glassfish
  1. glassfish
  2. GLASSFISH-14770

Realm: new user added to admin-realm in server-config is copied to all other configs

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1
    • Fix Version/s: 3.1_dev
    • Component/s: admin_gui
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      build used : GF V3.1 promoted b30.

      Create a new config(testconfig) by copying from default-config.
      In the server-config, create a new user in the Security/Realms/admin-realm/.

      This new user also gets added to the new config ( test-config). It is also vice
      versa, meaning a new user created in the new config, gets added to server-config.
      Same with deletion, In the new-config if we delete a newly created user in the
      admin-realm, this user gets deleted from server-config also.

        Issue Links

          Activity

          Hide
          srinik76 added a comment -

          Create a new config test-config and using this config created a instance test-instance and under admin-realm added user using the following REST URL using REST GUI Interface

          http://localhost:4848/management/domain/configs/config/test-config/security-service/auth-realm/admin-realm/create-user

          Added the user test under test group.

          Now using the following REST URL
          http://localhost:4848/management/domain/configs/config/test-config/security-service/auth-realm/admin-realm/list-users

          gives user admin and test

          Now if we check the following REST URL to list users under sever-config,
          http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/admin-realm/list-users

          also it lists users admin and test.

          Assigning to Jason to look into this.

          Show
          srinik76 added a comment - Create a new config test-config and using this config created a instance test-instance and under admin-realm added user using the following REST URL using REST GUI Interface http://localhost:4848/management/domain/configs/config/test-config/security-service/auth-realm/admin-realm/create-user Added the user test under test group. Now using the following REST URL http://localhost:4848/management/domain/configs/config/test-config/security-service/auth-realm/admin-realm/list-users gives user admin and test Now if we check the following REST URL to list users under sever-config, http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/admin-realm/list-users also it lists users admin and test. Assigning to Jason to look into this.
          Hide
          Jason Lee added a comment -

          list-file-users seems to have the same issue WRT --target.

          Show
          Jason Lee added a comment - list-file-users seems to have the same issue WRT --target.
          Hide
          Jason Lee added a comment -

          This seems to be a CLI issue. It seems the CLI is not discriminating between the realms when listing users. A blocking issue has been linked to this one.

          Show
          Jason Lee added a comment - This seems to be a CLI issue. It seems the CLI is not discriminating between the realms when listing users. A blocking issue has been linked to this one.
          Hide
          Jason Lee added a comment -

          There appears to be a CLI issue blocking the fix on this. An issue has been filed and linked.

          Show
          Jason Lee added a comment - There appears to be a CLI issue blocking the fix on this. An issue has been filed and linked.
          Hide
          Jason Lee added a comment -

          The CLI fix seems to have fixed this issue.

          Show
          Jason Lee added a comment - The CLI fix seems to have fixed this issue.
          Hide
          shaline added a comment -

          This issue still exists on GF nightly dated b34-12-16.
          Tried 2 scenarios:
          1)Created a new user (administrator) in the admin-realm for default-config and added a password, this user got copied over to server-config, and even logout button got activated.

          2)Created a new configuration by copying from default-config. and in the new configuration added a new user "adminadmin" under security/admin-realm, This user got copied over to server-config, and even to default-config.

          Show
          shaline added a comment - This issue still exists on GF nightly dated b34-12-16. Tried 2 scenarios: 1)Created a new user (administrator) in the admin-realm for default-config and added a password, this user got copied over to server-config, and even logout button got activated. 2)Created a new configuration by copying from default-config. and in the new configuration added a new user "adminadmin" under security/admin-realm, This user got copied over to server-config, and even to default-config.
          Hide
          Anissa Lam added a comment -

          The create-file-user command does not take in target as option. I have reopened the bug GLASSFISH-14860

          Usage: asadmin [asadmin-utility-options] create-file-user
          [--groups user_groups[:user_groups]*] [--authrealmname <authrealm_name>]
          [?|-help[=<help(default:false)>]] username
          Command create-file-user failed.

          So, all user is added to server-config.

          Show
          Anissa Lam added a comment - The create-file-user command does not take in target as option. I have reopened the bug GLASSFISH-14860 Usage: asadmin [asadmin-utility-options] create-file-user [--groups user_groups [:user_groups] *] [--authrealmname <authrealm_name>] [ ?| -help [=<help(default:false)>] ] username Command create-file-user failed. So, all user is added to server-config.
          Hide
          Anissa Lam added a comment -

          I am closing this bug as previous status, Fixed. The scenario that you mentioned is the expected behavior.

          Note that the list of user all depends on the property keyFile. The keyFile for all the config that you mentioned ALL have the EXACT same keyFile. Thus when creating/removing user from one config, it will reflect to another config.

          You can try changing the keyFile property for testing.
          However, i saw problem in the backend for listing user. Refer to GLASSFISH-15273.

          Whenever you see problem with the GUI, PLEASE also try that using CLI. There are enough example in GLASSFISH-15273 that shows you how to do that. If GUI and CLI shows the same thing, it is not GUI bug, but backend bug.

          Show
          Anissa Lam added a comment - I am closing this bug as previous status, Fixed. The scenario that you mentioned is the expected behavior. Note that the list of user all depends on the property keyFile. The keyFile for all the config that you mentioned ALL have the EXACT same keyFile. Thus when creating/removing user from one config, it will reflect to another config. You can try changing the keyFile property for testing. However, i saw problem in the backend for listing user. Refer to GLASSFISH-15273 . Whenever you see problem with the GUI, PLEASE also try that using CLI. There are enough example in GLASSFISH-15273 that shows you how to do that. If GUI and CLI shows the same thing, it is not GUI bug, but backend bug.
          Hide
          shaline added a comment -

          Verified in promoted b43.

          Show
          shaline added a comment - Verified in promoted b43.

            People

            • Assignee:
              Anissa Lam
              Reporter:
              shaline
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: