[jboss-cvs] JBoss Messaging SVN: r3118 - in trunk: src/etc/server/default/deploy and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 19 08:52:41 EDT 2007
Author: timfox
Date: 2007-09-19 08:52:41 -0400 (Wed, 19 Sep 2007)
New Revision: 3118
Added:
trunk/src/main/org/jboss/jms/server/SecurityStore.java
trunk/src/main/org/jboss/jms/server/security/CheckType.java
Removed:
trunk/src/main/org/jboss/jms/server/SecurityManager.java
Modified:
trunk/docs/userguide/en/modules/configuration.xml
trunk/docs/userguide/en/modules/installation.xml
trunk/src/etc/server/default/deploy/messaging-service.xml
trunk/src/etc/xmdesc/ServerPeer-xmbean.xml
trunk/src/main/org/jboss/jms/server/ServerPeer.java
trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionEndpoint.java
trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java
trunk/tests/src/org/jboss/test/messaging/jms/bridge/BridgeTest.java
Log:
http://jira.jboss.com/jira/browse/JBMESSAGING-1070
Modified: trunk/docs/userguide/en/modules/configuration.xml
===================================================================
--- trunk/docs/userguide/en/modules/configuration.xml 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/docs/userguide/en/modules/configuration.xml 2007-09-19 12:52:41 UTC (rev 3118)
@@ -132,6 +132,11 @@
<attribute name="RecoverDeliveriesTimeout">300000</attribute>
+ <!-- The password used by the message sucker connections to create connections.
+ THIS SHOULD ALWAYS BE CHANGED AT INSTALL TIME TO SECURE SYSTEM
+ <attribute name="SuckerPassword"></attribute>
+ -->
+
<depends optional-attribute-name="PersistenceManager">jboss.messaging:service=PersistenceManager</depends>
<depends optional-attribute-name="JMSUserManager">jboss.messaging:service=JMSUserManager</depends>
@@ -362,6 +367,18 @@
</para>
</section>
+ <section id="conf.serverpeer.attributes.suckerpassword">
+ <title>SuckerPassword</title>
+
+ <para>
+ For clustering. JBoss Messaging internally makes connections between nodes in order to redistribute messages.
+ These connections are made with the user name of a special reserved user.
+ The password used by that user is specified by this parameter.
+ <warning>This must be specified at install time, or the default password will be used. Any one who then knows
+ the default password will be able to gain read access to any destinations on the server</warning>
+ </para>
+ </section>
+
<section id="conf.serverpeer.attributes.destinations">
<title>Destinations</title>
Modified: trunk/docs/userguide/en/modules/installation.xml
===================================================================
--- trunk/docs/userguide/en/modules/installation.xml 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/docs/userguide/en/modules/installation.xml 2007-09-19 12:52:41 UTC (rev 3118)
@@ -19,7 +19,7 @@
<filename>jboss-messaging.sar</filename>
- over to the JBoss instance
+ over to the JBoss instance w
<filename>deploy</filename>
@@ -448,10 +448,21 @@
<section id="install.extra-steps">
<title>Extra steps to complete your installation</title>
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ <warning>SECURITY RISK! To avoid a security risk, you MUST specify the value of the attribute SuckerPassword in the Server Peer config (messaging-service.xml). If you do not specify a value, the default value will be used. Any person
+that knows the default value will be able to obtain read access to all destinations on the server. The password chosen
+should only be exposed to administrators</warning>
+ </para>
+ </listitem>
+
+
<para>You should also make these changes on any configuration you
choose, to remove all references to the old JBossMQ:</para>
- <itemizedlist>
+
<listitem>
<para>Edit <literal>$JBOSS_CONFIG/deploy/jms-ds.xml</literal> and replace
jboss.mq by jboss.messaging on every occurrence</para>
Modified: trunk/src/etc/server/default/deploy/messaging-service.xml
===================================================================
--- trunk/src/etc/server/default/deploy/messaging-service.xml 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/etc/server/default/deploy/messaging-service.xml 2007-09-19 12:52:41 UTC (rev 3118)
@@ -93,6 +93,11 @@
<!-- Max. time to hold previously delivered messages back waiting for clients to reconnect after failover -->
<attribute name="RecoverDeliveriesTimeout">300000</attribute>
+
+ <!-- The password used by the message sucker connections to create connections.
+ THIS SHOULD ALWAYS BE CHANGED AT INSTALL TIME TO SECURE SYSTEM
+ <attribute name="SuckerPassword"></attribute>
+ -->
<depends optional-attribute-name="PersistenceManager">jboss.messaging:service=PersistenceManager</depends>
Modified: trunk/src/etc/xmdesc/ServerPeer-xmbean.xml
===================================================================
--- trunk/src/etc/xmdesc/ServerPeer-xmbean.xml 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/etc/xmdesc/ServerPeer-xmbean.xml 2007-09-19 12:52:41 UTC (rev 3118)
@@ -211,6 +211,12 @@
<name>SupportsFailover</name>
<type>boolean</type>
</attribute>
+
+ <attribute access="write-only" setMethod="setSuckerPassword">
+ <description>The password used for message suckers</description>
+ <name>SuckerPassword</name>
+ <type>java.lang.String</type>
+ </attribute>
<!-- Managed operations -->
Deleted: trunk/src/main/org/jboss/jms/server/SecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/SecurityManager.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/jms/server/SecurityManager.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -1,70 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.jms.server;
-
-import java.util.Set;
-
-import javax.jms.JMSSecurityException;
-import javax.security.auth.Subject;
-
-import org.jboss.jms.server.security.SecurityMetadata;
-import org.w3c.dom.Element;
-
-/**
- * @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
- * @version <tt>$Revision$</tt>
- *
- * $Id$
- */
-public interface SecurityManager
-{
- /**
- * @return the security meta-data for the given destination.
- */
- SecurityMetadata getSecurityMetadata(boolean isQueue, String destName);
-
- void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
- void clearSecurityConfig(boolean isQueue, String name) throws Exception;
-
- /**
- * Authenticate the specified user with the given password. Implementations are most likely to
- * delegates to a JBoss AuthenticationManager.
- *
- * Successful autentication will place a new SubjectContext on thread local, which will be used
- * in the authorization process. However, we need to make sure we clean up thread local
- * immediately after we used the information, otherwise some other people security my be screwed
- * up, on account of thread local security stack being corrupted.
- *
- * @throws JMSSecurityException if the user is not authenticated
- */
- Subject authenticate(String user, String password) throws JMSSecurityException;
-
- /**
- * Authorize that the subject has at least one of the specified roles. Implementations are most
- * likely to delegates to a JBoss AuthenticationManager.
- *
- * @param rolePrincipals - The set of roles allowed to read/write/create the destination.
- * @return true if the subject is authorized, or false if not.
- */
- boolean authorize(String user, Set rolePrincipals);
-
-}
Copied: trunk/src/main/org/jboss/jms/server/SecurityStore.java (from rev 3112, trunk/src/main/org/jboss/jms/server/SecurityManager.java)
===================================================================
--- trunk/src/main/org/jboss/jms/server/SecurityStore.java (rev 0)
+++ trunk/src/main/org/jboss/jms/server/SecurityStore.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server;
+
+import java.util.Set;
+
+import javax.jms.JMSSecurityException;
+import javax.security.auth.Subject;
+
+import org.jboss.jms.server.security.CheckType;
+import org.jboss.jms.server.security.SecurityMetadata;
+import org.w3c.dom.Element;
+
+/**
+ * @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
+ * @version <tt>$Revision$</tt>
+ *
+ * $Id$
+ */
+public interface SecurityStore
+{
+ /**
+ * @return the security meta-data for the given destination.
+ */
+ SecurityMetadata getSecurityMetadata(boolean isQueue, String destName);
+
+ void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
+
+ void clearSecurityConfig(boolean isQueue, String name) throws Exception;
+
+ /**
+ * Authenticate the specified user with the given password. Implementations are most likely to
+ * delegates to a JBoss AuthenticationManager.
+ *
+ * Successful autentication will place a new SubjectContext on thread local, which will be used
+ * in the authorization process. However, we need to make sure we clean up thread local
+ * immediately after we used the information, otherwise some other people security my be screwed
+ * up, on account of thread local security stack being corrupted.
+ *
+ * @throws JMSSecurityException if the user is not authenticated
+ */
+ Subject authenticate(String user, String password) throws JMSSecurityException;
+
+ /**
+ * Authorize that the subject has at least one of the specified roles. Implementations are most
+ * likely to delegates to a JBoss AuthenticationManager.
+ *
+ * @param rolePrincipals - The set of roles allowed to read/write/create the destination.
+ * @return true if the subject is authorized, or false if not.
+ */
+ boolean authorize(String user, Set rolePrincipals, CheckType checkType);
+}
Modified: trunk/src/main/org/jboss/jms/server/ServerPeer.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/ServerPeer.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/jms/server/ServerPeer.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -144,6 +144,8 @@
private boolean defaultPreserveOrdering;
private long recoverDeliveriesTimeout = 5 * 60 * 1000;
+
+ private String suckerPassword;
// wired components
@@ -255,7 +257,9 @@
if (clusterPullConnectionFactoryName != null)
{
- clusterConnectionManager = new ClusterConnectionManager(useXAForMessagePull, serverPeerID, clusterPullConnectionFactoryName, defaultPreserveOrdering);
+ clusterConnectionManager = new ClusterConnectionManager(useXAForMessagePull, serverPeerID,
+ clusterPullConnectionFactoryName, defaultPreserveOrdering,
+ suckerPassword, SecurityMetadataStore.SUCKER_USER);
clusterNotifier.registerListener(clusterConnectionManager);
}
@@ -270,6 +274,7 @@
connectorManager.start();
memoryManager.start();
messageStore.start();
+ securityStore.setSuckerPassword(suckerPassword);
securityStore.start();
txRepository.start();
clusterConnectionManager.start();
@@ -679,6 +684,21 @@
this.defaultTopicJNDIContext = defaultTopicJNDIContext;
}
+ public synchronized void setSuckerPassword(String password)
+ {
+ if (started)
+ {
+ throw new IllegalStateException("Cannot set SuckerPassword while the service is running");
+ }
+
+ if (password == null)
+ {
+ throw new IllegalArgumentException("SuckerPassword cannot be null");
+ }
+
+ this.suckerPassword = password;
+ }
+
public void enableMessageCounters()
{
messageCounterManager.start();
@@ -1184,7 +1204,7 @@
// access to hard-wired server extensions
- public SecurityManager getSecurityManager()
+ public SecurityStore getSecurityManager()
{
return securityStore;
}
Modified: trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -33,13 +33,14 @@
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.jms.destination.JBossDestination;
import org.jboss.jms.message.JBossMessage;
-import org.jboss.jms.server.SecurityManager;
+import org.jboss.jms.server.SecurityStore;
import org.jboss.jms.server.endpoint.ServerConnectionEndpoint;
import org.jboss.jms.server.endpoint.ServerConsumerEndpoint;
import org.jboss.jms.server.endpoint.ServerSessionEndpoint;
import org.jboss.jms.server.endpoint.advised.ConnectionAdvised;
import org.jboss.jms.server.endpoint.advised.ConsumerAdvised;
import org.jboss.jms.server.endpoint.advised.SessionAdvised;
+import org.jboss.jms.server.security.CheckType;
import org.jboss.jms.server.security.SecurityMetadata;
import org.jboss.jms.tx.ClientTransaction;
import org.jboss.jms.tx.TransactionRequest;
@@ -280,7 +281,7 @@
boolean isQueue = jbd.isQueue();
String name = jbd.getName();
- SecurityManager sm = conn.getSecurityManager();
+ SecurityStore sm = conn.getSecurityManager();
SecurityMetadata securityMetadata = sm.getSecurityMetadata(isQueue, name);
if (securityMetadata == null)
@@ -292,7 +293,7 @@
// which will be used in the authorization process. However, we need to make sure we clean up
// thread local immediately after we used the information, otherwise some other people
// security my be screwed up, on account of thread local security stack being corrupted.
-
+
sm.authenticate(conn.getUsername(), conn.getPassword());
// Authorize
@@ -301,7 +302,7 @@
securityMetadata.getCreatePrincipals();
try
{
- if (!sm.authorize(conn.getUsername(), principals))
+ if (!sm.authorize(conn.getUsername(), principals, checkType))
{
String msg = "User: " + conn.getUsername() +
" is not authorized to " +
@@ -345,31 +346,7 @@
}
// Inner classes -------------------------------------------------
-
- private static class CheckType
- {
- private int type;
- private CheckType(int type)
- {
- this.type = type;
- }
- public static final int TYPE_READ = 0;
- public static final int TYPE_WRITE = 1;
- public static final int TYPE_CREATE = 2;
- public static CheckType READ = new CheckType(TYPE_READ);
- public static CheckType WRITE = new CheckType(TYPE_WRITE);
- public static CheckType CREATE = new CheckType(TYPE_CREATE);
- public boolean equals(Object other)
- {
- if (!(other instanceof CheckType)) return false;
- CheckType ct = (CheckType)other;
- return ct.type == this.type;
- }
- public int hashCode()
- {
- return type;
- }
- }
+
}
Modified: trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionEndpoint.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionEndpoint.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionEndpoint.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -44,7 +44,7 @@
import org.jboss.jms.message.JBossMessage;
import org.jboss.jms.server.ConnectionManager;
import org.jboss.jms.server.JMSCondition;
-import org.jboss.jms.server.SecurityManager;
+import org.jboss.jms.server.SecurityStore;
import org.jboss.jms.server.ServerPeer;
import org.jboss.jms.server.endpoint.advised.SessionAdvised;
import org.jboss.jms.tx.ClientTransaction;
@@ -106,7 +106,7 @@
// access to server's extensions
private PostOffice postOffice;
- private SecurityManager sm;
+ private SecurityStore sm;
private ConnectionManager cm;
private TransactionRepository tr;
private MessageStore ms;
@@ -531,7 +531,7 @@
return password;
}
- public SecurityManager getSecurityManager()
+ public SecurityStore getSecurityManager()
{
return sm;
}
Added: trunk/src/main/org/jboss/jms/server/security/CheckType.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/security/CheckType.java (rev 0)
+++ trunk/src/main/org/jboss/jms/server/security/CheckType.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.security;
+
+/**
+ *
+ * @author Peter Antman
+ * @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>
+ * @version $Revision: 2925 $
+ *
+ * $Id: $
+ */
+public class CheckType
+{
+ public int type;
+ public CheckType(int type)
+ {
+ this.type = type;
+ }
+ public static final int TYPE_READ = 0;
+ public static final int TYPE_WRITE = 1;
+ public static final int TYPE_CREATE = 2;
+ public static CheckType READ = new CheckType(TYPE_READ);
+ public static CheckType WRITE = new CheckType(TYPE_WRITE);
+ public static CheckType CREATE = new CheckType(TYPE_CREATE);
+ public boolean equals(Object other)
+ {
+ if (!(other instanceof CheckType)) return false;
+ CheckType ct = (CheckType)other;
+ return ct.type == this.type;
+ }
+ public int hashCode()
+ {
+ return type;
+ }
+}
Modified: trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -31,7 +31,7 @@
import javax.naming.NamingException;
import javax.security.auth.Subject;
-import org.jboss.jms.server.SecurityManager;
+import org.jboss.jms.server.SecurityStore;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
@@ -51,12 +51,16 @@
*
* $Id$
*/
-public class SecurityMetadataStore implements SecurityManager
+public class SecurityMetadataStore implements SecurityStore
{
// Constants -----------------------------------------------------
private static final Logger log = Logger.getLogger(SecurityMetadataStore.class);
+ public static final String SUCKER_USER = "JBM.SUCKER";
+
+ public static final String DEFAULT_SUCKER_USER_PASSWORD = "CHANGE ME!!";
+
// Attributes ----------------------------------------------------
private boolean trace = log.isTraceEnabled();
@@ -69,6 +73,8 @@
private Element defaultSecurityConfig;
private String securityDomain;
+
+ private String suckerPassword;
// Static --------------------------------------------------------
@@ -153,11 +159,11 @@
topicSecurityConf.remove(name);
}
}
-
+
public Subject authenticate(String user, String password) throws JMSSecurityException
{
if (trace) { log.trace("authenticating user " + user); }
-
+
SimplePrincipal principal = new SimplePrincipal(user);
char[] passwordChars = null;
if (password != null)
@@ -166,8 +172,25 @@
}
Subject subject = new Subject();
+
+ boolean authenticated = false;
+
+ if (SUCKER_USER.equals(user))
+ {
+ if (trace) { log.trace("Authenticating sucker user"); }
+
+ checkDefaultSuckerPassword(password);
+
+ // The special user SUCKER_USER is used for creating internal connections that suck messages between nodes
+
+ authenticated = suckerPassword.equals(password);
+ }
+ else
+ {
+ authenticated = authenticationManager.isValid(principal, passwordChars, subject);
+ }
- if (authenticationManager.isValid(principal, passwordChars, subject))
+ if (authenticated)
{
// Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
// you're done with it.
@@ -180,21 +203,40 @@
}
}
- public boolean authorize(String user, Set rolePrincipals)
+ public boolean authorize(String user, Set rolePrincipals, CheckType checkType)
{
if (trace) { log.trace("authorizing user " + user + " for role(s) " + rolePrincipals.toString()); }
+
+ if (SUCKER_USER.equals(user))
+ {
+ //The special user SUCKER_USER is used for creating internal connections that suck messages between nodes
+ //It has automatic read access to all destinations
+ return (checkType.equals(CheckType.READ));
+ }
Principal principal = user == null ? null : new SimplePrincipal(user);
-
+
boolean hasRole = realmMapping.doesUserHaveRole(principal, rolePrincipals);
if (trace) { log.trace("user " + user + (hasRole ? " is " : " is NOT ") + "authorized"); }
- return hasRole;
+ return hasRole;
}
-
+
// Public --------------------------------------------------------
+ public void setSuckerPassword(String password)
+ {
+ if (password == null)
+ {
+ password = DEFAULT_SUCKER_USER_PASSWORD;
+ }
+
+ checkDefaultSuckerPassword(password);
+
+ this.suckerPassword = password;
+ }
+
public void start() throws NamingException
{
if (trace) { log.trace("initializing SecurityMetadataStore"); }
@@ -265,7 +307,16 @@
// Package Private -----------------------------------------------
// Private -------------------------------------------------------
+
+ private void checkDefaultSuckerPassword(String password)
+ {
+ // Sanity check
+ if (DEFAULT_SUCKER_USER_PASSWORD.equals(password))
+ {
+ log.warn("*** THE DEFAULT SUCKER USER PASSWORD HAS NOT BE CHANGED FROM THE INSTALLATION DEFAULT - THIS IS A SECURITY RISK - PLEASE CHANGE THIS!! **");
+ }
+ }
- // Inner class ---------------------------------------------------
+ // Inner class ---------------------------------------------------
}
Modified: trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -83,8 +83,14 @@
private boolean preserveOrdering;
+ private String suckerUser;
+
+ private String suckerPassword;
+
public ClusterConnectionManager(boolean xa, int nodeID,
- String connectionFactoryUniqueName, boolean preserveOrdering)
+ String connectionFactoryUniqueName, boolean preserveOrdering,
+ String suckerUser,
+ String suckerPassword)
{
connections = new HashMap();
@@ -411,7 +417,7 @@
{
try
{
- ConnectionInfo info = new ConnectionInfo(new JBossConnectionFactory(delegate));
+ ConnectionInfo info = new ConnectionInfo(new JBossConnectionFactory(delegate), suckerUser, suckerPassword);
log.trace(this + " created connection info " + info);
@@ -610,11 +616,19 @@
private boolean started;
- ConnectionInfo(JBossConnectionFactory connectionFactory) throws Exception
+ private String suckerUser;
+
+ private String suckerPassword;
+
+ ConnectionInfo(JBossConnectionFactory connectionFactory, String suckerUser, String suckerPassword) throws Exception
{
this.connectionFactory = connectionFactory;
this.suckers = new HashMap();
+
+ this.suckerUser = suckerUser;
+
+ this.suckerPassword = suckerPassword;
}
synchronized void start() throws Exception
@@ -626,7 +640,7 @@
if (connection == null)
{
- connection = (JBossConnection)connectionFactory.createConnection();
+ connection = (JBossConnection)connectionFactory.createConnection(suckerUser, suckerPassword);
}
connection.start();
Modified: trunk/tests/src/org/jboss/test/messaging/jms/bridge/BridgeTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/bridge/BridgeTest.java 2007-09-19 09:24:09 UTC (rev 3117)
+++ trunk/tests/src/org/jboss/test/messaging/jms/bridge/BridgeTest.java 2007-09-19 12:52:41 UTC (rev 3118)
@@ -255,6 +255,19 @@
testStress(Bridge.QOS_ONCE_AND_ONLY_ONCE, false, 1);
}
+ // Max batch time
+
+ public void testStressMaxBatchTime_OnceAndOnlyOnce_NP() throws Exception
+ {
+ this.testStressBatchTime(Bridge.QOS_ONCE_AND_ONLY_ONCE, false, 200);
+ }
+
+ public void testStressMaxBatchTime_OnceAndOnlyOnce_P() throws Exception
+ {
+ this.testStressBatchTime(Bridge.QOS_ONCE_AND_ONLY_ONCE, true, 200);
+ }
+
+
// Stress on same server
// Stress with batch size of 50
@@ -1013,6 +1026,79 @@
}
}
+ private void testStressBatchTime(int qosMode, boolean persistent, int maxBatchTime) throws Exception
+ {
+ Connection connSource = null;
+
+ Bridge bridge = null;
+
+ Thread t = null;
+
+ try
+ {
+ bridge = new Bridge(cff0, cff1, sourceQueue, destQueue,
+ null, null, null, null,
+ null, 5000, 10, qosMode,
+ 2, maxBatchTime,
+ null, null, false);
+
+ bridge.start();
+
+ connSource = cf0.createConnection();
+
+ Session sessSend = connSource.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ MessageProducer prod = sessSend.createProducer(sourceQueue);
+
+ final int NUM_MESSAGES = 5000;
+
+ StressSender sender = new StressSender();
+ sender.sess = sessSend;
+ sender.prod = prod;
+ sender.numMessages = NUM_MESSAGES;
+ prod.setDeliveryMode(persistent ? DeliveryMode.PERSISTENT : DeliveryMode.NON_PERSISTENT);
+
+ t = new Thread(sender);
+
+ t.start();
+
+ this.checkAllMessageReceivedInOrder(cf1, destQueue, 0, NUM_MESSAGES);
+
+ t.join();
+
+ if (sender.ex != null)
+ {
+ //An error occurred during the send
+ throw sender.ex;
+ }
+
+ }
+ finally
+ {
+ if (t != null)
+ {
+ t.join(10000);
+ }
+
+ if (connSource != null)
+ {
+ try
+ {
+ connSource.close();
+ }
+ catch (Exception e)
+ {
+ log.error("Failed to close connection", e);
+ }
+ }
+
+ if (bridge != null)
+ {
+ bridge.stop();
+ }
+ }
+ }
+
//Both source and destination on same rm
private void testStressSameServer(int qosMode, boolean persistent, int batchSize) throws Exception
{
More information about the jboss-cvs-commits
mailing list