-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/11/2015 05:55 PM, Thomas Heute wrote:
Not sure to understand the alternatives but I have comments: -
Having 'admin' or 'root' for a super user IMO simplifies
documentation/usage. (I can imagine that a user could forget what
username he chose as superadmin for instance).
I don't think we have a "super user" or "root". Do we actually
need one?
- We need to force "complex passwords", this is actually a
product
requirement
That could be enforced on Keycloak, via the same realm configuration
file. I'll take a look at how to configure that and will add. Do you
have a definition of "complex password"?
- Copying a file is a step that needs to be documented and is
unfriendly + either you need to encode the password (some tool like
for Wildfly) or worse have the password in clear in a file for
import.
Note that, right now, no file needs to be copied: we ship with a realm
template that does not contain any users. Opening the console when not
logged in presents the user with the login screen. If the user is not
registered yet, said user can self-register. This step (self-register)
is what is being questioned here: it's a PITA to self-register every
time a new build is done locally. So, to prevent self-registration, we
could ship with a default user.
In fact, I think we might have a third option: use the "dev" maven
profile to determine which realm template to use. If the "dev" profile
is active, then we can use the realm with a default user. Otherwise,
no default users.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVAJV+AAoJECKM1e+fkPrX8D4IAJiOU/ZgBhxpacbVW5Fv3CSt
H+ItVQz+qw8oVRNPdD/9LevmKr3wJXlCtzJV+YKvw5O7xVm/KmfWdHdKDpwRKgG8
EC7ETw8LZAN18Du5URMKWzgixZZdMBIcQeFZfzwuEGZjw4rIj66XtK/HXT+jLim+
KPqq3qq5p4nidOJmhO0oODQ7JXBJN/bifyrYvMG+wRTCrFwJdHpjk5RHnOU1DrLV
7TR3H8mtaX3PEjyGKxwmisEPdKgcWdeFuf7JAYybbyxLECpOVcz+tgQJUlxj+9I7
VRlvxE+uXl/sKHDhAay7xwYR5obJ0qXSWDjIQspoEceodOwqCDQYq0tJk74CnEE=
=rlWT
-----END PGP SIGNATURE-----