-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote connection to authenticated Jolokia may cause endless redirect loop #910
Comments
Also I can't (yet) determine when browser popup is displayed and when Hawtio React |
Some test scenarios I found: Connect after clearing "HTTP authentications"
[
{
"name": "grgr-test-jolokia",
"scheme": "http",
"host": "localhost",
"port": 7778,
"path": "/jolokia"
}
]
Clearing "HTTP authentications" when connected tab is working (session storage should not contain encrypted credentials, so we should use the path that doesn't involve React dialog from Hawtio.)
|
We can also test it with this jbang script: ///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=port=8778,protocol=http,debug=true,discoveryEnabled=true,user=grgr,password=grgr "$0" "$@" ; exit $?
//DEPS org.apache.camel:camel-bom:4.6.0@pom
//DEPS org.apache.camel:camel-core
//DEPS org.apache.camel:camel-management
//DEPS org.apache.camel:camel-main
//DEPS org.apache.camel:camel-stream
//DEPS org.slf4j:slf4j-simple:2.0.13
// Camel imports
import org.apache.camel.*;
import org.apache.camel.builder.*;
import org.apache.camel.main.*;
import org.apache.camel.spi.*;
import static org.apache.camel.builder.PredicateBuilder.*;
import static java.lang.System.*;
class camel_jmx {
public static void main(String... args) throws Exception {
out.println("Running Camel route...");
var main = new Main();
main.configure().addRoutesBuilder(new RouteBuilder() {
public void configure() throws Exception {
from("timer:hello?period=3000")
.setBody().constant("Hello Camel!")
.to("stream:out");
}
});
main.run();
}
} |
Closing as can't reproduce and after some improvements from #832. |
I'm still finding the exact path, but generally I was trying to connect to remote Jolokia agent with basic authentication enabled.
When connecting, I saw browser popup to enter Basic credentials for target Jolokia - when done properly, these credentials are then sent to remote Jolokia (browser adds
Authorization
header to xhr requests).But at some point I've somehow stored bad credentials in browser's credential cache and then this
Authorization
header (with bad credentials) was added automatically not only for proxied request (to remote Jolokia), but to main hawtio causing 403 and logout...The text was updated successfully, but these errors were encountered: