[jboss-as7-dev] 7.1.0. Beta Bug on CLI Authentication ?

Darran Lofthouse darran.lofthouse at jboss.com
Wed Nov 23 09:07:06 EST 2011 

On 11/23/2011 01:55 PM, Francesco Marchioni wrote:
> Hi all,
> so far I have tested the following options:
>>I don’t think so (although I haven’t tried it). This is because your
> mgmt-user.properties file has no >users listed.
> No, even after adding an user (with the add-user.cmd command) still no
> authentication required by CLI

That is expected if you are local you already have access to the server 
configuration so a connection can be negotiated without requiring a 
username and password.

>  >>>> @Wondering if that works for the console as well?
> Yes the http console issues a BASIC authentication popup.

The popup is actually a DIGEST popup

>  >>>> AFAIK the CLI checks if you are on localhost. In that case the
> authentication is not
>  >>>> required.
> I've checked binding server and management interface to another IP
> address available on my card and still no authentication requested by CLI

The CLI will detect that the address is not really remote.

> The only test I'm missing at the moment is connecting to a remote AS
> instance.

Yes that is the test you are missing.

>
> Regards
> Francesco
>
> 2011/11/23 Dimitris Andreadis <dandread at redhat.com
> <mailto:dandread at redhat.com>>
>
>     For a once-off, that makes more sense.
>
>     On 23/11/2011 14:47, Darran Lofthouse wrote:
>      > On 11/23/2011 12:40 PM, Dimitris Andreadis wrote:
>      >> Starting the console from a script is not really an option, IMO.
>      >
>      > In general no - there is no plan to drop direct access using a
>     URL and no plan to drop
>      > existing HTTP authentication.
>      >
>      > The starting from a script idea is more for the scenario of how
>     do we connect to a secured
>      > system and authenticate so we can add a user to that system when
>     there are no users
>      > currently defined on that system.
>      >
>      >> On 23/11/2011 14:17, Darran Lofthouse wrote:
>      >>> On 11/23/2011 12:10 PM, Heiko Braun wrote:
>      >>>>
>      >>>>
>      >>>> AFAIK the CLI checks if you are on localhost. In that case the
>     authentication is not
>      >>>> required.
>      >>>
>      >>> That is correct, I am just writing an article to send round
>     with the
>      >>> details.
>      >>>
>      >>> The CLI will have authenticated against the server but as you
>     are local
>      >>> to the server it will have used a silent authentication mechanism.
>      >>>
>      >>>> @Wondering if that works for the console as well?
>      >>>
>      >>> Unfortunately no the console has a different set of issues as
>     the web
>      >>> browser doesn't have access to the filesystem, I am considering
>     if we
>      >>> can start the console from a script to pass some form of token
>     but at
>      >>> the moment the console does retain the need for a username and
>     password.
>      >>>
>      >>>> Ike
>      >>>>
>      >>>> On Nov 23, 2011, at 1:03 PM, Francesco Marchioni wrote:
>      >>>>
>      >>>>> Hi all !
>      >>>>> In the release notes it's mentioned that management
>     interfaces will be secured by
>      >>>>> default, however in the very first test I did, no
>     authentication was asked. (Although
>      >>>>> in the configuration there is a ManagementRealm associated
>     with the management
>      >>>>> interfaces).
>      >>>>> Have I hit a bug ?
>      >>>>> Regards
>      >>>>> Francesco
>      >>>>>
>      >>>>> _______________________________________________
>      >>>>> jboss-as7-dev mailing list
>      >>>>> jboss-as7-dev at lists.jboss.org
>     <mailto:jboss-as7-dev at lists.jboss.org>
>      >>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>      >>>>
>      >>>>
>      >>>> _______________________________________________
>      >>>> jboss-as7-dev mailing list
>      >>>> jboss-as7-dev at lists.jboss.org
>     <mailto:jboss-as7-dev at lists.jboss.org>
>      >>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>      >>> _______________________________________________
>      >>> jboss-as7-dev mailing list
>      >>> jboss-as7-dev at lists.jboss.org
>     <mailto:jboss-as7-dev at lists.jboss.org>
>      >>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>      >>
>
>     --
>     xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>     Dimitris Andreadis
>     Software Engineering Manager
>     JBoss Application Server
>     by Red Hat
>     xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
>     http://dandreadis.blogspot.com/
>     _______________________________________________
>     jboss-as7-dev mailing list
>     jboss-as7-dev at lists.jboss.org <mailto:jboss-as7-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
>

More information about the jboss-as7-dev mailing list