[GitHub] activemq-artemis issue #794: ARTEMIS-751 Simplification of the AMQP implemen...
Github user clebertsuconic commented on the issue: https://github.com/apache/activemq-artemis/pull/794 I had the whole testsuite on running on this. no regressions. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #794: ARTEMIS-751 Simplification of the AMQP i...
GitHub user clebertsuconic opened a pull request: https://github.com/apache/activemq-artemis/pull/794 ARTEMIS-751 Simplification of the AMQP implementation Since we don't need client implementations any longer, given the maturity level of qpid jms, these classes can go, as a result a lot of the interfaces can be removed. As part of this I am removing proton-plug, and reorganizing the packages in a way I think it makes more sense and easier to other developers to understand and maintain it. https://issues.apache.org/jira/browse/ARTEMIS-751 You can merge this pull request into a Git repository by running: $ git pull https://github.com/clebertsuconic/activemq-artemis remove-plug Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq-artemis/pull/794.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #794 commit 91dc60a69e02ce7e38797eedd2c09f176ee38cc6 Author: Clebert SuconicDate: 2016-09-23T21:25:36Z ARTEMIS-751 Simplification of the AMQP implementation Since we don't need client implementations any longer, given the maturity level of qpid jms, these classes can go, as a result a lot of the interfaces can be removed. As part of this I am removing proton-plug, and reorganizing the packages in a way I think it makes more sense and easier to other developers to understand and maintain it. https://issues.apache.org/jira/browse/ARTEMIS-751 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...
Github user clebertsuconic commented on the issue: https://github.com/apache/activemq-artemis/pull/789 @hqstevenson I was looking more for a single example on how to use your annotations. Something we could add a chapter within the documentation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: Monitoring Messages on Queue / Topic
Hi Ajay- This question is best suited for the users@ mailing list. the dev@ is for development of ActiveMQ itself. Thanks Matt Pavlovich On 9/23/16 6:41 AM, ActiveMQ Investigation wrote: Hello, I need some kind of mechanism where an alert is raised if a message is not consumed in say X seconds. Does ActiveMQ provide any plugin or facility for it. How can I make sure that a message is not sitting in the queue (or not consumed by subscriber) and no notification is raised. We don't use Advisory topic/queues so don't know much about them but can advisory topic / queue help in this regard? Or something like browsing the queue / topic and not consume it. Thanks AJK -- View this message in context: http://activemq.2283324.n4.nabble.com/Monitoring-Messages-on-Queue-Topic-tp4716828.html Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.
[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...
Github user hqstevenson commented on the issue: https://github.com/apache/activemq-artemis/pull/789 I just realized I didn't finish the javadoc for the XXXResource classes. I intended to have basic usage information in the javadoc for each class. I'll get that added and update the PR --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...
Github user hqstevenson commented on the issue: https://github.com/apache/activemq-artemis/pull/789 I'd be happy to add an example, but I'm not sure exactly what you're looking for. All of the unit tests show the basics of how you embed a sever into your test, and how you use the server afterwards. Is there a specific type of test you'd like to see? BTW - once this is released, I'm going to contribute a "example-camel-artemis" to the Camel project - that will show how to use the embedded resources with Camel. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...
Github user hqstevenson commented on the issue: https://github.com/apache/activemq-artemis/pull/789 I fixed the check style issues, and I also added constructors to the EmbeddedXXXResource rules to allow configuring the servers with configuration files. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...
Github user asfgit closed the pull request at: https://github.com/apache/activemq-artemis/pull/791 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis issue #789: ARTEMIS-737 - added JUnit rules for Artemis ser...
Github user clebertsuconic commented on the issue: https://github.com/apache/activemq-artemis/pull/789 @hqstevenson the idea here is to provide final users the capability of running junit tests with a messaging server, right? It would be nice to have at least an example on how to do this.. can you add at least one test as an example? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #793: NO-JIRA: using scheduled component on me...
Github user asfgit closed the pull request at: https://github.com/apache/activemq-artemis/pull/793 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...
Github user jbertram commented on a diff in the pull request: https://github.com/apache/activemq-artemis/pull/791#discussion_r80250306 --- Diff: artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/tools/XmlDataImporter.java --- @@ -444,33 +444,59 @@ private void processMessageBody(Message message) throws XMLStreamException, IOEx } } reader.next(); + ActiveMQServerLogger.LOGGER.debug("XMLStreamReader impl: " + reader); if (isLarge) { tempFileName = UUID.randomUUID().toString() + ".tmp"; ActiveMQServerLogger.LOGGER.debug("Creating temp file " + tempFileName + " for large message."); try (OutputStream out = new FileOutputStream(tempFileName)) { -while (reader.hasNext()) { - if (reader.getEventType() == XMLStreamConstants.END_ELEMENT) { - break; - } - else { - String characters = new String(reader.getTextCharacters(), reader.getTextStart(), reader.getTextLength()); - String trimmedCharacters = characters.trim(); - if (trimmedCharacters.length() > 0) { // this will skip "indentation" characters - byte[] data = decode(trimmedCharacters); - out.write(data); - } - } - reader.next(); -} +getMessageBodyBytes(new MessageBodyBytesProcessor() { + @Override + public void processBodyBytes(byte[] bytes) throws IOException { + out.write(bytes); + } +}); } FileInputStream fileInputStream = new FileInputStream(tempFileName); BufferedInputStream bufferedInput = new BufferedInputStream(fileInputStream); ((ClientMessage) message).setBodyInputStream(bufferedInput); } else { - reader.next(); // step past the "indentation" characters to get to the CDATA with the message body - String characters = new String(reader.getTextCharacters(), reader.getTextStart(), reader.getTextLength()); - message.getBodyBuffer().writeBytes(decode(characters.trim())); + getMessageBodyBytes(new MessageBodyBytesProcessor() { +@Override +public void processBodyBytes(byte[] bytes) throws IOException { + message.getBodyBuffer().writeBytes(bytes); +} + }); + } + } + + /** +* Message bodies are written to XML as Base64 encoded CDATA elements. Some parser implementations won't read the +* entire CDATA element at once (e.g. Woodstox) so it's possible for multiple CDATA events to be combined into a +* single Base64 encoded string. You can't decode bits and pieces of each CDATA. Each CDATA has to be decoded in +* its entirety. +* +* @param processor used to deal with the decoded CDATA elements +* @throws IOException +* @throws XMLStreamException +*/ + private void getMessageBodyBytes(MessageBodyBytesProcessor processor) throws IOException, XMLStreamException { + int currentEventType; + StringBuilder cdata = new StringBuilder(); + while (reader.hasNext()) { + currentEventType = reader.getEventType(); + if (currentEventType == XMLStreamConstants.END_ELEMENT) { +break; + } + // when we hit a CHARACTERS event we know that the entire CDATA is complete so decode and pass back to the processor + else if (currentEventType == XMLStreamConstants.CHARACTERS && cdata.length() > 0) { --- End diff -- I think isWhiteSpace() is better. Good idea! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #793: NO-JIRA: using scheduled component on me...
GitHub user clebertsuconic opened a pull request: https://github.com/apache/activemq-artemis/pull/793 NO-JIRA: using scheduled component on message counters You can merge this pull request into a Git repository by running: $ git pull https://github.com/clebertsuconic/activemq-artemis scheduled-component Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq-artemis/pull/793.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #793 commit b98c24e749f61e3d6ca1ca10e69e44c3469a54d4 Author: Clebert SuconicDate: 2016-09-15T17:49:55Z NO-JIRA: using scheduled component on message counters --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #790: Make bunch of private fields final
Github user asfgit closed the pull request at: https://github.com/apache/activemq-artemis/pull/790 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #792: ARTEMIS-742 - test fixes
Github user asfgit closed the pull request at: https://github.com/apache/activemq-artemis/pull/792 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Artemis 1.0.0, 1.1.0, 1.2.0, 1.3.0 A class implementing the Serializable interface is free to implement the “readObject(java.io.ObjectInputStream in)” method however it chooses. This readObject method is used during the deserialization process, when constructing a java object from a serialized byte stream. It is possible to implement the method in such a way that can result in java code being executed during the deserialization of an object of this class (gadget class). The JMS specification outlines a getObject() method on the javax.jms.ObjectMessage class. The Apache Artemis implementation of this method allows deserialization of objects, from untrusted input. There are several places where Apache Artemis uses this getObject() method. In the JMS Core client, the Artemis broker and the Artemis REST component. These Artemis components may therefore be vulnerable to a remote code execution attack. Successful exploitations of this vulnerability rely on these "gadget classes" being present on the Artemis classpath and the sender of the untrusted input being authenticated and authorized to send messages to the Artemis broker. The code execution exploit may happen under the following circumstances: · In the JMS client when consuming an object message. · In the REST module when a REST client requests to consume a message that was originally sent as an object message (cross protocol). · In the Artemis management layer, when a client sends an object message to a management address. · On the broker when an AMQP client consumes a message that was originally sent as an object message (cross protocol). For this exploit to occur the sender of the compromised message needs to be authenticated and authorized in order to send the message to the Artemis broker and affected classes (gadget classes) present on the Artemis class path. Mitigation: To secure the Apache Artemis broker and management layer: ** Upgrade to 1.4.0. For the Apache Artemis REST module and Apache Artemis JMS client. ** Upgrade to Apache Artemis 1.4.0 ** Configure the appropriate deserialization white/black lists as outlined in the Artemis documentation. Credit: This issue was discovered by Matthias Kaiser of Code White ( www.code-white.com)
[GitHub] activemq-artemis pull request #791: ARTEMIS-747 multiple CDATA events on imp...
Github user TomasHofman commented on a diff in the pull request: https://github.com/apache/activemq-artemis/pull/791#discussion_r80201908 --- Diff: artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/tools/XmlDataImporter.java --- @@ -444,33 +444,59 @@ private void processMessageBody(Message message) throws XMLStreamException, IOEx } } reader.next(); + ActiveMQServerLogger.LOGGER.debug("XMLStreamReader impl: " + reader); if (isLarge) { tempFileName = UUID.randomUUID().toString() + ".tmp"; ActiveMQServerLogger.LOGGER.debug("Creating temp file " + tempFileName + " for large message."); try (OutputStream out = new FileOutputStream(tempFileName)) { -while (reader.hasNext()) { - if (reader.getEventType() == XMLStreamConstants.END_ELEMENT) { - break; - } - else { - String characters = new String(reader.getTextCharacters(), reader.getTextStart(), reader.getTextLength()); - String trimmedCharacters = characters.trim(); - if (trimmedCharacters.length() > 0) { // this will skip "indentation" characters - byte[] data = decode(trimmedCharacters); - out.write(data); - } - } - reader.next(); -} +getMessageBodyBytes(new MessageBodyBytesProcessor() { + @Override + public void processBodyBytes(byte[] bytes) throws IOException { + out.write(bytes); + } +}); } FileInputStream fileInputStream = new FileInputStream(tempFileName); BufferedInputStream bufferedInput = new BufferedInputStream(fileInputStream); ((ClientMessage) message).setBodyInputStream(bufferedInput); } else { - reader.next(); // step past the "indentation" characters to get to the CDATA with the message body - String characters = new String(reader.getTextCharacters(), reader.getTextStart(), reader.getTextLength()); - message.getBodyBuffer().writeBytes(decode(characters.trim())); + getMessageBodyBytes(new MessageBodyBytesProcessor() { +@Override +public void processBodyBytes(byte[] bytes) throws IOException { + message.getBodyBuffer().writeBytes(bytes); +} + }); + } + } + + /** +* Message bodies are written to XML as Base64 encoded CDATA elements. Some parser implementations won't read the +* entire CDATA element at once (e.g. Woodstox) so it's possible for multiple CDATA events to be combined into a +* single Base64 encoded string. You can't decode bits and pieces of each CDATA. Each CDATA has to be decoded in +* its entirety. +* +* @param processor used to deal with the decoded CDATA elements +* @throws IOException +* @throws XMLStreamException +*/ + private void getMessageBodyBytes(MessageBodyBytesProcessor processor) throws IOException, XMLStreamException { + int currentEventType; + StringBuilder cdata = new StringBuilder(); + while (reader.hasNext()) { + currentEventType = reader.getEventType(); + if (currentEventType == XMLStreamConstants.END_ELEMENT) { +break; + } + // when we hit a CHARACTERS event we know that the entire CDATA is complete so decode and pass back to the processor + else if (currentEventType == XMLStreamConstants.CHARACTERS && cdata.length() > 0) { --- End diff -- JDK's STAX implementation reports CDATA sections also as XMLStreamConstants.CHARACTERS (instead of XMLStreamConstants.CDATA like Woodstox do) by default. So this condition needs to check that the text contains white spaces only. Probably reader.isWhiteSpace() should do. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq pull request #199: Make start script work on busybox
GitHub user fjollberg opened a pull request: https://github.com/apache/activemq/pull/199 Make start script work on busybox The current version of the activemq start script uses options to ps which are unavailable in busybox. Suggested change refactors the start script to remove duplicated code to find a java process given a pidfile and makes it work on busybox. I have limited possibilities of verifying the change on different platforms but it is confirmed to work on at least Mac OS X in addition to busybox and should work on platforms where previous "ps -p" command worked. You can merge this pull request into a Git repository by running: $ git pull https://github.com/fjollberg/activemq master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq/pull/199.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #199 commit 18dce69a78729e71841fead21c69dd15ffe7db58 Author: Fredrik JönssonDate: 2016-09-23T08:09:54Z Remove duplicated code for finding a java process given a pidfile and make it work in busybox. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] activemq-artemis pull request #792: ARTEMIS-742 - test fixes
GitHub user andytaylor opened a pull request: https://github.com/apache/activemq-artemis/pull/792 ARTEMIS-742 - test fixes https://issues.apache.org/jira/browse/ARTEMIS-742 You can merge this pull request into a Git repository by running: $ git pull https://github.com/andytaylor/activemq-artemis splitbrain Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq-artemis/pull/792.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #792 commit 4c1d9e2c0f5799477b002a1fb643b8acf554fc4b Author: Andy TaylorDate: 2016-09-23T07:17:56Z ARTEMIS-742 = test fixes https://issues.apache.org/jira/browse/ARTEMIS-742 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---