We were using Axon Server v4.8 with access control and after upgrading to v2023.1 the applications cannot connect anymore.
I reproduced this using local Docker containers:
Create a fresh and empty Axon Server without access control:
$ rm -rf $(pwd)/vol
$ mkdir -p $(pwd)/vol/data $(pwd)/vol/events $(pwd)/vol/plugins
$ docker run --rm \
--name axonserver \
--hostname axonserver \
-e AXONIQ_AXONSERVER_STANDALONE=true \
-p 8024:8024 -p 8124:8124 \
-v $(pwd)/vol/data/:/axonserver/data \
-v $(pwd)/vol/events:/axonserver/events \
-v $(pwd)/vol/plugins:/axonserver/plugins \
axoniq/axonserver:2023.1.2-jdk-17-dev-nonroot
Connecting using CLI works:
$ ./axonserver-cli-2023.1.1.jar contexts
Name Leader Replication Group Members
_admin axonserver _admin axonserver[PRIMARY]
default axonserver default axonserver[PRIMARY]
Activate access control:
$ docker run --rm \
--name axonserver \
--hostname axonserver \
-e AXONIQ_AXONSERVER_STANDALONE=true \
-e AXONIQ_AXONSERVER_ACCESSCONTROL_ENABLED=true \
-e AXONIQ_AXONSERVER_ACCESSCONTROL_TOKEN=secret \
-e AXONIQ_AXONSERVER_ACCESSCONTROL_ADMINTOKEN=secret \
-p 8024:8024 -p 8124:8124 \
-v $(pwd)/vol/data/:/axonserver/data \
-v $(pwd)/vol/events:/axonserver/events \
-v $(pwd)/vol/plugins:/axonserver/plugins \
axoniq/axonserver:2023.1.2-jdk-17-dev-nonroot
Using CLI with above admin token produces ‘Invalid token’ error:
$ ./axonserver-cli-2023.1.1.jar contexts --access-token secret
Error processing command 'contexts' on 'http://localhost:8024/v1/public/context': HTTP/1.1 403 - Invalid token
If using the token from security/.token
from inside the docker container, CLI connection works:
$ docker exec axonserver cat security/.token
73dc39a7-85f3-4e3a-885f-93f0dedacc5a
$ ./axonserver-cli-2023.1.1.jar contexts --access-token 73dc39a7-85f3-4e3a-885f-93f0dedacc5a
Name Leader Replication Group Members
_admin axonserver _admin axonserver[PRIMARY]
default axonserver default axonserver[PRIMARY]
Is this a bug? Or is the documentation wrong?
Klaus