Closed grgrzybek closed 1 month ago
Also I can't (yet) determine when browser popup is displayed and when Hawtio React <ConnectLogin>
is displayed...
Some test scenarios I found:
Connect after clearing "HTTP authentications"
yarn start
in top level dir of hawtio-next-javaagent:jolokia-agent-jvm-2.0.2-javaagent.jar=port=7778,protocol=http,debug=true,discoveryEnabled=true,user=grgr,password=grgr
[
{
"name": "grgr-test-jolokia",
"scheme": "http",
"host": "localhost",
"port": 7778,
"path": "/jolokia"
}
]
/hawtio/proxy/http/localhost/...
requests end with 401 and Hawtio displays React dialog to enter the credentials
connect.salt
and connect.credentials
to session storage and additionally browser offers to store the credentials in its own storage. only one entry in password manager is created:
Clearing "HTTP authentications" when connected tab is working
(session storage should not contain encrypted credentials, so we should use the path that doesn't involve React dialog from Hawtio.)
/proxy
requests
- start remote Jolokia application with -javaagent:jolokia-agent-jvm-2.0.2-javaagent.jar=port=7778,protocol=http,debug=true,discoveryEnabled=true,user=grgr,password=grgr
We can also test it with this jbang script:
///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=port=8778,protocol=http,debug=true,discoveryEnabled=true,user=grgr,password=grgr "$0" "$@" ; exit $?
//DEPS org.apache.camel:camel-bom:4.6.0@pom
//DEPS org.apache.camel:camel-core
//DEPS org.apache.camel:camel-management
//DEPS org.apache.camel:camel-main
//DEPS org.apache.camel:camel-stream
//DEPS org.slf4j:slf4j-simple:2.0.13
// Camel imports
import org.apache.camel.*;
import org.apache.camel.builder.*;
import org.apache.camel.main.*;
import org.apache.camel.spi.*;
import static org.apache.camel.builder.PredicateBuilder.*;
import static java.lang.System.*;
class camel_jmx {
public static void main(String... args) throws Exception {
out.println("Running Camel route...");
var main = new Main();
main.configure().addRoutesBuilder(new RouteBuilder() {
public void configure() throws Exception {
from("timer:hello?period=3000")
.setBody().constant("Hello Camel!")
.to("stream:out");
}
});
main.run();
}
}
Closing as can't reproduce and after some improvements from #832.
I'm still finding the exact path, but generally I was trying to connect to remote Jolokia agent with basic authentication enabled. When connecting, I saw browser popup to enter Basic credentials for target Jolokia - when done properly, these credentials are then sent to remote Jolokia (browser adds
Authorization
header to xhr requests).But at some point I've somehow stored bad credentials in browser's credential cache and then this
Authorization
header (with bad credentials) was added automatically not only for proxied request (to remote Jolokia), but to main hawtio causing 403 and logout...