Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14992

Authenticating Jolokia using Cassandra



    • Bug
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • None
    • Legacy/Core
    • None
    • Cassandra 3.11.3

      Ubuntu Xenial

      Jolokia 1.3.7

    • Normal


      Following guide (AUTHENTICATION AND AUTHORIZATION WITH CASSANDRA INTERNALS - CASSANDRA 3.6 AND LATER) does not work. I also don't understand  why the guide  says to comment out lines having `/etc/cassandra/jmxremote` in it. It should not need them. I expect jaas to take credentials passed in the http connection and use them to authenticate  against Cassandra. 

      I have the following set of options :

      -javaagent:/usr/local/share/jolokia-agent.jar=host=,executor=fixed,authMode=jaas -Dcom.sun.management.jmxremote.authenticate=true, -Dcassandra.jmx.remote.login.config=CassandraLogin, -Djava.security.auth.login.config=/etc/cassandra/cassandra-jaas.config, -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy, -Dcom.sun.management.jmxremote, -Dcom.sun.management.jmxremote.ssl=false, -Dcom.sun.management.jmxremote.local.only=false, -Dcassandra.jmx.remote.port=7199, -Dcom.sun.management.jmxremote.rmi.port=7199, -Djava.rmi.server.hostname= 2a1d064ce844

      And I get an HTTP error 401 when I try to query Jolokia with no credentials and an empty response otherwise :

      $ echo '{"mbean": "org.apache.cassandra.db:type=StorageService", "attribute": "OperationMode", "type": "read"}' | http POST http://localhost:8778/jolokia/
      HTTP/1.1 401 Unauthorized
      Content-length: 0
      Date: Mon, 21 Jan 2019 18:31:35 GMT
      Www-authenticate: Basic realm="jolokia"

      If I then create jmxremote files on disk, I only get empty  responses :

      $ curl -v -u monitorRoleUser:cassie http://localhost:8778/jolokia/list/
      * Trying
      * TCP_NODELAY set
      * Connected to localhost ( port 8778 (#0)
      * Server auth using Basic with user 'monitorRoleUser'
      > GET /jolokia/list/ HTTP/1.1
      > Host: localhost:8778
      > Authorization: Basic bW9uaXRvclJvbGVVc2VyOmNhc3NpZQ==
      > User-Agent: curl/7.63.0-88
      > Accept: */*
      * Empty reply from server
      * Connection #0 to host localhost left intact
      curl: (52) Empty reply from server


      What is missing ? Is it really functional ?


      I tried to ping the author of the Jolokia project but did not get any response neither on the GitHub project nor on the support forum ...



        Issue Links



              cscetbon Cyril Scetbon
              cscetbon Cyril Scetbon
              Cyril Scetbon
              0 Vote for this issue
              1 Start watching this issue