginModule and the LDAPAuthorizationMap in
activemq.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[ <plugins>
+</div></div><h3 id="Security-LDAPAuthenticationUsingtheJAASPlugin">LDAP
Authentication Using the JAAS Plugin</h3><div
class="confluence-information-macro
confluence-information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>A new/better ldap authorization
module is available since 5.6. See <a shape="rect"
href="cached-ldap-authorization-module.html">Cached LDAP Authorization
Module</a> for more info.</p></div></div><p>1. Configure the JAAS
LDAPLoginModule and the LDAPAuthorizationMap in activemq.xml:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[ <plugins>
<!-- use JAAS to authenticate using the login.config file on the
classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="LdapConfiguration"
/>
<!-- lets configure a destination based role/group authorization
mechanism -->
@@ -221,7 +204,7 @@
</plugins>
]]></script>
</div></div><p>2. Configure the JAAS login.config (I haven't de-duplicated the
config yet):</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
LdapConfiguration {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
@@ -243,7 +226,7 @@ LdapConfiguration {
};
]]></script>
</div></div><p>3. Import the following LDIF file into the LDAP server:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[version: 1
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[version: 1
#
# Sample LDIF for ActiveMQ LDAP authentication and authorisation
@@ -414,7 +397,7 @@ objectClass: simpleSecurityObject
objectClass: top
]]></script>
</div></div><p>4. Start up ActiveMQ</p><p>5. Test it out</p><h3
id="Security-SecurityandActiveMQComponents">Security and ActiveMQ
Components</h3><p>Along with the message broker, you can optionally execute
several additional "components", such as Camel and/or the Web console. These
components establish connections with the broker; therefore, if you have
secured your broker (i.e., enabled authentication), you will have to configure
these components in order to have them provide the required security
credentials (username, password) when they connect to the broker.</p><h4
id="Security-Camel">Camel</h4><p>You may have the following Camel context
defined in your broker's XML configuration file.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<!--
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<!--
** Lets deploy some Enterprise Integration Patterns inside the ActiveMQ
Message Broker
** For more details see
**
@@ -429,10 +412,10 @@ objectClass: top
</camelContext>
]]></script>
</div></div><p>The above configuration is not set up to work within a secure
environment.</p><p>If the application is running in an OSGi container, add the
following line before the CamelContext definition:</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<osgi:reference id="activemq"
interface="org.apache.camel.Component" />
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<osgi:reference id="activemq"
interface="org.apache.camel.Component" />
]]></script>
</div></div><p>This allows any pre-configured instance of the
ActiveMQComponent deployed in the container to take precedence on the default
ActiveMQComponent.</p><p>That is, with the above configuration, Camel will
establish a connection with ActiveMQ, but will not provide a username and
password. Therefore, when ActiveMQ security is enabled, the above configuration
results in a security exception. The exception will be thrown multiple times,
because Camel will continue to retry the connection. If you're not using Camel,
comment out the above XML code. If you are using Camel, add the following bean
definition to your broker's XML configuration:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<!-- configure the camel activemq
component to use the current broker -->
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<!-- configure the camel activemq
component to use the current broker -->
<bean id="activemq"
class="org.apache.activemq.camel.component.ActiveMQComponent" >
<property name="connectionFactory">
<bean
class="org.apache.activemq.ActiveMQConnectionFactory">
@@ -444,21 +427,21 @@ objectClass: top
</bean>
]]></script>
</div></div><p>With the above bean definition, Camel will pass the specified
security credentials when it connects to the broker.</p><p>If the broker is
running in an OSGi container, add the following line after the
ActiveMQComponent bean definition:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<service ref="activemq"
interface="org.apache.camel.Component"/>
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<service ref="activemq"
interface="org.apache.camel.Component"/>
]]></script>
</div></div><h4 id="Security-WebConsole">Web Console</h4><p>If you want to use
the Web Console with a secured broker, you have to change
<code>connectionFactory</code> bean in your
<code>webapps/admin/WEB-INF/webconsole-embeded.xml</code> to something like
this:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<bean id="connectionFactory"
class="org.apache.activemq.ActiveMQConnectionFactory">
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<bean id="connectionFactory"
class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL"
value="vm://localhost"/>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
</bean>
]]></script>
</div></div><h4 id="Security-DefaultCredentials">Default
Credentials</h4><p>Starting with version 5.3, all of the above configuration
details are included in the default ActiveMQ configuration. Also, there is a
central place where you can set credentials that these components will use to
connect to the broker. Just set your desired username and password in the
<code>conf/credentials.properties</code> file, which by default looks like
this:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[activemq.username=system
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[activemq.username=system
activemq.password=manager
]]></script>
</div></div><h4 id="Security-EncryptedPasswords">Encrypted Passwords</h4><p>As
of version 5.4.1 you can also use <a shape="rect"
href="encrypted-passwords.html">Encrypted passwords</a> with your broker</p><h3
id="Security-MessagelevelAuthorization">Message level Authorization</h3><p>We
have a configurable MessageAuthorizationPolicy to allow you to authorize each
message using some content based authorization policy of your choosing. To
enable this policy configure on the broker directly using the *
messageAuthorizationPolicy* property or add it to the XML as follows</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<broker>
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<broker>
..
<messageAuthorizationPolicy>
<bean class="com.acme.MyMessageAuthorizationPolicy"
xmlns=""/>
Modified: websites/production/activemq/content/selectors.html
==============================================================================
--- websites/production/activemq/content/selectors.html (original)
+++ websites/production/activemq/content/selectors.html Sat Jun 27 21:23:55 2015
@@ -32,15 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Selectors
@@ -88,7 +79,7 @@
<p>Here is an example</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
JMSType = 'car' AND color = 'blue' AND weight > 2500
]]></script>
</div></div>
@@ -101,27 +92,20 @@ ActiveMQ supports some JMS defined prope
<p>Apache ActiveMQ also supports XPath based selectors when working with
messages containing XML bodies. To use an XPath selector use the following
syntax</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
XPATH '//title[@lang=''eng'']'
]]></script>
</div></div>
- <div class="aui-message success shadowed information-macro">
- <p class="title">Xalan dependency</p>
- <span class="aui-icon icon-success">Icon</span>
- <div class="message-content">
-
+<div class="confluence-information-macro confluence-information-macro-tip"><p
class="title">Xalan dependency</p><span class="aui-icon aui-icon-small
aui-iconfont-approve confluence-information-macro-icon"></span><div
class="confluence-information-macro-body">
<p>XPath support requires <a shape="rect" class="external-link"
href="http://xalan.apache.org/index.html";>Xalan</a> which is not part of the
distribution. The Xalan jars needs to be manually added to lib directory or
pulled into your app via maven </p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[<dependency>
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.6.0</version>
</dependency>]]></script>
-</div></div>
- </div>
- </div>
-
+</div></div></div></div>
<h3
id="Selectors-StringPropertyConversions/SelectingAgainstSTOMPmessages">String
Property Conversions / Selecting Against STOMP messages</h3>
Modified:
websites/production/activemq/content/setting-up-activemq-with-tomcat-559.html
==============================================================================
---
websites/production/activemq/content/setting-up-activemq-with-tomcat-559.html
(original)
+++
websites/production/activemq/content/setting-up-activemq-with-tomcat-559.html
Sat Jun 27 21:23:55 2015
@@ -32,16 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushXml.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Setting up ActiveMQ with Tomcat 5.5.9
@@ -84,7 +74,7 @@
<td valign="top" width="100%">
<div class="wiki-content maincontent"><p>Create the file
<webapp-root>/META-INF/context.xml. Here is an example:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<Context antiJARLocking="true">
<Resource
name="jms/ConnectionFactory"
@@ -113,7 +103,7 @@
<p>Here is some example code that will publish a test message to the
MY.TEST.FOO Topic:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
try {
InitialContext initCtx = new InitialContext();
Context envContext = (Context) initCtx.lookup("java:comp/env");
Modified:
websites/production/activemq/content/shared-file-system-master-slave.html
==============================================================================
--- websites/production/activemq/content/shared-file-system-master-slave.html
(original)
+++ websites/production/activemq/content/shared-file-system-master-slave.html
Sat Jun 27 21:23:55 2015
@@ -32,16 +32,6 @@
</style>
<![endif]-->
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shCore.css'
rel='stylesheet' type='text/css' />
- <link
href='http://activemq.apache.org/styles/highlighter/styles/shThemeEclipse.css'
rel='stylesheet' type='text/css' />
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shCore.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushJava.js'
type='text/javascript'></script>
- <script
src='http://activemq.apache.org/styles/highlighter/scripts/shBrushXml.js'
type='text/javascript'></script>
-
- <script type="text/javascript">
- SyntaxHighlighter.defaults['toolbar'] = false;
- SyntaxHighlighter.all();
- </script>
<title>
Apache ActiveMQ ™ -- Shared File System Master Slave
@@ -82,47 +72,26 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2
id="SharedFileSystemMasterSlave-SharedFileSystemMasterSlave">Shared File System
Master Slave</h2><p>If you have a SAN or shared file system it can be used to
provide <em>high availability</em> such that if a broker is killed, another
broker can take over immediately.</p> <div class="aui-message problem
shadowed information-macro">
- <p class="title">Ensure your shared file locks work</p>
- <span class="aui-icon icon-problem">Icon</span>
- <div class="message-content">
- <p>Note that the requirements of this failover
system are a distributed file system like a SAN for which exclusive file locks
work reliably. If you do not have such a thing available then consider using <a
shape="rect" href="masterslave.html">MasterSlave</a> instead which implements
something similar but working on commodity hardware using local file systems
which ActiveMQ does the replication.</p> <div class="aui-message warning
shadowed information-macro">
- <p class="title">OCFS2 Warning</p>
- <span class="aui-icon icon-warning">Icon</span>
- <div class="message-content">
- <p>Was testing using OCFS2 and both brokers
thought they had the master lock - this is because "OCFS2 only supports locking
with 'fcntl' and not 'lockf and flock', therefore mutex file locking from Java
isn't supported."</p><p>From <a shape="rect" class="external-link"
href="http://sources.redhat.com/cluster/faq.html#gfs_vs_ocfs2";
rel="nofollow">http://sources.redhat.com/cluster/faq.html#gfs_vs_ocfs2</a> :<br
clear="none"> OCFS2: No cluster-aware flock or POSIX locks<br clear="none">
GFS: fully supports Cluster-wide flocks and POSIX locks and is supported.<br
clear="none"> See this JIRA for more discussion: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/AMQ-4378";>https://issues.apache.org/jira/browse/AMQ-4378</a></p>
- </div>
- </div>
- <div class="aui-message warning shadowed information-macro">
- <p class="title">NFSv3 Warning</p>
- <span class="aui-icon icon-warning">Icon</span>
- <div class="message-content">
- <p>In the event of an abnormal NFSv3 client
termination (i.e., the ActiveMQ master broker), the NFSv3 server will not
timeout the lock that is held by that client. This effectively renders the
ActiveMQ data directory inaccessible because the ActiveMQ slave broker can't
acquire the lock and therefore cannot start up. The only solution to this
predicament with NFSv3 is to reboot all ActiveMQ instances to reset
everything.</p><p>Use of NFSv4 is another solution because it's design includes
timeouts for locks. When using NFSv4 and the client holding the lock
experiences an abnormal termination, by design, the lock is released after 30
seconds, allowing another client to grab the lock. For more information about
this, see <a shape="rect" class="external-link"
href="http://blogs.netapp.com/eislers_nfs_blog/2008/07/part-i-since-nf.html";
rel="nofollow">this blog entry</a>.</p>
- </div>
- </div>
-
- </div>
- </div>
-<p>Basically you can run as many brokers as you wish from the same shared file
system directory. The first broker to grab the exclusive lock on the file is
the master broker. If that broker dies and releases the lock then another
broker takes over. The slave brokers sit in a loop trying to grab the lock from
the master broker.</p><p>The following example shows how to configure a broker
for Shared File System Master Slave where <strong>/sharedFileSystem</strong> is
some directory on a shared file system. It is just a case of configuring a file
based store to use a shared directory.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
+<div class="wiki-content maincontent"><h2
id="SharedFileSystemMasterSlave-SharedFileSystemMasterSlave">Shared File System
Master Slave</h2><p>If you have a SAN or shared file system it can be used to
provide <em>high availability</em> such that if a broker is killed, another
broker can take over immediately.</p><div class="confluence-information-macro
confluence-information-macro-warning"><p class="title">Ensure your shared file
locks work</p><span class="aui-icon aui-icon-small aui-iconfont-error
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Note that the requirements of this
failover system are a distributed file system like a SAN for which exclusive
file locks work reliably. If you do not have such a thing available then
consider using <a shape="rect" href="masterslave.html">MasterSlave</a> instead
which implements something similar but working on commodity hardware using
local file systems which ActiveMQ does the replication.</p><div
class="confluence-information-macro confluence-information-macro-note"><p
class="title">OCFS2 Warning</p><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Was testing using OCFS2 and both
brokers thought they had the master lock - this is because "OCFS2 only supports
locking with 'fcntl' and not 'lockf and flock', therefore mutex file locking
from Java isn't supported."</p><p>From <a shape="rect" class="external-link"
href="http://sources.redhat.com/cluster/faq.html#gfs_vs_ocfs2";
rel="nofollow">http://sources.redhat.com/cluster/faq.html#gfs_vs_ocfs2</a> :<br
clear="none"> OCFS2: No cluster-aware flock or POSIX locks<br clear="none">
GFS: fully supports Cluster-wide flocks and POSIX locks and is supported.<br
clear="none"> See this JIRA for more discussion: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/AMQ-4378";>https://issues.apache.org/jira/browse
/AMQ-4378</a></p></div></div><div class="confluence-information-macro
confluence-information-macro-note"><p class="title">NFSv3 Warning</p><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>In the event of an abnormal NFSv3
client termination (i.e., the ActiveMQ master broker), the NFSv3 server will
not timeout the lock that is held by that client. This effectively renders the
ActiveMQ data directory inaccessible because the ActiveMQ slave broker can't
acquire the lock and therefore cannot start up. The only solution to this
predicament with NFSv3 is to reboot all ActiveMQ instances to reset
everything.</p><p>Use of NFSv4 is another solution because it's design includes
timeouts for locks. When using NFSv4 and the client holding the lock
experiences an abnormal termination, by design, the lock is released after 30
seconds, allowing another client to grab the lock. For more information
about this, see <a shape="rect" class="external-link"
href="http://blogs.netapp.com/eislers_nfs_blog/2008/07/part-i-since-nf.html";
rel="nofollow">this blog entry</a>.</p></div></div></div></div><p>Basically you
can run as many brokers as you wish from the same shared file system directory.
The first broker to grab the exclusive lock on the file is the master broker.
If that broker dies and releases the lock then another broker takes over. The
slave brokers sit in a loop trying to grab the lock from the master
broker.</p><p>The following example shows how to configure a broker for Shared
File System Master Slave where <strong>/sharedFileSystem</strong> is some
directory on a shared file system. It is just a case of configuring a file
based store to use a shared directory.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
<kahaDB directory="/sharedFileSystem/sharedBrokerData"/>
</persistenceAdapter>
]]></script>
</div></div><p>or:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
<levelDB directory="/sharedFileSystem/sharedBrokerData"/>
</persistenceAdapter>
]]></script>
</div></div><p>or:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[ <persistenceAdapter>
<amqPersistenceAdapter
directory="/sharedFileSystem/sharedBrokerData"/>
</persistenceAdapter>
]]></script>
-</div></div><h3 id="SharedFileSystemMasterSlave-Startup">Startup</h3><p>On
startup one master grabs an exclusive lock on the broker file directory - all
other brokers are slaves and pause waiting for the exclusive lock.</p><p><img
class="confluence-embedded-image"
src="shared-file-system-master-slave.data/Startup.png"
data-image-src="/confluence/download/attachments/35958/Startup.png?version=1&modificationDate=1153806958000&api=v2"></p><p>Clients
should be using the <a shape="rect"
href="failover-transport-reference.html">Failover Transport</a> to connect to
the available brokers. e.g. using a URL something like the following</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[failover:(tcp://broker1:61616,tcp://broker2:61616,tcp://broker3:61616)
+</div></div><h3 id="SharedFileSystemMasterSlave-Startup">Startup</h3><p>On
startup one master grabs an exclusive lock on the broker file directory - all
other brokers are slaves and pause waiting for the exclusive lock.</p><p><span
class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image"
src="shared-file-system-master-slave.data/Startup.png"
data-image-src="/confluence/download/attachments/35958/Startup.png?version=1&modificationDate=1153806958000&api=v2"
data-unresolved-comment-count="0" data-linked-resource-id="3240"
data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="Startup.png"
data-base-url="https://cwiki.apache.org/confluence";
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="35958"
data-linked-resource-container-version="21"></span></p><p>Clients should be
using the <a shape="rect" href="failover-transport-reference.html">Failover
Transport</a> to connect to
the available brokers. e.g. using a URL something like the following</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[failover:(tcp://broker1:61616,tcp://broker2:61616,tcp://broker3:61616)
]]></script>
-</div></div><p>Only the master broker starts up its transport connectors and
so the clients can only connect to the master.</p><h3
id="SharedFileSystemMasterSlave-Masterfailure">Master failure</h3><p>If the
master looses the exclusive lock then it immediately shuts down. If a master
shuts down or fails, one of the other slaves will grab the lock and so the
topology switches to the following diagram</p><p><img
class="confluence-embedded-image"
src="shared-file-system-master-slave.data/MasterFailed.png"
data-image-src="/confluence/download/attachments/35958/MasterFailed.png?version=1&modificationDate=1153806959000&api=v2"></p><p>One
of the other other slaves immediately grabs the exclusive lock on the file
system to them commences becoming the master, starting all of its transport
connectors.</p><p>Clients loose connection to the stopped master and then the
failover transport tries to connect to the available brokers - of which the
only one available is the new master.</p><h3
id="SharedFileSystemMasterSlave-Masterrestart">Master restart</h3><p>At any
time you can restart other brokers which join the cluster and start as slaves
waiting to become a master if the master is shutdown or a failure occurs. So
the following topology is created after a restart of an old
master...</p><p><img class="confluence-embedded-image"
src="shared-file-system-master-slave.data/MasterRestarted.png"
data-image-src="/confluence/download/attachments/35958/MasterRestarted.png?version=1&modificationDate=1153806958000&api=v2"></p><h3
id="SharedFileSystemMasterSlave-SchedulerSupport">Scheduler
Support</h3><p>ActiveMQ maintains information about schedules independent to
the settings in the persistence adapter. With a shared file-system it is
therefore important to tell ActiveMQ expressly where to store scheduler
information. To do this, set the <code>dataDirectory</code> attribute on
the <code>broker</code>, for example:</p><div class="code panel pdl"
style="border-
width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><