You are right, this is not consistent. In fact, when an URL is tried to be autodetected then the agentUrl is lazily extracted from the first request that comes in. This also can autodetect the security mode (HttpRequest.getAuthType()).
However, when an URL is provided, no autodetection is tried, even not for the security mode (which is this case sticks undefined). It would be better to allow a config parameter as you suggest and to do autodetection if this parameter is not given (even when the URL is provided).
I fixed this in so far so that "secure" is always extracted from the first HttpRequest, regardless whether the url is set or autodetected. Hopefully this is good enough so that we can avoid an extra configuration option (we already have quite a moutful of them).
I am trying to setup Apache ActiveMQ so it has discovery easily out of the box if people enable it.
As the url is blank by default, I am configuring it in a web.xml file as shown
This ensures I can configure the correct path.
Now I disable the discoveryAgentUrl init parameter and let jolokia return a default value, to show that the agent is secured.
As the default discovery renders the wrong path, as that becomes /api and not /api/jolokia. See the screenshot below from a web browser with the json returned
Notice that the json has
Now if I enable the discoveryAgentUrl init-parameter and do this again, the json returned is as shown below. As you can see the
secured: trueis gone
The text was updated successfully, but these errors were encountered: