]
Darran Lofthouse resolved AS7-3464.
-----------------------------------
Resolution: Rejected
AS7-1916 is a task to work further on how the realm name of an installation is specified.
add-user.sh - possibility of setting another Realms should be
considered again
------------------------------------------------------------------------------
Key: AS7-3464
URL:
https://issues.jboss.org/browse/AS7-3464
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.0.CR1b
Reporter: Pavel Janousek
Assignee: Darran Lofthouse
Priority: Minor
Fix For: 7.2.0.Alpha1
I'm aware of add-user.sh isn't general tool for managing an user/groups/roles
credential store at all. Is it supposed only as shorthand for quick definition of users
access to admin console out of the box. Well..
According previous paragraph it isn't to much meaningful for me to bring possibility
of specify another realm during the invocation of this tool. I think already - Admin
console can use another realm than ManagementRealm by change default configuration. I
think already too - property file can't contain users definition belong multiple
realms. As is stated in comment in the begin of file mgmt-users.properties, this file is
for "declaration of users for the realm 'ManagementRealm'".
I think we should avoid to insert new user with different realm there (it is possible
now). add-user.sh doesn't manage any other file and other property file(s) can't
be specified during invocation.
I think this present situation/behavior should confuse hard our end-users - especially
users with their own experiences with other JEE servers (Apache Geronimo, Sun/Oracle
GlassFish etc.).
Because we don't provide/support any tool for general CRUD managing of credential
store of type like property file(s) - like other JEE app. servers do, we really should use
this script/tool only as way to simple very basic user creation in default AS7
environment, because we can't support this tool in any other situation with present
behavior and in a such changed environments behavior or final state is hardly
understandable (if we create property file (by other way) with the same username, but in
different realms, we can't log to admin console never more; if we have users in one
realm, switch AS7 instance to use other "admin" realm, we can't add any from
existing user to this new realm; we don't know which user belongs to which realm later
etc.)
So conclusion - I think we should remove specification of Realm from input process of
add-user.sh script at all and use this script only to define users belongs to
ManagementRealm realm and manages only properly mgmt-users.properties files (standalone
and domain configuration)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: