Issue Details (XML | Word | Printable)

Key: GLASSFISH-14988
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Tim Quinn
Reporter: Harshad Vilekar
Votes: 0
Watchers: 1

If you were logged in you would be able to see more operations.

Can not browse to the REST URL with hostname

Created: 03/Dec/10 04:03 PM   Updated: 03/Feb/11 03:43 PM   Resolved: 04/Dec/10 05:07 PM
Component/s: security
Affects Version/s: 3.1_b31
Fix Version/s: 3.1_b32

Time Tracking:
Not Specified


Solaris 10, Sparc with Firefox 3.6.10.

Tags: 3_1-regression
Participants: Harshad Vilekar, Mitesh Meswani and Tim Quinn

 Description  « Hide

Install glassfish, start domain, and browse to the REST URL, example:

"Authentication Required" popup dialog is displayed. The pop up asks for username and password. Authentication fails with default Username = "admin", password = <blank>.

This is a regression - compared to the previous promoted build.

Serer Log displays:


[#|2010-12-03T15:02:13.728-0800|INFO|oracle-glassfish3.1||_ThreadID=124;_ThreadName=admin-thread-pool-4848(1);|Remote admin log-in attempt from host with username "admin" rejected because secure admin is disabled|#]


Workaround: Enable secure admin, and restart DAS.

Mitesh Meswani added a comment - 03/Dec/10 04:11 PM


Assigning to you initially to complete discussion on following...

Following is from GenericAdminAuthenticator#loginAsAdmin(...). The code seems to suggest that we do not want to allow any access from remote host to DAS if secure admin is disabled. Shouldn't it allow at least AdminAccessController.Access.MONITORING?

[1] GenericAdminAuthenticator#loginAsAdmin(...)

if ( ! NetUtils.isThisHostLocal(originHost) &&
! SecureAdmin.Util.isEnabled(secureAdmin) ) {
"Remote admin log-in attempt from host {0} with username \"{1}\" rejected because secure admin is disabled",
originHost, user));
return AdminAccessController.Access.NONE;


Tim Quinn added a comment - 04/Dec/10 04:20 PM

I have a fix in my local workspace and am testing it.

I tested http://host:4848/__asadmin/[command]

and http://host:4848/monitoring/domain

and both are now giving the correct responses.

Tim Quinn added a comment - 04/Dec/10 05:07 PM

Fix checked in.

roject: glassfish
Repository: svn
Revision: 43457
Author: tjquinn
Date: 2010-12-05 01:07:00 UTC

Log Message:
Fix for 14988

The authentication logic was incorrectly rejecting monitoring-only access from remote clients.

Tests: QL, manual asadmin and REST via browser tests


Modified Paths:

Harshad Vilekar added a comment - 03/Feb/11 03:43 PM

Verified: 3.1 b 40.