)

* feat(AMQ-9559)/feat(#1882): The failover test correctly reproduces the bug: it blocks for 20+ seconds proving WriteTimeoutFilter.start() does not enforce soWriteTimeout.

* feat(AMQ-9559)/feat(#1882): Similar to oneway() add registerWrite/deRegisterWrite around super.start()

Adding a null check in the TimeoutThread is required to avoid random NPE if the TimeoutThread kicks in after the registerWrite but before initializeStreams() is called resulting in a NPE because TcpTransport.buffOut is null.

(cherry picked from commit 2fee158)

Co-authored-by: Jean-Louis Monteiro <[email protected]>

The wrong variable is being referenced in the nested loop. This does not
cause the validation to actually break due to other checks done during
the recursive call, but is incorrect either way. With this fix the
counter needed tweaking for limiting the number of nested components as
well.

Follow on to #1847

(cherry picked from commit b787b0e)

This adds a new system property to control which protocol types are
valid for loading resources using the XBeanBrokerFactory. By default
only file and classpath resources can be loaded.

The goal of this is to prevent possible future security issues by
hardening what is allowed to be loaded by default.

(cherry picked from commit 85fa7bb)

The brokerName should come from BrokerService and should only be
configured on first creation. This update changes RegionBroker so that
it gets the name from the broker service during construction and
verifies that it is not null.

The other benefit of this is that BrokerService always validates the
name has valid characters. This change also cleans up the name regex to
get rid of unnecessary escapes and also adds some regex tests.

(cherry picked from commit 084502a)

This also prevents the Http discovery transport from being added as a
connector or network connector through JMX and Jolokia

(cherry picked from commit 5bda7d8)

(cherry picked from commit 52bef00)

(cherry picked from commit 95eeb90)

…quired (slave broker with startAsync="true") [6.2.x] (#1934)

* fix(webconsole): the webconsole now redirect to the slave.jsp when required (slave broker with startAsync="true")

* fix(assembly): add id="broker" to sample configs so jetty.xml depends-on resolves

The BrokerXmlConfigStartTest loads all activemq-*.xml sample configs
which import jetty.xml. Since jetty.xml now has depends-on="broker" on
the invokeStart bean, the sample configs need a matching bean id.

This change makes sure we always use the correct content type for the
output based on the configured view and also escape xml content when
displaying.

(cherry picked from commit a240dba)

Add on more types to the list of denied transports through JMX

Follow on to #1918

(cherry picked from commit fb9f86d)

This expands on the previous work in #1910 to add treat remote files as
a separate protocol category that can be controlled independently of
regular files when loading resources. By default remote files will be
disabled.

Follow on to #1910

(cherry picked from commit 87f1880)