[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912809&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912809
]
ASF GitHub Bot logged work on ARTEMIS-4709:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 03/Apr/24 10:36
Start Date: 03/Apr/24 10:36
Worklog Time Spent: 10m
Work Description: gtully commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549447528
##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##########
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture<?> task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ acceptorMatchRegex = ""; // no match
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
+
+ final long currentTime = System.currentTimeMillis();
+ for (Acceptor acceptor : remotingService.getAcceptors().values()) {
+ if (matchPattern.matcher(acceptor.getName()).matches()) {
+ if (acceptor instanceof NettyAcceptor) {
+ NettyAcceptor nettyAcceptor = (NettyAcceptor) acceptor;
+
+ for (NettyServerConnection nettyServerConnection :
nettyAcceptor.getConnections().values()) {
+ RemotingConnection remotingConnection =
remotingService.getConnection(nettyServerConnection.getID());
+ if (currentTime > remotingConnection.getCreationTime() +
periodSeconds ) {
+ executor.schedule(() -> {
+
remotingService.removeConnection(remotingConnection.getID());
+ remotingConnection.fail(new
ActiveMQDisconnectedException("terminated by session expiry plugin"));
+ }, RandomUtil.randomMax(accuracyWindowSeconds),
TimeUnit.SECONDS);
+ }
+ }
+ }
+ }
+ }
+ }, accuracyWindowSeconds, accuracyWindowSeconds, TimeUnit.SECONDS);
+ }
+
+ @Override
+ public void unregistered(ActiveMQServer server) {
+ task.cancel(true);
+ }
+
+ @Override
+ public void init(Map<String, String> properties) {
+ name = properties.getOrDefault("name", name);
+ periodSeconds = Long.parseLong(properties.getOrDefault("periodSeconds",
Long.toString(periodSeconds)));
+ accuracyWindowSeconds =
Integer.parseInt(properties.getOrDefault("accuracyWindowSeconds",
Long.toString(accuracyWindowSeconds)));
+ if (accuracyWindowSeconds <= 0) {
+ throw new IllegalArgumentException("accuracyWindowSeconds must be >
0");
+ }
+ acceptorMatchRegex = properties.getOrDefault("acceptorMatchRegex",
acceptorMatchRegex);
Review Comment:
The value must be configured so a non null default does not make sense. Have
added a check and throw if it is null. Is it ok to configure something that
won't match, I guess so.
Issue Time Tracking
-------------------
Worklog Id: (was: 912809)
Time Spent: 50m (was: 40m)
> Add a plugin to provide periodic expiry of connections on a per acceptor basis
> ------------------------------------------------------------------------------
>
> Key: ARTEMIS-4709
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4709
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 2.33.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.34.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> When credential rotation needs to be enforced, active connections need to be
> terminated on some timeline to ensure credentials are reevaluated. There are
> management apis that can be used but these require some intervention.
> In addition to enforce some SLA around duration of connections, having an
> easy way to limit connections to a given maximum period can be helpful.
> A plugin that will be applied on an per acceptor basis, that can be used to
> disconnect connections that have lived for some period can provide a nice
> building block for these use cases.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
