Uploaded image for project: 'Hawkular'
  1. Hawkular
  2. HAWKULAR-549

Metrics doesn't seem to be requiring authentication

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 1.0.0.Alpha3
    • Fix Version/s: 1.0.0.Alpha 11
    • Component/s: Metrics
    • Labels:
      None

      Description

      It is possible to get metrics from a tenant knowing only a few pieces of information, all of which are "public":

      Example:

      $ curl --ciphers ecdhe_rsa_aes_128_gcm_sha_256 'https://hawkular.kroehling.de/hawkular/metrics/gauges/a79e7b485cd04b90ce1a6ba87f62f039.status.duration/data?buckets=1&end=1439465926443&start=1439462326443' -H 'Hawkular-Tenant: e2f89c8b-5957-4325-94fb-8504f6f734a5' 
      [{"start":1439462326443,"end":1439465926443,"value":"NaN","min":489.0,"avg":550.9333333333333,"median":523.0,"max":1955.0,"percentile95th":654.8999999999997,"empty":false}]
      

      Note the lack of Bearer token or any other auth mechanism (user/pass, for instance).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  tsegismont Thomas Segismont
                  Reporter:
                  juraci.costa Juraci Paixão Kröhling
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: