glassfish
  1. glassfish
  2. GLASSFISH-17005

list-secure-admin-principals and list-secure-admin-internal-users both incorrectly prompt for a command operand

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1, 3.1.2_b02, 4.0
    • Fix Version/s: 3.1.2_b02, 4.0
    • Component/s: admin
    • Labels:
      None

      Description

      The list-secure-admin-principals and list-secure-admin-internal-users commands both incorrectly prompt for a command operand. In contrast, they should not – these commands should list all of the respective elements.

      The problem is that I incorrectly specified a resolver for the two list commands in the CRUD notation.

      This is certainly not a show-stopper for 3.1.1 release. Relatively few users will create secure admin principals or secure admin internal users, so few will need to list them. As a workaround, users can use

      asadmin get secure-admin.secure-admin-principal.*

      or

      asadmin get secure-admin.secure-admin-internal-user.*

      In both cases, if no such items are defined then the user gets a message like this:

      remote failure: Dotted name path secure-admin.secure-admin-internal-user.* not found.
      Command get failed.

      which is ugly but it conveys correct information.

      I have marked this for review in case others feel strongly that this is in-your-face enough to warrant a fix at this point.

      Why fix this issue in 3.1.1?
      Although there is a workaround, the error is very in-your-face.

      Which is the targeted build of 3.1.1 for this fix?
      If approved, b11.

      Do regression tests exist for this issue?
      not yet

      Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
      Tests involving enabling secure admin; the CRUD list functionality should be fully insulated from other code paths.

        Activity

        Hide
        Tim Quinn added a comment -

        Restoring original "affects" list which I accidentally changed.

        Show
        Tim Quinn added a comment - Restoring original "affects" list which I accidentally changed.
        Hide
        Tim Quinn added a comment -

        By virtue of being fixed in then-3.2 this is also fixed in 4.0.

        Show
        Tim Quinn added a comment - By virtue of being fixed in then-3.2 this is also fixed in 4.0.
        Hide
        Tim Quinn added a comment -

        Adding 3.1.2-b2 as a fixed-in build to reflect the earlier fix check-in for 3.1.2.

        Show
        Tim Quinn added a comment - Adding 3.1.2-b2 as a fixed-in build to reflect the earlier fix check-in for 3.1.2.
        Hide
        Tim Quinn added a comment -

        Updating "fixed in" field.

        Show
        Tim Quinn added a comment - Updating "fixed in" field.
        Hide
        Tim Quinn added a comment -

        Fix for 3.1.2 checked in.

        Project: glassfish
        Repository: svn
        Revision: 48936
        Author: tjquinn
        Date: 2011-08-19 22:20:09 UTC
        Link:

        Log Message:
        ------------
        Fix for 17005

        In 3.1.1 we added enable- and disable-secure-admin-[principal | internal-user] commands. We also added the corresponding list-xxx commands but they incorrectly demand a command operand.

        This check-in fixes that problem with the list-secure-admin-principals and list-secure-admin-internal-users commands.

        Revisions:
        ----------
        48936

        Modified Paths:
        ---------------
        branches/3.1.2/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java

        Show
        Tim Quinn added a comment - Fix for 3.1.2 checked in. Project: glassfish Repository: svn Revision: 48936 Author: tjquinn Date: 2011-08-19 22:20:09 UTC Link: Log Message: ------------ Fix for 17005 In 3.1.1 we added enable- and disable-secure-admin- [principal | internal-user] commands. We also added the corresponding list-xxx commands but they incorrectly demand a command operand. This check-in fixes that problem with the list-secure-admin-principals and list-secure-admin-internal-users commands. Revisions: ---------- 48936 Modified Paths: --------------- branches/3.1.2/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java
        Hide
        Tim Quinn added a comment -

        Fixed in trunk.

        Project: glassfish
        Repository: svn
        Revision: 48036
        Author: tjquinn
        Date: 2011-07-14 21:37:25 UTC
        Link:

        Log Message:
        ------------
        Check-ins for 16437, 16438, 16545

        These changes enhance secure admin so that users can

        1. enable multiple certificates as authorized for admin operations
        2. have GlassFish processes authenticate to each other using an admin username and password instead of certificates
        3. stronger checking that admin messages from other GlassFish processes are from servers in the same domain.

        Approved for 3.1.1: Sathyan
        Tests: QL, deployment single-instance and cluster devtests

        Revisions:
        ----------
        48036

        Modified Paths:
        ---------------
        trunk/v3/common/container-common/src/main/java/com/sun/enterprise/container/common/LocalStrings.properties
        trunk/v3/common/container-common/src/main/java/com/sun/enterprise/container/common/GenericAdminAuthenticator.java
        trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/DisableSecureAdminCommand.java
        trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/EnableSecureAdminCommand.java
        trunk/v3/security/core/src/main/resources/com/sun/enterprise/security/admin/cli/LocalStrings.properties
        trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/SecureAdminCommand.java
        trunk/v3/core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java
        trunk/v3/admin/util/src/main/java/com/sun/enterprise/admin/remote/ServerRemoteAdminCommand.java
        trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/LocalStrings.properties
        trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java
        trunk/v3/admin/util/src/main/java/com/sun/enterprise/admin/remote/RemoteAdminCommand.java
        trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminPrincipal.java

        Added Paths:
        ------------
        trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/SecureAdminHelperImpl.java
        trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminHelper.java
        trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminInternalUser.java

        Show
        Tim Quinn added a comment - Fixed in trunk. Project: glassfish Repository: svn Revision: 48036 Author: tjquinn Date: 2011-07-14 21:37:25 UTC Link: Log Message: ------------ Check-ins for 16437, 16438, 16545 These changes enhance secure admin so that users can 1. enable multiple certificates as authorized for admin operations 2. have GlassFish processes authenticate to each other using an admin username and password instead of certificates 3. stronger checking that admin messages from other GlassFish processes are from servers in the same domain. Approved for 3.1.1: Sathyan Tests: QL, deployment single-instance and cluster devtests Revisions: ---------- 48036 Modified Paths: --------------- trunk/v3/common/container-common/src/main/java/com/sun/enterprise/container/common/LocalStrings.properties trunk/v3/common/container-common/src/main/java/com/sun/enterprise/container/common/GenericAdminAuthenticator.java trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/DisableSecureAdminCommand.java trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/EnableSecureAdminCommand.java trunk/v3/security/core/src/main/resources/com/sun/enterprise/security/admin/cli/LocalStrings.properties trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/SecureAdminCommand.java trunk/v3/core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java trunk/v3/admin/util/src/main/java/com/sun/enterprise/admin/remote/ServerRemoteAdminCommand.java trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/LocalStrings.properties trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java trunk/v3/admin/util/src/main/java/com/sun/enterprise/admin/remote/RemoteAdminCommand.java trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminPrincipal.java Added Paths: ------------ trunk/v3/security/core/src/main/java/com/sun/enterprise/security/admin/cli/SecureAdminHelperImpl.java trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminHelper.java trunk/v3/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminInternalUser.java
        Hide
        scatari added a comment -

        Tim,
        Although the changes look okay, let us defer this to the next release given how close we are to producing a FCS candidate build. Thanks for your understanding and appreciate your efforts to improve 3.1.1 quality. I have already marked them with appropriate tags.

        Thanks

        Show
        scatari added a comment - Tim, Although the changes look okay, let us defer this to the next release given how close we are to producing a FCS candidate build. Thanks for your understanding and appreciate your efforts to improve 3.1.1 quality. I have already marked them with appropriate tags. Thanks
        Hide
        Tim Quinn added a comment -

        Here are the code changes. In both cases I have removed the "resolver" setting for the @Listing anno.

        Index: src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java
        ===================================================================
        — src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java (revision 47947)
        +++ src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java (working copy)
        @@ -70,13 +70,13 @@
        @Element
        @Create(value="enable-secure-admin-principal", decorator=SecureAdminPrincipal.CrDecorator.class, i18n=@I18n("enable.secure.admin.principal.command"))
        @Delete(value="disable-secure-admin-principal", resolver=SecureAdminPrincipal.Resolver.class, i18n=@I18n("disable.secure.admin.principal.command"))

        • @Listing(value="list-secure-admin-principals", resolver=SecureAdminPrincipal.Resolver.class, i18n=@I18n("list.secure.admin.principals.command"))
          + @Listing(value="list-secure-admin-principals", i18n=@I18n("list.secure.admin.principals.command"))
          public List<SecureAdminPrincipal> getSecureAdminPrincipal();

        @Element
        @Create(value="enable-secure-admin-internal-user", decorator=SecureAdminInternalUser.CrDecorator.class, i18n=@I18n("enable.secure.admin.internal.user.command"))
        @Delete(value="disable-secure-admin-internal-user", resolver=TypeAndNameResolver.class, i18n=@I18n("disable.secure.admin.internal.user.command"))

        • @Listing(value="list-secure-admin-internal-users", resolver=TypeAndNameResolver.class, i18n=@I18n("list.secure.admin.internal.user.command"))
          + @Listing(value="list-secure-admin-internal-users", i18n=@I18n("list.secure.admin.internal.user.command"))
          public List<SecureAdminInternalUser> getSecureAdminInternalUser();

        /**

        Show
        Tim Quinn added a comment - Here are the code changes. In both cases I have removed the "resolver" setting for the @Listing anno. Index: src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java =================================================================== — src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java (revision 47947) +++ src/main/java/com/sun/enterprise/config/serverbeans/SecureAdmin.java (working copy) @@ -70,13 +70,13 @@ @Element @Create(value="enable-secure-admin-principal", decorator=SecureAdminPrincipal.CrDecorator.class, i18n=@I18n("enable.secure.admin.principal.command")) @Delete(value="disable-secure-admin-principal", resolver=SecureAdminPrincipal.Resolver.class, i18n=@I18n("disable.secure.admin.principal.command")) @Listing(value="list-secure-admin-principals", resolver=SecureAdminPrincipal.Resolver.class, i18n=@I18n("list.secure.admin.principals.command")) + @Listing(value="list-secure-admin-principals", i18n=@I18n("list.secure.admin.principals.command")) public List<SecureAdminPrincipal> getSecureAdminPrincipal(); @Element @Create(value="enable-secure-admin-internal-user", decorator=SecureAdminInternalUser.CrDecorator.class, i18n=@I18n("enable.secure.admin.internal.user.command")) @Delete(value="disable-secure-admin-internal-user", resolver=TypeAndNameResolver.class, i18n=@I18n("disable.secure.admin.internal.user.command")) @Listing(value="list-secure-admin-internal-users", resolver=TypeAndNameResolver.class, i18n=@I18n("list.secure.admin.internal.user.command")) + @Listing(value="list-secure-admin-internal-users", i18n=@I18n("list.secure.admin.internal.user.command")) public List<SecureAdminInternalUser> getSecureAdminInternalUser(); /**
        Hide
        scatari added a comment -

        Tim,
        Please attach the code changes for review.

        Thanks

        Show
        scatari added a comment - Tim, Please attach the code changes for review. Thanks

          People

          • Assignee:
            Tim Quinn
            Reporter:
            Tim Quinn
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: