[GitHub] activemq-artemis issue #794: ARTEMIS-751 Simplification of the AMQP implemen...

[clebertsuconic]

Github user clebertsuconic commented on the issue:

https://github.com/apache/activemq-artemis/pull/794
  
I had the whole testsuite on running on this. no regressions.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #794: ARTEMIS-751 Simplification of the AMQP i...

[clebertsuconic]

GitHub user clebertsuconic opened a pull request:

https://github.com/apache/activemq-artemis/pull/794

ARTEMIS-751 Simplification of the AMQP implementation

Since we don't need client implementations any longer, given the maturity 
level of
qpid jms, these classes can go, as a result a lot of the interfaces can be 
removed.

As part of this I am removing proton-plug, and reorganizing the packages in 
a way I think it
makes more sense and easier to other developers to understand and maintain 
it.

https://issues.apache.org/jira/browse/ARTEMIS-751

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/clebertsuconic/activemq-artemis remove-plug

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq-artemis/pull/794.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #794


commit 91dc60a69e02ce7e38797eedd2c09f176ee38cc6
Author: Clebert Suconic 
Date:   2016-09-23T21:25:36Z

ARTEMIS-751 Simplification of the AMQP implementation

Since we don't need client implementations any longer, given the maturity 
level of
qpid jms, these classes can go, as a result a lot of the interfaces can be 
removed.

As part of this I am removing proton-plug, and reorganizing the packages in 
a way I think it
makes more sense and easier to other developers to understand and maintain 
it.

https://issues.apache.org/jira/browse/ARTEMIS-751




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...

[clebertsuconic]

Github user clebertsuconic commented on the issue:

https://github.com/apache/activemq-artemis/pull/789
  
@hqstevenson  I was looking more for a single example on how to use your 
annotations. Something we could add a chapter within the documentation.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Monitoring Messages on Queue / Topic

[Matt Pavlovich]

Hi Ajay-

This question is best suited for the users@ mailing list. the dev@ is 
for development of ActiveMQ itself.


Thanks
Matt Pavlovich

On 9/23/16 6:41 AM, ActiveMQ Investigation wrote:

Hello,

I need some kind of mechanism where an alert is raised if a message is not
consumed in say X seconds.

Does ActiveMQ provide any plugin or facility for it. How can I make sure
that a message is not sitting in the queue (or not consumed by subscriber)
and no notification is raised.

We don't use Advisory topic/queues so don't know much about them but can
advisory topic / queue help in this regard? Or something like browsing the
queue / topic and not consume it.


Thanks
AJK



--
View this message in context: 
http://activemq.2283324.n4.nabble.com/Monitoring-Messages-on-Queue-Topic-tp4716828.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.

[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...

[hqstevenson]

Github user hqstevenson commented on the issue:

https://github.com/apache/activemq-artemis/pull/789
  
I just realized I didn't finish the javadoc for the XXXResource classes.  I 
intended to have basic usage information in the javadoc for each class.  I'll 
get that added and update the PR


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...

[hqstevenson]

Github user hqstevenson commented on the issue:

https://github.com/apache/activemq-artemis/pull/789
  
I'd be happy to add an example, but I'm not sure exactly what you're 
looking for.  All of the unit tests show the basics of how you embed a sever 
into your test, and how you use the server afterwards.

Is there a specific type of test you'd like to see?

BTW - once this is released, I'm going to contribute a 
"example-camel-artemis" to the Camel project - that will show how to use the 
embedded resources with Camel.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...

[hqstevenson]

Github user hqstevenson commented on the issue:

https://github.com/apache/activemq-artemis/pull/789
  
I fixed the check style issues, and I also added constructors to the 
EmbeddedXXXResource rules to allow configuring the servers with configuration 
files.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/activemq-artemis/pull/791


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...

[clebertsuconic]

Github user clebertsuconic commented on the issue:

https://github.com/apache/activemq-artemis/pull/789
  
@hqstevenson the idea here is to provide final users the capability of 
running junit tests with a messaging server, right?


It would be nice to have at least an example on how to do this.. can you 
add at least one test as an example?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #793: NO-JIRA: using scheduled component on me...

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/activemq-artemis/pull/793


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...

[jbertram]

Github user jbertram commented on a diff in the pull request:

https://github.com/apache/activemq-artemis/pull/791#discussion_r80250306
  
--- Diff: 
artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/tools/XmlDataImporter.java
 ---
@@ -444,33 +444,59 @@ private void processMessageBody(Message message) 
throws XMLStreamException, IOEx
  }
   }
   reader.next();
+  ActiveMQServerLogger.LOGGER.debug("XMLStreamReader impl: " + reader);
   if (isLarge) {
  tempFileName = UUID.randomUUID().toString() + ".tmp";
  ActiveMQServerLogger.LOGGER.debug("Creating temp file " + 
tempFileName + " for large message.");
  try (OutputStream out = new FileOutputStream(tempFileName)) {
-while (reader.hasNext()) {
-   if (reader.getEventType() == 
XMLStreamConstants.END_ELEMENT) {
-  break;
-   }
-   else {
-  String characters = new 
String(reader.getTextCharacters(), reader.getTextStart(), 
reader.getTextLength());
-  String trimmedCharacters = characters.trim();
-  if (trimmedCharacters.length() > 0) { // this will skip 
"indentation" characters
- byte[] data = decode(trimmedCharacters);
- out.write(data);
-  }
-   }
-   reader.next();
-}
+getMessageBodyBytes(new MessageBodyBytesProcessor() {
+   @Override
+   public void processBodyBytes(byte[] bytes) throws 
IOException {
+  out.write(bytes);
+   }
+});
  }
  FileInputStream fileInputStream = new 
FileInputStream(tempFileName);
  BufferedInputStream bufferedInput = new 
BufferedInputStream(fileInputStream);
  ((ClientMessage) message).setBodyInputStream(bufferedInput);
   }
   else {
- reader.next(); // step past the "indentation" characters to get 
to the CDATA with the message body
- String characters = new String(reader.getTextCharacters(), 
reader.getTextStart(), reader.getTextLength());
- message.getBodyBuffer().writeBytes(decode(characters.trim()));
+ getMessageBodyBytes(new MessageBodyBytesProcessor() {
+@Override
+public void processBodyBytes(byte[] bytes) throws IOException {
+   message.getBodyBuffer().writeBytes(bytes);
+}
+ });
+  }
+   }
+
+   /**
+* Message bodies are written to XML as Base64 encoded CDATA elements. 
Some parser implementations won't read the
+* entire CDATA element at once (e.g. Woodstox) so it's possible for 
multiple CDATA events to be combined into a
+* single Base64 encoded string.  You can't decode bits and pieces of 
each CDATA.  Each CDATA has to be decoded in
+* its entirety.
+*
+* @param processor used to deal with the decoded CDATA elements
+* @throws IOException
+* @throws XMLStreamException
+*/
+   private void getMessageBodyBytes(MessageBodyBytesProcessor processor) 
throws IOException, XMLStreamException {
+  int currentEventType;
+  StringBuilder cdata = new StringBuilder();
+  while (reader.hasNext()) {
+ currentEventType = reader.getEventType();
+ if (currentEventType == XMLStreamConstants.END_ELEMENT) {
+break;
+ }
+ // when we hit a CHARACTERS event we know that the entire CDATA 
is complete so decode and pass back to the processor
+ else if (currentEventType == XMLStreamConstants.CHARACTERS && 
cdata.length() > 0) {
--- End diff --

I think isWhiteSpace() is better.  Good idea!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #793: NO-JIRA: using scheduled component on me...

[clebertsuconic]

GitHub user clebertsuconic opened a pull request:

https://github.com/apache/activemq-artemis/pull/793

NO-JIRA: using scheduled component on message counters



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/clebertsuconic/activemq-artemis 
scheduled-component

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq-artemis/pull/793.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #793


commit b98c24e749f61e3d6ca1ca10e69e44c3469a54d4
Author: Clebert Suconic 
Date:   2016-09-15T17:49:55Z

NO-JIRA: using scheduled component on message counters




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #790: Make bunch of private fields final

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/activemq-artemis/pull/790


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #792: ARTEMIS-742 - test fixes

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/activemq-artemis/pull/792


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability

[Martyn Taylor]

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Artemis 1.0.0, 1.1.0, 1.2.0, 1.3.0

A class implementing the Serializable interface is free to implement
the “readObject(java.io.ObjectInputStream
in)” method however it chooses. This readObject method is used during the
deserialization process, when constructing a java object from a serialized
byte stream. It is possible to implement the method in such a way that can
result in java code being executed during the deserialization of an object
of this class (gadget class).

The JMS specification outlines a getObject() method on the
javax.jms.ObjectMessage
class. The Apache Artemis implementation of this method allows
deserialization of objects, from untrusted input. There are several places
where Apache Artemis uses this getObject() method. In the JMS Core client,
the Artemis broker and the Artemis REST component. These Artemis components
may therefore be vulnerable to a remote code execution attack. Successful
exploitations of this vulnerability rely on these "gadget classes"  being
present on the Artemis classpath and the sender of the untrusted input
being authenticated and authorized to send messages to the Artemis broker.

The code execution exploit may happen under the following circumstances:

· In the JMS client when consuming an object message.

· In the REST module when a REST client requests to consume a message that
was originally sent as an object message (cross protocol).

· In the Artemis management layer, when a client sends an object message to
a management address.

· On the broker when an AMQP client consumes a message that was originally
sent as an object message (cross protocol).

For this exploit to occur the sender of the compromised message needs to be
authenticated and authorized in order to send the message to the Artemis
broker and affected classes (gadget classes) present on the Artemis class
path.

Mitigation:
To secure the Apache Artemis broker and management layer:
** Upgrade to 1.4.0.

For the Apache Artemis REST module and Apache Artemis JMS client.
** Upgrade to Apache Artemis 1.4.0
** Configure the appropriate deserialization white/black lists as outlined
in the Artemis documentation.

Credit: This issue was discovered by Matthias Kaiser of Code White (
www.code-white.com)

[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...

[TomasHofman]

Github user TomasHofman commented on a diff in the pull request:

https://github.com/apache/activemq-artemis/pull/791#discussion_r80201908
  
--- Diff: 
artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/tools/XmlDataImporter.java
 ---
@@ -444,33 +444,59 @@ private void processMessageBody(Message message) 
throws XMLStreamException, IOEx
  }
   }
   reader.next();
+  ActiveMQServerLogger.LOGGER.debug("XMLStreamReader impl: " + reader);
   if (isLarge) {
  tempFileName = UUID.randomUUID().toString() + ".tmp";
  ActiveMQServerLogger.LOGGER.debug("Creating temp file " + 
tempFileName + " for large message.");
  try (OutputStream out = new FileOutputStream(tempFileName)) {
-while (reader.hasNext()) {
-   if (reader.getEventType() == 
XMLStreamConstants.END_ELEMENT) {
-  break;
-   }
-   else {
-  String characters = new 
String(reader.getTextCharacters(), reader.getTextStart(), 
reader.getTextLength());
-  String trimmedCharacters = characters.trim();
-  if (trimmedCharacters.length() > 0) { // this will skip 
"indentation" characters
- byte[] data = decode(trimmedCharacters);
- out.write(data);
-  }
-   }
-   reader.next();
-}
+getMessageBodyBytes(new MessageBodyBytesProcessor() {
+   @Override
+   public void processBodyBytes(byte[] bytes) throws 
IOException {
+  out.write(bytes);
+   }
+});
  }
  FileInputStream fileInputStream = new 
FileInputStream(tempFileName);
  BufferedInputStream bufferedInput = new 
BufferedInputStream(fileInputStream);
  ((ClientMessage) message).setBodyInputStream(bufferedInput);
   }
   else {
- reader.next(); // step past the "indentation" characters to get 
to the CDATA with the message body
- String characters = new String(reader.getTextCharacters(), 
reader.getTextStart(), reader.getTextLength());
- message.getBodyBuffer().writeBytes(decode(characters.trim()));
+ getMessageBodyBytes(new MessageBodyBytesProcessor() {
+@Override
+public void processBodyBytes(byte[] bytes) throws IOException {
+   message.getBodyBuffer().writeBytes(bytes);
+}
+ });
+  }
+   }
+
+   /**
+* Message bodies are written to XML as Base64 encoded CDATA elements. 
Some parser implementations won't read the
+* entire CDATA element at once (e.g. Woodstox) so it's possible for 
multiple CDATA events to be combined into a
+* single Base64 encoded string.  You can't decode bits and pieces of 
each CDATA.  Each CDATA has to be decoded in
+* its entirety.
+*
+* @param processor used to deal with the decoded CDATA elements
+* @throws IOException
+* @throws XMLStreamException
+*/
+   private void getMessageBodyBytes(MessageBodyBytesProcessor processor) 
throws IOException, XMLStreamException {
+  int currentEventType;
+  StringBuilder cdata = new StringBuilder();
+  while (reader.hasNext()) {
+ currentEventType = reader.getEventType();
+ if (currentEventType == XMLStreamConstants.END_ELEMENT) {
+break;
+ }
+ // when we hit a CHARACTERS event we know that the entire CDATA 
is complete so decode and pass back to the processor
+ else if (currentEventType == XMLStreamConstants.CHARACTERS && 
cdata.length() > 0) {
--- End diff --

JDK's STAX implementation reports CDATA sections also as 
XMLStreamConstants.CHARACTERS (instead of XMLStreamConstants.CDATA like 
Woodstox do) by default. So this condition needs to check that the text 
contains white spaces only. Probably reader.isWhiteSpace() should do.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq pull request #199: Make start script work on busybox

[fjollberg]

GitHub user fjollberg opened a pull request:

https://github.com/apache/activemq/pull/199

Make start script work on busybox

The current version of the activemq start script uses options to ps which 
are unavailable 
in busybox.

Suggested change refactors the start script to remove duplicated code to 
find a java process 
given a pidfile and makes it work on busybox.

I have limited possibilities of verifying the change on different platforms 
but it is confirmed to
work on at least Mac OS X in addition to busybox and should work on 
platforms where 
previous "ps -p" command worked.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/fjollberg/activemq master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq/pull/199.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #199


commit 18dce69a78729e71841fead21c69dd15ffe7db58
Author: Fredrik Jönsson 
Date:   2016-09-23T08:09:54Z

Remove duplicated code for finding a java process given a pidfile
and make it work in busybox.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #792: ARTEMIS-742 - test fixes

[andytaylor]

GitHub user andytaylor opened a pull request:

https://github.com/apache/activemq-artemis/pull/792

 ARTEMIS-742 - test fixes

https://issues.apache.org/jira/browse/ARTEMIS-742

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/andytaylor/activemq-artemis splitbrain

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/activemq-artemis/pull/792.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #792


commit 4c1d9e2c0f5799477b002a1fb643b8acf554fc4b
Author: Andy Taylor 
Date:   2016-09-23T07:17:56Z

 ARTEMIS-742 = test fixes

https://issues.apache.org/jira/browse/ARTEMIS-742




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---