6

I have a camel web application running on remote-server-1 which is a tomcat 8 server. I have attached a jolokia jvm agent on this tomcat as follows-

java -jar jolokia-jvm-1.3.5-agent.jar start <PID>

I get the following response on my local machine by accessing http://remote-server-1:port/jolokia-

{
    "request": {
        "type": "version"
    },
    "value": {
        "agent": "1.3.5",
        "protocol": "7.2",
        "config": {
            "maxDepth": "15",
            "discoveryEnabled": "true",
            "maxCollectionSize": "0",
            "agentId": "***.***.***.**-16224-35a7a114-jvm",
            "debug": "false",
            "agentType": "jvm",
            "historyMaxEntries": "10",
            "agentContext": "\/jolokia",
            "maxObjects": "0",
            "debugMaxEntries": "100"
        },
        "info": {
            "product": "tomcat",
            "vendor": "Apache",
            "version": "8.0.35"
        }
    },
    "timestamp": 1491307702,
    "status": 200
}

I also have hawtio.war deployed on my local-tomcat8.5. When I try to connect to this remote agent, I am redirected to login page. I am not able to figure out where am I going wrong. Can anyone help me with this?

Abhishek
  • 681
  • 1
  • 6
  • 25

2 Answers2

16

If you are using the runnable JAR version of Hawtio you can pass the parameter hawtio.proxyWhitelist also when starting the application:

java -Dhawtio.proxyWhitelist=SERVERNAME -jar hawtio-app-1.5.3.jar
JanTheGun
  • 2,165
  • 17
  • 25
  • Doesn't work. When I try to add a connection, I get "Host not whitelisted". I added -Dhawtio.proxyAllowList=SERVERNAME as well to the command line (launched with javaw, not java), same failure. (Version 2.16.1) – arayq2 Nov 26 '22 at 06:18
  • Could it be that it is just a typo with the uppercase letter "L" ? The documentation states that since version 2.10.1 the correct parameter is hawtio.proxyAllowlist. So it should be 'java -Dhawtio.proxyAllowlist=SERVERNAME -jar hawtio-app-2.16.1.jar' in your case – JanTheGun Nov 29 '22 at 09:32
14

From 2.10.1 on: Use hawtio.proxyAllowlist instead of hawtio.proxyWhitelist. (Thanks rastadrian for pointing it out.)

Since hawtio 1.5.0 you need to add remote hosts to the hawtio.proxyWhitelist system property.

http://hawt.io/docs/configuration/#configuration-properties

hawtio.proxyWhitelist - Comma-separated whitelist for target hosts that the hawtio-jmx Connect plugin can connect to via ProxyServlet (default localhost, 127.0.0.1). All hosts that are not listed in this whitelist are denied to connect for security reasons. This option can be set to * to restore old behavior and whitelist all hosts. Prefixing an element of the list with "r:" allows to define a regexp (example: localhost,r:myservers[0-9]+.mydomain.com)

If you are using hawtio.war then modify its WEB-INF/web.xml like this:

  <servlet>
    <servlet-name>jolokia-proxy</servlet-name>
    <servlet-class>io.hawt.web.ProxyServlet</servlet-class>
    <!--
      Comma-separated list of allowed target hosts. It is required for security.
      '*' allows all hosts but keep in mind it's vulnerable to security attacks.
    -->
    <init-param>
      <param-name>proxyWhitelist</param-name>
      <param-value>
        localhost,
        127.0.0.1,
        remote-server-1
      </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
Tadayoshi Sato
  • 1,401
  • 11
  • 18
  • 1
    it is worth noting that after version 2.10.1, this attribute has been renamed to `hawtio.proxyAllowlist`. – rastadrian Jul 27 '20 at 18:34
  • Doesn't work in Version 2.16.1. When I try to add a connection, I get "Host not whitelisted". I added -Dhawtio.proxyAllowList=SERVERNAME as well to the command line, same failure (launched with javaw, BTW, not with java, which bombs immediately) – arayq2 Nov 26 '22 at 06:21
  • 1
    @arayq2 Can you try not `hawtio.proxyAllowList` but `hawtio.proxyAllowlist`? – Tadayoshi Sato Nov 26 '22 at 12:33
  • @Tadayoshi yes, that works, thanks. I'm still not happy with the interface. (1) Can't edit the allow list from within the application (ok, maybe that shouldn't be possible), only the command line. (2) No way to exit the application cleanly. Having launched from the command line, I can only kill the browser (window, running the client), which leaves java running. Oh well, can't have everything... – arayq2 Nov 28 '22 at 05:59