Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jmxauth): remove references to client-side localstorage JMX credential passthrough #1241

Merged
merged 3 commits into from
Apr 24, 2024
Merged

fix(jmxauth): remove references to client-side localstorage JMX credential passthrough #1241

merged 3 commits into from
Apr 24, 2024

Conversation

andrewazores
Copy link
Member

@andrewazores andrewazores commented Apr 16, 2024
edited
Loading

Welcome to Cryostat! 👋

Before contributing, make sure you have:

  • Read the contributing guidelines
  • Linked a relevant issue which this PR resolves
  • Linked any other relevant issues, PR's, or documentation, if any
  • Resolved all conflicts, if any
  • Rebased your branch PR on top of the latest upstream main branch
  • Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
  • Signed all commits using a GPG signature

To recreate commits with GPG signature git fetch upstream && git rebase --force --gpg-sign upstream/main

Fixes #1239

Description of the change:

The X-JMX-Authentication and X-JMX-Authorization headers were historically used by older Cryostat versions so that clients could supply these headers with API requests, and Cryostat would use them to set the JMX connection credentials when connection to target applications. Cryostat 3.0 does not implement this behaviour, so here references to it and the mechanism for selecting it are removed from the UI. It is no longer supported because it has been replaced by the server-side encrypted database/encrypted table for JMX credentials, which are more powerful due to the matchExpression mechanism, as well as more secure since they are encrypted at rest in the database rather than held in browser localStorage in plaintext.

How to manually test:

  1. Run CRYOSTAT_IMAGE=quay.io... sh smoketest.sh...
  2. ...

@andrewazores andrewazores force-pushed the jmx-credentials branch 2 times, most recently from 3b5ca0e to dd9e75d Compare April 23, 2024 18:48
mwangggg
mwangggg approved these changes Apr 24, 2024
View reviewed changes
Copy link
Member

@mwangggg mwangggg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@andrewazores andrewazores merged commit 2e0357d into cryostatio:main Apr 24, 2024
18 checks passed
@andrewazores andrewazores deleted the jmx-credentials branch April 24, 2024 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mwangggg mwangggg mwangggg approved these changes

@aali309 aali309 Awaiting requested review from aali309

Assignees
No one assigned
Labels
fix safe-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] Remove "locally-stored credentials" from Security panel and Settings
2 participants
@andrewazores @mwangggg