With the latest GlassFish installation, there is an issue when using authToken. Steps to reproduce :
-Generate 2 auth tokens (attached program for the same).
-Using these auth tokens, from another host, invoke the below admin commands in DAS :
asadmin --host <DAS_IP> --_authToken <token1> list-commands
This command succeeds.
- Now when the below is done using REST and the second authToken,
wget --header="X-GlassFish-authToken: <token2>" http://DAS_IP:4848/management/domain/list-commands
the REST invocation fails with "Error 403 : Forbidden". Both asadmin and the wget commands were executed one after the other.
After some investigation, i found that when the request comes from the REST client, although the client sends X-GlassFish-authToken header, the backend REST request processor complete ignores this header while processing the request. Hence the authToken was not getting passed to the admin backend. So admin was rejecting the request with 403: forbidden. This needs to be fixed in the rest service.
The REST invocation with authToken is important for Non-JavaEE vm templates to be able to register themselves with IMS, without requiring the GlassFish installation in the VM.
Some background on authToken usage :
When secure-admin is enabled credentials can be used. In a default installation of GlassFish secure-admin is not enabled. Since IMS should work out-of-the box with the default installation of GlassFish, without requiring the administrator to enable secure-admin, IMS uses _authToken to authenticate admin requests.
During the creation of the VirtualMachine, IMS component running inside the DAS creates an authToken and passes it to the VM while booting, and the VMs will use the same authToken to run register-virtual-machine. That is bit of a detail on how authToken is used by IMS.
The database templates need not have a GlassFish installation in them. However the db VM should register itself with the DAS. Hence invoking register-virtual-machine command using REST is the right option. But similar to 'asadmin' CLI, the authToken should be passed while invoking register-virtual-machine REST command.
The "curl -D _authToken=<token2> http://DAS_IP:4848/management/...", command does not work. With some investigation on REST code, the authToken should be passed as a HTTP request header X-GlassFish-authToken. While trying to use that, I found that the REST request processor is not handling that header correctly.
This should be fixed.