The latest version of Jolokia – 1.2.1 running in the latest version of Karaf – 3.0.1 fails with an HTTP 403 error.
The issue is described here:
https://github.com/rhuss/jolokia/issues/139
E.g.
$ curl -u karaf:karaf -d "{"type":"read","mbean":"org.apache.karaf:type=system,name=root","attribute":"Version"}" http://localhost:8181/jolokia/ && echo
{"error_type":"java.lang.Exception","error":"java.lang.Exception : Insufficient roles/credentials for operation","status":403,"request":{"mbean":"org.apache.karaf:name=root,type=system","attribute":"Version","type":"read"},"stacktrace":"java.lang.Exception: Insufficient roles/credentials for operationntat org.jolokia.http.HttpRequestHandler.executeRequest(HttpRequestHandler.java:214)ntat org.jolokia.http.HttpRequestHandler.handlePostRequest(HttpRequestHandler.java:137)ntat org.jolokia.http.AgentServlet$3.handleRequest(AgentServlet.java:425)ntat org.jolokia.http.AgentServlet.handleSecurely(AgentServlet.java:320)ntat org.jolokia.http.AgentServlet.handle(AgentServlet.java:291)ntat org.jolokia.http.AgentServlet.doPost(AgentServlet.java:259)ntat javax.servlet.http.HttpServlet.service(HttpServlet.java:595)ntat javax.servlet.http.HttpServlet.service(HttpServlet.java:668)ntat org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)ntat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)ntat org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69)ntat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)ntat org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)ntat org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)ntat org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)ntat org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:240)ntat org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)ntat org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)ntat org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)ntat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)ntat org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:77)ntat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)ntat org.eclipse.jetty.server.Server.handle(Server.java:370)ntat org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)ntat org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)ntat org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)ntat org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)ntat org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)ntat org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)ntat org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)ntat org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)ntat org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)ntat org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)ntat java.lang.Thread.run(Thread.java:722)n"}
The issue applies only when the jolokia-osgi bundle which depends on the OSGi HTTP service is deployed. The jolokia-osgi-bundle comes with its own HTTP service and it’s not affected.
The version shipped with Hawtio is not affected either. I.e. when the hawtio feature is deployed, requests to http://localhost:8181/hawtio/jolokia work as expected.
The master branch in Jolokia which is not released yet contains a fix for this issue and introduces 2 new configuration properties specific to this. So we’ll need to fetch a copy, build and install it:
$ git clone https://github.com/rhuss/jolokia.git $ cd jolokia $ mvn install
This will build the distribution including the OSGi bundle: jolokia-osgi-1.2.2-SNAPSHOT.
Since the Jolokia OSGi is using BundleContext.getProperty() to read configuration parameters, these will need to be added either to etc/system.properties, etc/config.properties or etc/custom.properties. The last file is the most appropriate for add-ons configuration:
org.jolokia.agentContext=/jolokia org.jolokia.realm=karaf org.jolokia.user=karaf org.jolokia.authMode=jaas
The above configuration assumes the default JAAS setup in Karaf. The new properties are org.jolokia.realm and org.jolokia.authMode.
To install Jolokia, deploy the HTTP service and the snapshot version of the bundle:
karaf@root> feature:install http karaf@root> install -s mvn:org.jolokia/jolokia-osgi/1.2.2-SNAPSHOT
Jolokia should now be accessible under:
http://localhost:8181/jolokia
E.g.
$ curl -u karaf:karaf -d "{"type":"read","mbean":"org.apache.karaf:type=system,name=root","attribute":"Version"}" http://localhost:8181/jolokia/ && echo
{"timestamp":1402068878,"status":200,"request":{"mbean":"org.apache.karaf:name=root,type=system","attribute":"Version","type":"read"},"value":"3.0.1"}