search

artemiscloud / activemq-artemis-operator

Apache License 2.0
66 stars 62 forks source link

Console got `Permissions policy violation: Synchronous requests are disabled by permissions policy` error. #932

Closed win5923 closed 4 months ago

win5923 commented 4 months ago

Describe the bug Hi, I'm encountering some issues while trying to expose the console to the outside.

When I use the following Istio gateway and virtualService for routing:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: activemq-gateway
  namespace: activemq-artemis-operator
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
      - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: activemq-web-virtualservice
  namespace: activemq-artemis-operator
spec:
  gateways:
    - activemq-gateway
  hosts:
    - "*"
  http:
  - match:
    - uri:
        prefix: /
    route:
      - destination:
          host: artemis-broker-wconsj-0-svc
          port:
            number: 8162

DevTools shows: [Violation] Permissions policy violation: Synchronous requests are disabled by permissions policy., [hawtio-core] Failed loading script: " Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://x.x.x.x/artemis-plugin/plugin/js/artemisHelpers.js?_=1716344301188'. " (<a href=" /artemis-plugin/plugin/js/artemisHelpers.js : undefined "> /artemis-plugin/plugin/js/artemisHelpers.js image

Using the Kubernetes port-forwarding feature, the browser displays the content normally. image

I attempted to modify the /home/jboss/amq-broker/etc/jolokia-access.xml to <allow-origin>*://*</allow-origin>, but it didn't help.

artemis-broker-container-init args:

Creating Broker with args --silent --role admin --name amq-broker --http-host 0.0.0.0 --java-options=-Djava.net.preferIPv4Stack=true  --user XXXXX --password XXXXX  --require-login --no-amqp-acceptor --no-hornetq-acceptor --no-mqtt-acceptor --no-stomp-acceptor --relax-jolokia --clustered --cluster-user XXXXX --cluster-password XXXXX --host 0.0.0.0 --nio at /home/jboss/amq-broker

artemis-broker-container logs:

2024-05-22 02:15:13,548 INFO  [io.hawt.HawtioContextListener] Initialising hawtio services
2024-05-22 02:15:13,551 INFO  [io.hawt.system.ConfigManager] Configuration will be discovered via system properties
2024-05-22 02:15:13,552 INFO  [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 2.17.7
2024-05-22 02:15:13,556 INFO  [io.hawt.web.auth.AuthenticationConfiguration] Starting hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "admin" role principal classes: "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal"
2024-05-22 02:15:13,562 INFO  [io.hawt.web.auth.LoginRedirectFilter] Hawtio loginRedirectFilter is using 1800 sec. HttpSession timeout
2024-05-22 02:15:13,604 INFO  [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://0.0.0.0:8161
2024-05-22 02:15:13,605 INFO  [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia
2024-05-22 02:15:13,605 INFO  [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://0.0.0.0:8161/console
2024-05-22 02:15:16,049 INFO  [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/home/jboss/amq-broker/etc/jolokia-access.xml]
2024-05-22 02:16:54,729 INFO  [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout
2024-05-22 02:17:05,363 INFO  [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled
2024-05-22 02:17:06,390 INFO  [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled

Version;

[!TIP] Vote this issue reacting with :+1: or :-1:

brusdev commented 4 months ago

The same issue is opened at https://github.com/hawtio/hawtio/issues/3456