You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Achim Nierbeck <bc...@googlemail.com> on 2015/01/19 09:46:25 UTC
Karaf 3.0.x + Jolokia + JMX + RBAC
Hi,
I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
details about the state of the server.
First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration based
on config admin service. I was able to point it to use the karaf realm this
way.
Now I still face an issue which I think is due to the "rather new" RBAC
stuff.
Every time I do query for example for the heap usage I'm faced by a
403, Insufficient roles/credentials for operation.
This is rather anoying, one way is to disable RBAC, but that can't be
really a solution.
So does anyone know how to fix this?
regards, Achim
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi Ed,
thanks, I was missing the last.
Instead I removed the
-Djavax.management.builder.initial=org.apache.karaf.management.boot.KarafMBeanServerBuilder
from the bin/karaf shell script. That did also do the trick for me.
will try it with the authMode set to jaas.
regards, Achim
2015-01-19 14:22 GMT+01:00 Ed Welch <ed...@edjusted.com>:
> I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
>
> org.jolokia.user=karaf
> org.jolokia.realm=karaf
> org.jolokia.authMode=jaas
>
> I know that the realm and authMode settings are ignored unless the user
> property is also set.
>
> Achim, do you have at least these three options set in the cfg file?
>
> Regards,
> Ed
>
> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré <jb...@nanthrax.net>
> wrote:
>
> > Hi,
> >
> > Let me check, but I think I did a hack in jolokia for that (or in the
> > HTTP service ACL, I don't remember).
> >
> > I keep you posted (on IRC or here).
> >
> > Regards
> > JB
> >
> > On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
> > > Hi,
> > >
> > > I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
> > > details about the state of the server.
> > > First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
> > > based on config admin service. I was able to point it to use the karaf
> > > realm this way.
> > > Now I still face an issue which I think is due to the "rather new" RBAC
> > > stuff.
> > > Every time I do query for example for the heap usage I'm faced by a
> > > 403, Insufficient roles/credentials for operation.
> > >
> > > This is rather anoying, one way is to disable RBAC, but that can't be
> > > really a solution.
> > > So does anyone know how to fix this?
> > >
> > > regards, Achim
> > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer
> > > & Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >
> > > Software Architect / Project Manager / Scrum Master
> > >
> >
> > --
> > Jean-Baptiste Onofré
> > jbonofre@apache.org
> > http://blog.nanthrax.net
> > Talend - http://www.talend.com
>
>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
FYI:
https://issues.apache.org/jira/browse/KARAF-3453
Regards
JB
On 01/19/2015 10:46 PM, Achim Nierbeck wrote:
> Hi,
>
> just been able to verify it.
> No changes need to be done to Karaf, just the configuration Ed mentioned
> is needed.
> Especially the
> org.jolokia.authMode=jaas
> is needed.
> I already had the realm configured, but left this to basic.
>
> regards, Achim
>
>
> 2015-01-19 14:33 GMT+01:00 Jean-Baptiste Onofré <jb@nanthrax.net
> <ma...@nanthrax.net>>:
>
> Yes, it should be one or the other ;)
>
> On 01/19/2015 02:31 PM, Achim Nierbeck wrote:
>
> Well, I started with 2) but missed the
>
> org.jolokia.authMode=jaas
>
> part. That's why I will try if this will help in not requiring
> to disable 1)
>
> :-)
>
> regards, Achim
>
>
> 2015-01-19 14:28 GMT+01:00 Jean-Baptiste Onofré <jb@nanthrax.net
> <ma...@nanthrax.net>
> <mailto:jb@nanthrax.net <ma...@nanthrax.net>>>:
>
> Correct, it's what I did.
>
> Actually, I did two things:
>
> 1/ first I disabled the KarafMBeanServerBuilder in bin/karaf
> 2/ I added the jolokia cfg
>
> Regards
> JB
>
>
> On 01/19/2015 02:22 PM, Ed Welch wrote:
>
> I have this working in 3.0.2, in the file
> etc/org.jolokia.osgi.cfg:
>
> org.jolokia.user=karaf
> org.jolokia.realm=karaf
> org.jolokia.authMode=jaas
>
> I know that the realm and authMode settings are ignored
> unless
> the user property is also set.
>
> Achim, do you have at least these three options set in
> the cfg file?
>
> Regards,
> Ed
>
> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré
> <jb@nanthrax.net <ma...@nanthrax.net>
> <mailto:jb@nanthrax.net <ma...@nanthrax.net>>> wrote:
>
> Hi,
>
> Let me check, but I think I did a hack in jolokia
> for that
> (or in the
> HTTP service ACL, I don't remember).
>
> I keep you posted (on IRC or here).
>
> Regards
> JB
>
> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>
> Hi,
>
> I was experimenting with Karaf 3.0.3-SNAPSHOT plus
> Jolokia to get some
> details about the state of the server.
> First I used Jolokia 1.2.4-SNAPSHOT since it
> supports a
> configuration
> based on config admin service. I was able to
> point it to
> use the karaf
> realm this way.
> Now I still face an issue which I think is due
> to the
> "rather new" RBAC
> stuff.
> Every time I do query for example for the heap
> usage I'm
> faced by a
> 403, Insufficient roles/credentials for operation.
>
> This is rather anoying, one way is to disable
> RBAC, but
> that can't be
> really a solution.
> So does anyone know how to fix this?
>
> regards, Achim
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/>
> Committer & PMC
> OPS4J Pax Web
>
> <http://wiki.ops4j.org/____display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/__display/paxweb/Pax+Web/>
>
> <http://wiki.ops4j.org/__display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>>> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/____
> <http://notizblog.nierbeck.de/__>>
> Co-Author of Apache Karaf Cookbook
> <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> <mailto:jbonofre@apache.org <ma...@apache.org>>
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> <mailto:jbonofre@apache.org <ma...@apache.org>>
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/__display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/__>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi,
just been able to verify it.
No changes need to be done to Karaf, just the configuration Ed mentioned is
needed.
Especially the
org.jolokia.authMode=jaas
is needed.
I already had the realm configured, but left this to basic.
regards, Achim
2015-01-19 14:33 GMT+01:00 Jean-Baptiste Onofré <jb...@nanthrax.net>:
> Yes, it should be one or the other ;)
>
> On 01/19/2015 02:31 PM, Achim Nierbeck wrote:
>
>> Well, I started with 2) but missed the
>>
>> org.jolokia.authMode=jaas
>>
>> part. That's why I will try if this will help in not requiring to disable
>> 1)
>>
>> :-)
>>
>> regards, Achim
>>
>>
>> 2015-01-19 14:28 GMT+01:00 Jean-Baptiste Onofré <jb@nanthrax.net
>> <ma...@nanthrax.net>>:
>>
>> Correct, it's what I did.
>>
>> Actually, I did two things:
>>
>> 1/ first I disabled the KarafMBeanServerBuilder in bin/karaf
>> 2/ I added the jolokia cfg
>>
>> Regards
>> JB
>>
>>
>> On 01/19/2015 02:22 PM, Ed Welch wrote:
>>
>> I have this working in 3.0.2, in the file
>> etc/org.jolokia.osgi.cfg:
>>
>> org.jolokia.user=karaf
>> org.jolokia.realm=karaf
>> org.jolokia.authMode=jaas
>>
>> I know that the realm and authMode settings are ignored unless
>> the user property is also set.
>>
>> Achim, do you have at least these three options set in the cfg
>> file?
>>
>> Regards,
>> Ed
>>
>> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré
>> <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>>
>> Hi,
>>
>> Let me check, but I think I did a hack in jolokia for that
>> (or in the
>> HTTP service ACL, I don't remember).
>>
>> I keep you posted (on IRC or here).
>>
>> Regards
>> JB
>>
>> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>>
>> Hi,
>>
>> I was experimenting with Karaf 3.0.3-SNAPSHOT plus
>> Jolokia to get some
>> details about the state of the server.
>> First I used Jolokia 1.2.4-SNAPSHOT since it supports a
>> configuration
>> based on config admin service. I was able to point it to
>> use the karaf
>> realm this way.
>> Now I still face an issue which I think is due to the
>> "rather new" RBAC
>> stuff.
>> Every time I do query for example for the heap usage I'm
>> faced by a
>> 403, Insufficient roles/credentials for operation.
>>
>> This is rather anoying, one way is to disable RBAC, but
>> that can't be
>> really a solution.
>> So does anyone know how to fix this?
>>
>> regards, Achim
>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> OPS4J Pax Web
>> <http://wiki.ops4j.org/__display/paxweb/Pax+Web/
>> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>>
>> Committer
>> & Project Lead
>> blog <http://notizblog.nierbeck.de/__>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
>> >
>>
>> Software Architect / Project Manager / Scrum Master
>>
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org <ma...@apache.org>
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>>
>>
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org <ma...@apache.org>
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>>
>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
>> & Project Lead
>> blog <http://notizblog.nierbeck.de/>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>
>> Software Architect / Project Manager / Scrum Master
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Yes, it should be one or the other ;)
On 01/19/2015 02:31 PM, Achim Nierbeck wrote:
> Well, I started with 2) but missed the
>
> org.jolokia.authMode=jaas
>
> part. That's why I will try if this will help in not requiring to disable 1)
>
> :-)
>
> regards, Achim
>
>
> 2015-01-19 14:28 GMT+01:00 Jean-Baptiste Onofré <jb@nanthrax.net
> <ma...@nanthrax.net>>:
>
> Correct, it's what I did.
>
> Actually, I did two things:
>
> 1/ first I disabled the KarafMBeanServerBuilder in bin/karaf
> 2/ I added the jolokia cfg
>
> Regards
> JB
>
>
> On 01/19/2015 02:22 PM, Ed Welch wrote:
>
> I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
>
> org.jolokia.user=karaf
> org.jolokia.realm=karaf
> org.jolokia.authMode=jaas
>
> I know that the realm and authMode settings are ignored unless
> the user property is also set.
>
> Achim, do you have at least these three options set in the cfg file?
>
> Regards,
> Ed
>
> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré
> <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>
> Hi,
>
> Let me check, but I think I did a hack in jolokia for that
> (or in the
> HTTP service ACL, I don't remember).
>
> I keep you posted (on IRC or here).
>
> Regards
> JB
>
> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>
> Hi,
>
> I was experimenting with Karaf 3.0.3-SNAPSHOT plus
> Jolokia to get some
> details about the state of the server.
> First I used Jolokia 1.2.4-SNAPSHOT since it supports a
> configuration
> based on config admin service. I was able to point it to
> use the karaf
> realm this way.
> Now I still face an issue which I think is due to the
> "rather new" RBAC
> stuff.
> Every time I do query for example for the heap usage I'm
> faced by a
> 403, Insufficient roles/credentials for operation.
>
> This is rather anoying, one way is to disable RBAC, but
> that can't be
> really a solution.
> So does anyone know how to fix this?
>
> regards, Achim
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web
> <http://wiki.ops4j.org/__display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/__>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Achim Nierbeck <bc...@googlemail.com>.
Well, I started with 2) but missed the
org.jolokia.authMode=jaas
part. That's why I will try if this will help in not requiring to disable 1)
:-)
regards, Achim
2015-01-19 14:28 GMT+01:00 Jean-Baptiste Onofré <jb...@nanthrax.net>:
> Correct, it's what I did.
>
> Actually, I did two things:
>
> 1/ first I disabled the KarafMBeanServerBuilder in bin/karaf
> 2/ I added the jolokia cfg
>
> Regards
> JB
>
>
> On 01/19/2015 02:22 PM, Ed Welch wrote:
>
>> I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
>>
>> org.jolokia.user=karaf
>> org.jolokia.realm=karaf
>> org.jolokia.authMode=jaas
>>
>> I know that the realm and authMode settings are ignored unless the user
>> property is also set.
>>
>> Achim, do you have at least these three options set in the cfg file?
>>
>> Regards,
>> Ed
>>
>> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré <jb...@nanthrax.net>
>> wrote:
>>
>> Hi,
>>>
>>> Let me check, but I think I did a hack in jolokia for that (or in the
>>> HTTP service ACL, I don't remember).
>>>
>>> I keep you posted (on IRC or here).
>>>
>>> Regards
>>> JB
>>>
>>> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>>>
>>>> Hi,
>>>>
>>>> I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
>>>> details about the state of the server.
>>>> First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
>>>> based on config admin service. I was able to point it to use the karaf
>>>> realm this way.
>>>> Now I still face an issue which I think is due to the "rather new" RBAC
>>>> stuff.
>>>> Every time I do query for example for the heap usage I'm faced by a
>>>> 403, Insufficient roles/credentials for operation.
>>>>
>>>> This is rather anoying, one way is to disable RBAC, but that can't be
>>>> really a solution.
>>>> So does anyone know how to fix this?
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
>>>> & Project Lead
>>>> blog <http://notizblog.nierbeck.de/>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>>
>>>> Software Architect / Project Manager / Scrum Master
>>>>
>>>>
>>> --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Correct, it's what I did.
Actually, I did two things:
1/ first I disabled the KarafMBeanServerBuilder in bin/karaf
2/ I added the jolokia cfg
Regards
JB
On 01/19/2015 02:22 PM, Ed Welch wrote:
> I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
>
> org.jolokia.user=karaf
> org.jolokia.realm=karaf
> org.jolokia.authMode=jaas
>
> I know that the realm and authMode settings are ignored unless the user property is also set.
>
> Achim, do you have at least these three options set in the cfg file?
>
> Regards,
> Ed
>
> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré <jb...@nanthrax.net> wrote:
>
>> Hi,
>>
>> Let me check, but I think I did a hack in jolokia for that (or in the
>> HTTP service ACL, I don't remember).
>>
>> I keep you posted (on IRC or here).
>>
>> Regards
>> JB
>>
>> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>>> Hi,
>>>
>>> I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
>>> details about the state of the server.
>>> First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
>>> based on config admin service. I was able to point it to use the karaf
>>> realm this way.
>>> Now I still face an issue which I think is due to the "rather new" RBAC
>>> stuff.
>>> Every time I do query for example for the heap usage I'm faced by a
>>> 403, Insufficient roles/credentials for operation.
>>>
>>> This is rather anoying, one way is to disable RBAC, but that can't be
>>> really a solution.
>>> So does anyone know how to fix this?
>>>
>>> regards, Achim
>>>
>>>
>>> --
>>>
>>> Apache Member
>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
>>> & Project Lead
>>> blog <http://notizblog.nierbeck.de/>
>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>
>>> Software Architect / Project Manager / Scrum Master
>>>
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
I would propose a jolokia feature which installs both the jolokia bundle
and the "ready to use" cfg file.
I will create the Jira for that.
Regards
JB
On 01/19/2015 02:22 PM, Ed Welch wrote:
> I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
>
> org.jolokia.user=karaf
> org.jolokia.realm=karaf
> org.jolokia.authMode=jaas
>
> I know that the realm and authMode settings are ignored unless the user property is also set.
>
> Achim, do you have at least these three options set in the cfg file?
>
> Regards,
> Ed
>
> On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré <jb...@nanthrax.net> wrote:
>
>> Hi,
>>
>> Let me check, but I think I did a hack in jolokia for that (or in the
>> HTTP service ACL, I don't remember).
>>
>> I keep you posted (on IRC or here).
>>
>> Regards
>> JB
>>
>> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
>>> Hi,
>>>
>>> I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
>>> details about the state of the server.
>>> First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
>>> based on config admin service. I was able to point it to use the karaf
>>> realm this way.
>>> Now I still face an issue which I think is due to the "rather new" RBAC
>>> stuff.
>>> Every time I do query for example for the heap usage I'm faced by a
>>> 403, Insufficient roles/credentials for operation.
>>>
>>> This is rather anoying, one way is to disable RBAC, but that can't be
>>> really a solution.
>>> So does anyone know how to fix this?
>>>
>>> regards, Achim
>>>
>>>
>>> --
>>>
>>> Apache Member
>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
>>> & Project Lead
>>> blog <http://notizblog.nierbeck.de/>
>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>
>>> Software Architect / Project Manager / Scrum Master
>>>
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Ed Welch <ed...@edjusted.com>.
I have this working in 3.0.2, in the file etc/org.jolokia.osgi.cfg:
org.jolokia.user=karaf
org.jolokia.realm=karaf
org.jolokia.authMode=jaas
I know that the realm and authMode settings are ignored unless the user property is also set.
Achim, do you have at least these three options set in the cfg file?
Regards,
Ed
On Mon, 19 Jan 2015 10:07:55 +0100, Jean-Baptiste Onofré <jb...@nanthrax.net> wrote:
> Hi,
>
> Let me check, but I think I did a hack in jolokia for that (or in the
> HTTP service ACL, I don't remember).
>
> I keep you posted (on IRC or here).
>
> Regards
> JB
>
> On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
> > Hi,
> >
> > I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
> > details about the state of the server.
> > First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
> > based on config admin service. I was able to point it to use the karaf
> > realm this way.
> > Now I still face an issue which I think is due to the "rather new" RBAC
> > stuff.
> > Every time I do query for example for the heap usage I'm faced by a
> > 403, Insufficient roles/credentials for operation.
> >
> > This is rather anoying, one way is to disable RBAC, but that can't be
> > really a solution.
> > So does anyone know how to fix this?
> >
> > regards, Achim
> >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> > & Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >
> > Software Architect / Project Manager / Scrum Master
> >
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
Re: Karaf 3.0.x + Jolokia + JMX + RBAC
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
Let me check, but I think I did a hack in jolokia for that (or in the
HTTP service ACL, I don't remember).
I keep you posted (on IRC or here).
Regards
JB
On 01/19/2015 09:46 AM, Achim Nierbeck wrote:
> Hi,
>
> I was experimenting with Karaf 3.0.3-SNAPSHOT plus Jolokia to get some
> details about the state of the server.
> First I used Jolokia 1.2.4-SNAPSHOT since it supports a configuration
> based on config admin service. I was able to point it to use the karaf
> realm this way.
> Now I still face an issue which I think is due to the "rather new" RBAC
> stuff.
> Every time I do query for example for the heap usage I'm faced by a
> 403, Insufficient roles/credentials for operation.
>
> This is rather anoying, one way is to disable RBAC, but that can't be
> really a solution.
> So does anyone know how to fix this?
>
> regards, Achim
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com