You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "daves (Jira)" <ji...@apache.org> on 2022/10/04 16:06:00 UTC

[jira] [Comment Edited] (ARTEMIS-4027) Cannot access management API due to CORS problems (403)

    [ https://issues.apache.org/jira/browse/ARTEMIS-4027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612662#comment-17612662 ] 

daves edited comment on ARTEMIS-4027 at 10/4/22 4:05 PM:
---------------------------------------------------------

[~jbertram] Sure here is how we create a broker:
 
*$artemisInstallDirectory* is the path to the extracted zip file. The script should work with pwsh and powershell.
The builtin service account should work, but we use special user for the serive.
{code:bash}
        $username = "admin"
        $password = "password"
        $brokerName = "MyBroker"
        $datadir = "C:\Data\"
        $instanceDirector = "C:\Apache\Artemis\MyBroker"
        $artemisInstallDirectory = "C:\Apache\Artemis\apache-artemis-2.25.0"
        $artemisCmdPath = Join-Path $artemisInstallDirectory "\bin\artemis.cmd"
        Start-Process -Wait -WindowStyle Hidden -FilePath $artemisCmdPath "create --data `"$datadir`" --name $brokerName --user $username --password $password --require-login `"$instanceDirector`""
       
        $instanceServiceExe = Join-Path $instanceDirector "\bin\artemis-service.exe"
        Start-Process -FilePath $instanceServiceExe -ArgumentList "install" -RedirectStandardOutput "NUL" -Wait -NoNewWindow

        sc.exe config $serviceNameArtemis start= delayed-auto | Out-Null
        sc.exe failure $serviceNameArtemis  actions= restart/60000/restart/60000/restart/60000 reset= 60000 | Out-Null
        sc.exe config $serviceNameArtemis obj= "UserName" password= "UserPassword
{code}
(I've attached the config files of my broker to the ticket.)

 

For the request you can use the fetch request from the ticket and past it into the chrome dev console.
Once the preflight check wors you can use this fetch to read some data:
{code:js}
fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false", {
  "headers": {
    "authorization": "Basic YWRtaW46cGFzc3dvcmQ=",
    "content-type": "text/json",
    "sec-ch-ua": "\"Google Chrome\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
  },
  "referrer": "",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{\"type\":\"exec\",\"mbean\":\"org.apache.activemq.artemis:broker=\\u0022Argos\\u0022\",\"operation\":\"listQueues(java.lang.String, int, int)\",\"arguments\":[\"{\\u0022field\\u0022:\\u0022\\u0022,\\u0022operation\\u0022:\\u0022\\u0022,\\u0022value\\u0022:\\u0022\\u0022,\\u0022sortOrder\\u0022:\\u0022\\u0022,\\u0022sortColumn\\u0022:\\u0022\\u0022}\",\"1\",\"1000\"]}",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});
{code}
You may have to change the authorization based on your username/password.

 


was (Author: daves):
[~jbertram] Sure here is how we create a broker:
 
*$artemisInstallDirectory* is the path to the extracted zip file. The script should work with pwsh and powershell.
The builtin service account should work, but we use special user for the serive.
{code:bash}
        $username = "admin"
        $password = "password"
        $brokerName = "MyBroker"
        $datadir = "C:\Data\"
        $instanceDirector = "C:\Apache\Artemis\MyBroker"
        $artemisInstallDirectory = "C:\Apache\Artemis\apache-artemis-2.25.0"
        $artemisCmdPath = Join-Path $artemisInstallDirectory "\bin\artemis.cmd"
        Start-Process -Wait -WindowStyle Hidden -FilePath $artemisCmdPath "create --data `"$datadir`" --name $brokerName --user $username --password $password --require-login `"$instanceDirector`""
       
        $instanceServiceExe = Join-Path $instanceDirector "\bin\artemis-service.exe"
        Start-Process -FilePath $instanceServiceExe -ArgumentList "install" -RedirectStandardOutput "NUL" -Wait -NoNewWindow

        sc.exe config $serviceNameArtemis start= delayed-auto | Out-Null
        sc.exe failure $serviceNameArtemis  actions= restart/60000/restart/60000/restart/60000 reset= 60000 | Out-Null
        sc.exe config $serviceNameArtemis obj= "UserName" password= "UserPassword
{code}

For the request you can use the fetch request from the ticket and past it into the chrome dev console.
Once the preflight check wors you can use this fetch to read some data:

{code:js}
fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false", {
  "headers": {
    "authorization": "Basic YWRtaW46cGFzc3dvcmQ=",
    "content-type": "text/json",
    "sec-ch-ua": "\"Google Chrome\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
  },
  "referrer": "",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{\"type\":\"exec\",\"mbean\":\"org.apache.activemq.artemis:broker=\\u0022Argos\\u0022\",\"operation\":\"listQueues(java.lang.String, int, int)\",\"arguments\":[\"{\\u0022field\\u0022:\\u0022\\u0022,\\u0022operation\\u0022:\\u0022\\u0022,\\u0022value\\u0022:\\u0022\\u0022,\\u0022sortOrder\\u0022:\\u0022\\u0022,\\u0022sortColumn\\u0022:\\u0022\\u0022}\",\"1\",\"1000\"]}",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});
{code}

You may have to change the authorization based on your username/password.


> Cannot access management API due to CORS problems (403)
> -------------------------------------------------------
>
>                 Key: ARTEMIS-4027
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: API
>    Affects Versions: 2.25.0
>            Reporter: daves
>            Priority: Major
>         Attachments: etc.zip, options.JPG
>
>
> I try to access the management API from a client app running in chrome.
> This does not work because the preflight check fails.
> OPTIONS request:
>  
> {code:java}
> fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false", {
>   "headers": {
>     "accept": "*/*",
>     "accept-language": "en-US,en;q=0.9",
>     "sec-fetch-dest": "empty",
>     "sec-fetch-mode": "cors",
>     "sec-fetch-site": "cross-site"
>   },
>   "referrerPolicy": "strict-origin-when-cross-origin",
>   "body": null,
>   "method": "OPTIONS",
>   "mode": "cors",
>   "credentials": "omit"
> });
>  
> {code}
>  
> The request fails with a 403 not authenticated... which is strange since preflight checks must not be authenticated.
> !options.JPG!
>  
> I tried to configure CORS in the jolokia-access.xml file like so:
>  
>  
> {code:java}
> <restrict>
>    <cors>
>      <!-- Allow cross origin access from localhost ... -->
>      <allow-origin>*://*</allow-origin> 
>      <!-- Options from this point on are auto-generated by Create.java from the Artemis CLI -->
>      <!-- Check for the proper origin on the server side, too -->
>      <strict-checking />     
> </cors> </restrict>{code}
>  
>  
> I also tried to specify the URL and port of my application explicitly. But this did not work either.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)