[jboss-jira] [JBoss JIRA] (WFLY-2624) add-user.sh/bat should not automatically add users to *both* domain and standalone property files

[Tom Fonteyne (JIRA)]

Tom Fonteyne created WFLY-2624:
----------------------------------

             Summary: add-user.sh/bat should not automatically add users to *both* domain and standalone property files
                 Key: WFLY-2624
                 URL: https://issues.jboss.org/browse/WFLY-2624
             Project: WildFly
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Domain Management
    Affects Versions: 8.0.0.Beta1
            Reporter: Tom Fonteyne
            Assignee: Brian Stansberry
            Priority: Minor


The script "add-user.sh" has options to set 
    -dc <value>      Define the location of the domain config directory.
    -sc <value>      Define the location the server config directory.

The class:
  org/jboss/as/domain/management/security/state/PropertyFileFinder.java
in
  private boolean findFiles(final String jbossHome, final List<File> foundFiles, final String fileName) {

will always find both files. This means that in the event the user uses only one of the above options, the new user will also be added to the default file. This is seen as a security risk.

We propose that when only *one* of the above options is set, that the user is *not* automatically added to the other (default) file. When neither option is set, stick with the current behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira