Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14992

Authenticating Jolokia using Cassandra

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Legacy/Core
    • Labels:
      None
    • Environment:

      Cassandra 3.11.3

      Ubuntu Xenial

      Jolokia 1.3.7

    • Severity:
      Normal

      Description

      Following guide (AUTHENTICATION AND AUTHORIZATION WITH CASSANDRA INTERNALS - CASSANDRA 3.6 AND LATER) does not work. I also don't understand  why the guide  says to comment out lines having `/etc/cassandra/jmxremote` in it. It should not need them. I expect jaas to take credentials passed in the http connection and use them to authenticate  against Cassandra. 

      I have the following set of options :

      -javaagent:/usr/local/share/jolokia-agent.jar=host=0.0.0.0,executor=fixed,authMode=jaas -Dcom.sun.management.jmxremote.authenticate=true, -Dcassandra.jmx.remote.login.config=CassandraLogin, -Djava.security.auth.login.config=/etc/cassandra/cassandra-jaas.config, -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy, -Dcom.sun.management.jmxremote, -Dcom.sun.management.jmxremote.ssl=false, -Dcom.sun.management.jmxremote.local.only=false, -Dcassandra.jmx.remote.port=7199, -Dcom.sun.management.jmxremote.rmi.port=7199, -Djava.rmi.server.hostname= 2a1d064ce844

      And I get an HTTP error 401 when I try to query Jolokia with no credentials and an empty response otherwise :

      $ echo '{"mbean": "org.apache.cassandra.db:type=StorageService", "attribute": "OperationMode", "type": "read"}' | http POST http://localhost:8778/jolokia/
      HTTP/1.1 401 Unauthorized
      Content-length: 0
      Date: Mon, 21 Jan 2019 18:31:35 GMT
      Www-authenticate: Basic realm="jolokia"

      If I then create jmxremote files on disk, I only get empty  responses :

      $ curl -v -u monitorRoleUser:cassie http://localhost:8778/jolokia/list/
      * Trying 127.0.0.1...
      * TCP_NODELAY set
      * Connected to localhost (127.0.0.1) port 8778 (#0)
      * Server auth using Basic with user 'monitorRoleUser'
      > GET /jolokia/list/ HTTP/1.1
      > Host: localhost:8778
      > Authorization: Basic bW9uaXRvclJvbGVVc2VyOmNhc3NpZQ==
      > User-Agent: curl/7.63.0-88
      > Accept: */*
      >
      * Empty reply from server
      * Connection #0 to host localhost left intact
      curl: (52) Empty reply from server

       

      What is missing ? Is it really functional ?

       

      I tried to ping the author of the Jolokia project but did not get any response neither on the GitHub project nor on the support forum ...

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cscetbon Cyril Scetbon
                Reporter:
                cscetbon Cyril Scetbon
                Authors:
                Cyril Scetbon
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: