Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using discoveryAgentUrl will cause all discovered agents to be non secured #193

Closed
davsclaus opened this issue Apr 25, 2015 · 3 comments
Closed
Milestone

Comments

@davsclaus
Copy link

@davsclaus davsclaus commented Apr 25, 2015

I am trying to setup Apache ActiveMQ so it has discovery easily out of the box if people enable it.

As the url is blank by default, I am configuring it in a web.xml file as shown

    <servlet>
        <servlet-name>jolokia-agent</servlet-name>
        <servlet-class>org.jolokia.http.AgentServlet</servlet-class>
        <load-on-startup>1</load-on-startup>     
        <init-param>
          <param-name>discoveryEnabled</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>discoveryAgentUrl</param-name>
          <param-value>http://${host}:8161/api/jolokia</param-value>
        </init-param>
        <init-param>
          <param-name>agentDescription</param-name>
          <param-value>Apache ActiveMQ</param-value>
        </init-param>
    </servlet>

This ensures I can configure the correct path.

Now I disable the discoveryAgentUrl init parameter and let jolokia return a default value, to show that the agent is secured.

As the default discovery renders the wrong path, as that becomes /api and not /api/jolokia. See the screenshot below from a web browser with the json returned

screen shot 2015-04-25 at 8 28 19 am

Notice that the json has secured: true.

Now if I enable the discoveryAgentUrl init-parameter and do this again, the json returned is as shown below. As you can see the secured: true is gone

screen shot 2015-04-25 at 8 31 33 am

@davsclaus
Copy link
Author

@davsclaus davsclaus commented Apr 25, 2015

So maybe we need a new init-parameter I can use to configure it as secured

  <init-param>
          <param-name>discoveryAgentSecured</param-name>
          <param-value>true</param-value>
        </init-param>
@rhuss rhuss added this to the 1.2.4 milestone May 4, 2015
@rhuss
Copy link
Owner

@rhuss rhuss commented May 5, 2015

You are right, this is not consistent. In fact, when an URL is tried to be autodetected then the agentUrl is lazily extracted from the first request that comes in. This also can autodetect the security mode (HttpRequest.getAuthType()).

However, when an URL is provided, no autodetection is tried, even not for the security mode (which is this case sticks undefined). It would be better to allow a config parameter as you suggest and to do autodetection if this parameter is not given (even when the URL is provided).

I'll will implement that for 1.2.4

@rhuss rhuss closed this in 25e9a3e May 6, 2015
@rhuss
Copy link
Owner

@rhuss rhuss commented May 6, 2015

I fixed this in so far so that "secure" is always extracted from the first HttpRequest, regardless whether the url is set or autodetected. Hopefully this is good enough so that we can avoid an extra configuration option (we already have quite a moutful of them).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.