[
https://issues.apache.org/jira/browse/ARTEMIS-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17115339#comment-17115339
]
Justin Bertram edited comment on ARTEMIS-2779 at 5/24/20, 2:53 PM:
-------------------------------------------------------------------
I created a vanilla instance of Artemis 2.13.0 using this command:
{noformat}
./artemis create ~/ARTEMIS-2779 --user admin --password admin --require-login
{noformat}
After starting the broker I ran this command (which you provided):
{noformat}
curl -u admin:admin http://localhost:8161/console/jolokia
{noformat}
It returned this error:
{noformat}
{"error_type":"java.lang.Exception","error":"java.lang.Exception : Origin null
is not allowed to call this agent","status":403}
{noformat}
It returned this error due to the default configuration of
{{jolokia-access.xml}} in the {{etc}} directory:
{code:xml}
<!-- This policy file controls the Jolokia JMX-HTTP bridge security options for
the web console.
see: https://jolokia.org/reference/html/security.html -->
<restrict>
<cors>
<!-- Allow cross origin access from localhost ... -->
<allow-origin>*://localhost*</allow-origin>
<!-- Options from this point on are auto-generated by Create.java from
the Artemis CLI -->
<!-- Check for the proper origin on the server side, too -->
<strict-checking/>
</cors>
</restrict>
{code}
Therefore I added the {{Origin}} header to my request:
{noformat}
curl -H "Origin: http://localhost:8161"; -u admin:admin
http://localhost:8161/console/jolokia
{noformat}
Then it returned a valid response:
{noformat}
{"request":{"type":"version"},"value":{"agent":"1.6.2","protocol":"7.2","config":{"listenForHttpService":"true","authIgnoreCerts":"false","agentId":"192.168.2.16-20411-70fab835-servlet","debug":"false","agentType":"servlet","policyLocation":"file:\/home\/jbertram\/ARTEMIS-2779\/etc\/jolokia-access.xml","agentContext":"\/jolokia","serializeException":"false","mimeType":"text\/plain","dispatcherClasses":"org.jolokia.http.Jsr160ProxyNotEnabledByDefaultAnymoreDispatcher","authMode":"basic","authMatch":"any","streaming":"true","canonicalNaming":"true","historyMaxEntries":"10","allowErrorDetails":"false","allowDnsReverseLookup":"true","realm":"jolokia","includeStackTrace":"false","restrictorClass":"io.hawt.web.RBACRestrictor","mbeanQualifier":"qualifier=hawtio","useRestrictorService":"false","debugMaxEntries":"100"},"info":{"product":"jetty","vendor":"Eclipse","version":"9.4.26.v20200117"}},"timestamp":1590331762,"status":200}
{noformat}
I wasn't able to reproduce the behavior you saw initially with the {{Unknown
macro: \{"error_type"\}}}. The error I received specifically indicated what the
issue was. Once I adjusted my request properly everything worked.
was (Author: jbertram):
I created a vanilla instance of Artemis 2.13.0 using this command:
{noformat}
./artemis create ~/ARTEMIS-2779 --user admin --password admin --require-login
{noformat}
After starting the broker I ran this command (which you provided):
{noformat}
curl -u admin:admin http://localhost:8161/console/jolokia
{noformat}
It returned this error:
{noformat}
{"error_type":"java.lang.Exception","error":"java.lang.Exception : Origin null
is not allowed to call this agent","status":403}
{noformat}
Therefore I added the {{Origin}} header to my request:
{noformat}
curl -H "Origin: http://localhost:8161"; -u admin:admin
http://localhost:8161/console/jolokia
{noformat}
Then it returned this:
{noformat}
{"request":{"type":"version"},"value":{"agent":"1.6.2","protocol":"7.2","config":{"listenForHttpService":"true","authIgnoreCerts":"false","agentId":"192.168.2.16-20411-70fab835-servlet","debug":"false","agentType":"servlet","policyLocation":"file:\/home\/jbertram\/ARTEMIS-2779\/etc\/jolokia-access.xml","agentContext":"\/jolokia","serializeException":"false","mimeType":"text\/plain","dispatcherClasses":"org.jolokia.http.Jsr160ProxyNotEnabledByDefaultAnymoreDispatcher","authMode":"basic","authMatch":"any","streaming":"true","canonicalNaming":"true","historyMaxEntries":"10","allowErrorDetails":"false","allowDnsReverseLookup":"true","realm":"jolokia","includeStackTrace":"false","restrictorClass":"io.hawt.web.RBACRestrictor","mbeanQualifier":"qualifier=hawtio","useRestrictorService":"false","debugMaxEntries":"100"},"info":{"product":"jetty","vendor":"Eclipse","version":"9.4.26.v20200117"}},"timestamp":1590331762,"status":200}
{noformat}
I wasn't able to reproduce the behavior you saw initially with the {{Unknown
macro: \{"error_type"\}}}. The error I received specifically indicated what the
issue was. Once I adjusted my request properly everything worked.
> In Artemis >= 2.12.0 jolokia won't accept connections
> ------------------------------------------------------
>
> Key: ARTEMIS-2779
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2779
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.12.0, 2.13.0
> Environment: OS: Ubuntu 20.04 LTS x86_64
> Kernel: 5.4.0-29-generic
> Shell: bash 5.0.16
> Memory: 4385MiB / 32096MiB
>
> Reporter: Victor Romero
> Priority: Blocker
>
>
> In Artemis >= 2.12.0 jolokia won't accept connections, and will return the
> following:
> {quote}{"error_type":"java.lang.Exception","error":"java.lang.Exception :
> Origin null is not allowed to call this agent","status":403}
> {quote}
> Steps to reproduce:
> Create a vanilla 2.1[23]\{1}.0 broker instance with user admin password
> admin. Run it, and run the following command:
> {{curl -u admin:admin [http://localhost:8161/console/jolokia]}}
> I'm tagging as blocker as a broker without monitoring is IMHO more a problem
> than a solution, but feel free to change.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
