Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using discoveryAgentUrl will cause all discovered agents to be non secured #193

Closed
davsclaus opened this issue Apr 25, 2015 · 3 comments
Closed

Using discoveryAgentUrl will cause all discovered agents to be non secured #193

davsclaus opened this issue Apr 25, 2015 · 3 comments
Milestone
1.3.0

Comments

@davsclaus
Copy link

I am trying to setup Apache ActiveMQ so it has discovery easily out of the box if people enable it.

As the url is blank by default, I am configuring it in a web.xml file as shown

    <servlet>
        <servlet-name>jolokia-agent</servlet-name>
        <servlet-class>org.jolokia.http.AgentServlet</servlet-class>
        <load-on-startup>1</load-on-startup>     
        <init-param>
          <param-name>discoveryEnabled</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>discoveryAgentUrl</param-name>
          <param-value>http://${host}:8161/api/jolokia</param-value>
        </init-param>
        <init-param>
          <param-name>agentDescription</param-name>
          <param-value>Apache ActiveMQ</param-value>
        </init-param>
    </servlet>

This ensures I can configure the correct path.

Now I disable the discoveryAgentUrl init parameter and let jolokia return a default value, to show that the agent is secured.

As the default discovery renders the wrong path, as that becomes /api and not /api/jolokia. See the screenshot below from a web browser with the json returned

screen shot 2015-04-25 at 8 28 19 am

Notice that the json has secured: true.

Now if I enable the discoveryAgentUrl init-parameter and do this again, the json returned is as shown below. As you can see the secured: true is gone

screen shot 2015-04-25 at 8 31 33 am
@davsclaus
Copy link
Author

So maybe we need a new init-parameter I can use to configure it as secured

  <init-param>
          <param-name>discoveryAgentSecured</param-name>
          <param-value>true</param-value>
        </init-param>

@rhuss rhuss added this to the 1.2.4 milestone May 4, 2015
@rhuss
Copy link
Owner

rhuss commented May 5, 2015

You are right, this is not consistent. In fact, when an URL is tried to be autodetected then the agentUrl is lazily extracted from the first request that comes in. This also can autodetect the security mode (HttpRequest.getAuthType()).

However, when an URL is provided, no autodetection is tried, even not for the security mode (which is this case sticks undefined). It would be better to allow a config parameter as you suggest and to do autodetection if this parameter is not given (even when the URL is provided).

I'll will implement that for 1.2.4

@rhuss rhuss closed this as completed in 25e9a3e May 6, 2015
@rhuss
Copy link
Owner

rhuss commented May 6, 2015

I fixed this in so far so that "secure" is always extracted from the first HttpRequest, regardless whether the url is set or autodetected. Hopefully this is good enough so that we can avoid an extra configuration option (we already have quite a moutful of them).

@davsclaus davsclaus mentioned this issue May 7, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.3.0
Development

No branches or pull requests
2 participants
@rhuss @davsclaus