[jira] [Updated] (CASSANDRA-14992) Authenticating Jolokia using Cassandra

[Cyril Scetbon (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-14992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cyril Scetbon updated CASSANDRA-14992:
--------------------------------------
    Reproduced In: 3.11.3  (was: 3.11.4)

> Authenticating Jolokia using Cassandra
> --------------------------------------
>
>                 Key: CASSANDRA-14992
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14992
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Legacy/Core
>         Environment: Cassandra 3.11.3
> Ubuntu Xenial
> Jolokia 1.3.7
>            Reporter: Cyril Scetbon
>            Assignee: Cyril Scetbon
>            Priority: Major
>
> Following 
> [guide|https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureJmxAuthentication.html]
>  (AUTHENTICATION AND AUTHORIZATION WITH CASSANDRA INTERNALS - CASSANDRA 3.6 
> AND LATER) does not work. I also don't understand  why the guide  says to 
> comment out lines having `/etc/cassandra/jmxremote` in it. It should not need 
> them. I expect jaas to take credentials passed in the http connection and use 
> them to authenticate  against Cassandra. 
> I have the following set of options :
> {code:java}
> -javaagent:/usr/local/share/jolokia-agent.jar=host=0.0.0.0,executor=fixed,authMode=jaas
>  -Dcom.sun.management.jmxremote.authenticate=true, 
> -Dcassandra.jmx.remote.login.config=CassandraLogin, 
> -Djava.security.auth.login.config=/etc/cassandra/cassandra-jaas.config, 
> -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy, 
> -Dcom.sun.management.jmxremote, -Dcom.sun.management.jmxremote.ssl=false, 
> -Dcom.sun.management.jmxremote.local.only=false, 
> -Dcassandra.jmx.remote.port=7199, 
> -Dcom.sun.management.jmxremote.rmi.port=7199, -Djava.rmi.server.hostname= 
> 2a1d064ce844{code}
> And I get an HTTP error 401 when I try to query Jolokia with no credentials 
> and an empty response otherwise :
> {code:java}
> $ echo '{"mbean": "org.apache.cassandra.db:type=StorageService", "attribute": 
> "OperationMode", "type": "read"}' | http POST http://localhost:8778/jolokia/
> HTTP/1.1 401 Unauthorized
> Content-length: 0
> Date: Mon, 21 Jan 2019 18:31:35 GMT
> Www-authenticate: Basic realm="jolokia"{code}
> If I then create jmxremote files on disk, I only get empty  responses :
> {code:java}
> $ curl -v -u monitorRoleUser:cassie http://localhost:8778/jolokia/list/
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to localhost (127.0.0.1) port 8778 (#0)
> * Server auth using Basic with user 'monitorRoleUser'
> > GET /jolokia/list/ HTTP/1.1
> > Host: localhost:8778
> > Authorization: Basic bW9uaXRvclJvbGVVc2VyOmNhc3NpZQ==
> > User-Agent: curl/7.63.0-88
> > Accept: */*
> >
> * Empty reply from server
> * Connection #0 to host localhost left intact
> curl: (52) Empty reply from server{code}
>  
> What is missing ? Is it really functional ?
>  
> I tried to ping the author of the Jolokia project but did not get any 
> response neither on the GitHub project nor on the support forum ...
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org