[jboss-jira] [JBoss JIRA] (WFLY-2624) add-user.sh/bat should not automatically add users to *both* domain and standalone property files

Michael Reynolds (JIRA) issues at jboss.org
Thu Apr 10 22:14:13 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-2624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12960991#comment-12960991 ] 

Michael Reynolds commented on WFLY-2624:
----------------------------------------

So I looked into this today and I am pretty sure I have a fix at least planned out. I have taken potshots and implementing it but I want to think on it a little longer and test it out to make sure it's correct.

However I do have one concern. In the AddUserTestCase tests, the test that covers adding a new user doesn't actually call the any of the code that is affected by this change. I can poke around that class more to see if there are tests that do, but if I can't find any I would be at a lost of how to create JUnit test cases for these scenarios.
                
> add-user.sh/bat should not automatically add users to *both* domain and standalone property files
> -------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-2624
>                 URL: https://issues.jboss.org/browse/WFLY-2624
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Domain Management
>    Affects Versions: 8.0.0.Beta1
>            Reporter: Tom Fonteyne
>            Assignee: Darran Lofthouse
>            Priority: Minor
>             Fix For: 8.0.1.Final
>
>
> The script "add-user.sh" has options to set 
>     -dc <value>      Define the location of the domain config directory.
>     -sc <value>      Define the location the server config directory.
> The class:
>   org/jboss/as/domain/management/security/state/PropertyFileFinder.java
> in
>   private boolean findFiles(final String jbossHome, final List<File> foundFiles, final String fileName) {
> will always find both files. This means that in the event the user uses only one of the above options, the new user will also be added to the default file. This is seen as a security risk.
> We propose that when only *one* of the above options is set, that the user is *not* automatically added to the other (default) file. When neither option is set, stick with the current behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list