[jboss-as7-dev] 7.1.0. Beta Bug on CLI Authentication ?

Francesco Marchioni marchioni.francesco at gmail.com
Wed Nov 23 09:28:08 EST 2011 

Did it. Correct, from a remote AS instance CLI authentication is prompted.

2011/11/23 Darran Lofthouse <darran.lofthouse at jboss.com>

> On 11/23/2011 01:55 PM, Francesco Marchioni wrote:
>
>> Hi all,
>> so far I have tested the following options:
>>
>>> I don’t think so (although I haven’t tried it). This is because your
>>>
>> mgmt-user.properties file has no >users listed.
>> No, even after adding an user (with the add-user.cmd command) still no
>> authentication required by CLI
>>
>
> That is expected if you are local you already have access to the server
> configuration so a connection can be negotiated without requiring a
> username and password.
>
>
>   >>>> @Wondering if that works for the console as well?
>> Yes the http console issues a BASIC authentication popup.
>>
>
> The popup is actually a DIGEST popup
>
>
>   >>>> AFAIK the CLI checks if you are on localhost. In that case the
>> authentication is not
>>  >>>> required.
>> I've checked binding server and management interface to another IP
>> address available on my card and still no authentication requested by CLI
>>
>
> The CLI will detect that the address is not really remote.
>
>
>  The only test I'm missing at the moment is connecting to a remote AS
>> instance.
>>
>
> Yes that is the test you are missing.
>
>
>> Regards
>> Francesco
>>
>> 2011/11/23 Dimitris Andreadis <dandread at redhat.com
>> <mailto:dandread at redhat.com>>
>>
>>
>>    For a once-off, that makes more sense.
>>
>>    On 23/11/2011 14:47, Darran Lofthouse wrote:
>>     > On 11/23/2011 12:40 PM, Dimitris Andreadis wrote:
>>     >> Starting the console from a script is not really an option, IMO.
>>     >
>>     > In general no - there is no plan to drop direct access using a
>>    URL and no plan to drop
>>     > existing HTTP authentication.
>>     >
>>     > The starting from a script idea is more for the scenario of how
>>    do we connect to a secured
>>     > system and authenticate so we can add a user to that system when
>>    there are no users
>>     > currently defined on that system.
>>     >
>>     >> On 23/11/2011 14:17, Darran Lofthouse wrote:
>>     >>> On 11/23/2011 12:10 PM, Heiko Braun wrote:
>>     >>>>
>>     >>>>
>>     >>>> AFAIK the CLI checks if you are on localhost. In that case the
>>    authentication is not
>>     >>>> required.
>>     >>>
>>     >>> That is correct, I am just writing an article to send round
>>    with the
>>     >>> details.
>>     >>>
>>     >>> The CLI will have authenticated against the server but as you
>>    are local
>>     >>> to the server it will have used a silent authentication mechanism.
>>     >>>
>>     >>>> @Wondering if that works for the console as well?
>>     >>>
>>     >>> Unfortunately no the console has a different set of issues as
>>    the web
>>     >>> browser doesn't have access to the filesystem, I am considering
>>    if we
>>     >>> can start the console from a script to pass some form of token
>>    but at
>>     >>> the moment the console does retain the need for a username and
>>    password.
>>     >>>
>>     >>>> Ike
>>     >>>>
>>     >>>> On Nov 23, 2011, at 1:03 PM, Francesco Marchioni wrote:
>>     >>>>
>>     >>>>> Hi all !
>>     >>>>> In the release notes it's mentioned that management
>>    interfaces will be secured by
>>     >>>>> default, however in the very first test I did, no
>>    authentication was asked. (Although
>>     >>>>> in the configuration there is a ManagementRealm associated
>>    with the management
>>     >>>>> interfaces).
>>     >>>>> Have I hit a bug ?
>>     >>>>> Regards
>>     >>>>> Francesco
>>     >>>>>
>>     >>>>> ______________________________**_________________
>>     >>>>> jboss-as7-dev mailing list
>>     >>>>> jboss-as7-dev at lists.jboss.org
>>    <mailto:jboss-as7-dev at lists.**jboss.org<jboss-as7-dev at lists.jboss.org>
>> >
>>
>>     >>>>> https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists.jboss.org/mailman/listinfo/jboss-as7-dev>
>>     >>>>
>>     >>>>
>>     >>>> ______________________________**_________________
>>     >>>> jboss-as7-dev mailing list
>>     >>>> jboss-as7-dev at lists.jboss.org
>>    <mailto:jboss-as7-dev at lists.**jboss.org<jboss-as7-dev at lists.jboss.org>
>> >
>>
>>     >>>> https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists.jboss.org/mailman/listinfo/jboss-as7-dev>
>>     >>> ______________________________**_________________
>>     >>> jboss-as7-dev mailing list
>>     >>> jboss-as7-dev at lists.jboss.org
>>    <mailto:jboss-as7-dev at lists.**jboss.org<jboss-as7-dev at lists.jboss.org>
>> >
>>
>>     >>> https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists.jboss.org/mailman/listinfo/jboss-as7-dev>
>>     >>
>>
>>    --
>>    xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>    Dimitris Andreadis
>>    Software Engineering Manager
>>    JBoss Application Server
>>    by Red Hat
>>    xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>
>>    http://dandreadis.blogspot.**com/ <http://dandreadis.blogspot.com/>
>>    ______________________________**_________________
>>    jboss-as7-dev mailing list
>>    jboss-as7-dev at lists.jboss.org <mailto:jboss-as7-dev at lists.**jboss.org<jboss-as7-dev at lists.jboss.org>
>> >
>>    https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists.jboss.org/mailman/listinfo/jboss-as7-dev>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-as7-dev/attachments/20111123/c47bbd9e/attachment.html

More information about the jboss-as7-dev mailing list