apps-manager-js errors preventing Spring Boot actuator integration from working?

[jlsalmon]

cf dev version
PCF Dev version 0.28.0 (CLI: 5cda315, OVA: 0.547.0)

Hi there,

I'm having some troubles getting the Spring Boot actuator integration working with apps-manager-js on my pcfdev instance. I'm using the sample spring-music app, and I've verified that the integration works on PWS.

Things I've done:

• Made sure the user I'm accessing the web interface has SpaceDeveloper role on the space in which the app is deployed
• Accessed the app directly and added the security exception for the self-signed cert (from Spring Boot Actuator Integration is not working #205)

In Chrome, I checked the console and noticed a few errors (see below). It looks like the apps manager is having some trouble getting and/or passing a token to the /cloudfoundryapplication endpoint on the app.

Uncaught (in promise) {page: "app", tab: "overview", orgGuid: "96031a97-976f-4ff2-8512-8e25f5d2abbf", spaceGuid: "5f5a9a67-298c-4af4-83c9-b6ffbce7c28d", appGuid: "c458adb4-9abd-4978-9a81-5ae1fba3f2ea"}
Promise rejected (async)
f @ application.js?v=1507754074601:37
a.next @ application.js?v=1507754074601:27
a.callback @ application.js?v=1507754074601:27
s @ application.js?v=1507754074601:27
i.get.i.add @ application.js?v=1507754074601:27
(anonymous) @ application.js?v=1507754074601:27
i.listen @ application.js?v=1507754074601:27
init @ application.js?v=1507754074601:27
(anonymous) @ application.js?v=1507754074601:1

Uncaught TypeError: Cannot read property 'replace' of undefined
    at Object.decodeJwt (singular.js:42)
    at getClaims (client_frame.html:126)
    at afterAuthorize (client_frame.html:29)
    at postauth.html:5

application.js?v=1507754074601:28 GET https://uaa.local.pcfdev.io/userinfo 403 (Forbidden)
callback @ application.js?v=1507754074601:28
execute @ application.js?v=1507754074601:28
processQueue @ application.js?v=1507754074601:28
setInterval (async)
start @ application.js?v=1507754074601:28
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1

application.js?v=1507754074601:28 GET https://apps.local.pcfdev.io/proxy/metrics/api/v1/info 404 (Not Found)
callback @ application.js?v=1507754074601:28
execute @ application.js?v=1507754074601:28
processQueue @ application.js?v=1507754074601:28
setInterval (async)
start @ application.js?v=1507754074601:28
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:28
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:27
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
t @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1
(anonymous) @ application.js?v=1507754074601:1

cloudfoundryapplication:1 GET https://spring-music-nymphomaniacal-thioalcohol.local.pcfdev.io/cloudfoundryapplication 401 (Unauthorized)

I stepped into the debugger to take a look at that TypeError and found that the getToken function in client_frame.html is being called with type=id_token and something like fragment="token_type=bearer&id_token=null&expires_in=43199&scope=cloud_controller.read%20cloud_controller.write%20cloud_controller.user%20cloud_controller.admin&jti=3e69d929f78c4cfda591701b50a739df"

id_token being null in fragment is causing getToken to return the literal string "null" rather than null itself. This then fails the check in getClaims, which tries to call Singular.decodeJwt("null") which subsequently fails.

So then I edited the check in getClaims to do if (!jwt || jwt === 'null') just to see what happened, and I saw the following error in the Spring application: .s.b.a.c.CloudFoundrySecurityInterceptor : org.springframework.boot.actuate.cloudfoundry.CloudFoundryAuthorizationException: Token does not have audience actuator

Unfortunately, I'm just about at the limit of my current knowledge here so I'm not sure what other debug info to give you. Happy to provide if asked however. I've got the source of apps-manager-js inside pcfdev, so would be happy to hack at it to test possible fixes.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

[sclevine]

Hi @jlsalmon,

Unfortunately, we won't be able to prioritize this issue until after the next release. We're in the process of re-writing PCF Dev to use real BOSH + native hypervisors.

[aemengo]

Please re-open if you're still finding this is an issue in the latest iteration of CF Dev.