Change By:

David Jorm (20/Jun/13 5:49 AM)

Description:

src/main/java/org/jboss/aerogear/connectivity/users/PicketLinkDefaultUsers.java

{code:title=PicketLinkDefaultUsers.java|borderStyle=solid}
    //TODO this entire initialization code will be removed
    @PostConstruct
    public void create() {

        // developers!! developers!! developers!! developers!!

        Developer admin = new Developer();
        admin.setLoginName("admin");

        /*
         * Note: Password will be encoded in SHA-512 with SecureRandom-1024 salt
         * See http://lists.jboss.org/pipermail/security-dev/2013-January/000650.html for more information
         */
        this.identityManager.add(admin);
        this.identityManager.updateCredential(admin, new Password("123"));

        Role roleDeveloper = new SimpleRole("developer");
        this.identityManager.add(roleDeveloper);
        identityManager.grantRole(admin, roleDeveloper);
    }
{code}

As per the comment at the top it looks like this is planned to be removed anyway, but we should get rid of it ASAP. Default admin credentials are always a bad idea.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira