glassfish
  1. glassfish
  2. GLASSFISH-19081

The admin password can be changed even the wrong original password was entered.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.0_b53
    • Fix Version/s: 4.0_b54
    • Component/s: admin
    • Labels:
      None
    • Environment:

      Windows 7, Windows XP

      Description

      [Bug Description]
      When execute change-admin-password sub-command at the DAS was running, new password was setted
      even a wrong original password entered.
      It is similar to http://java.net/jira/browse/GLASSFISH-15783.
      However, it can be reproduced in the latest version of GFv4.

      [Operations]
      STEP1.Start the DAS.
      C:\glassfish3\glassfish\bin>asadmin start-domain

      STEP2.Excute the change-admin-password sub-command to change the password.
      C:\glassfish3\glassfish\bin>asadmin change-admin-password
      Enter admin user name [default: admin]>admin/[Enetr Button]
      Enter admin password>[Any string]
      Enter new admin password>[new psw]
      Enter new admin password again>[new psw]
      Command change-admin-password executed successfully.

      NOTE: The pwd has changed to [new psw].Use user:admin/pwd:[new psw] can login successfully.
      C:\glassfish3\glassfish\bin>asadmin login
      Enter admin user name [Enter to accept default]>admin
      Enter admin password>[new psw]
      Admin login information for host [localhost] and port [4848] is being overwritten with credentials p
      rovided. This is because the --savelogin option was used during create-domain command.
      Login information relevant to admin user name [admin] for host [localhost] and admin port [4848] sto
      red at [C:\Documents and Settings\Administrator\.gfclient\pass] successfully.
      Make sure that this file remains protected. Information stored in this file will be used by asadmin
      commands to manage associated domain.
      Command login executed successfully.

      [affected versions]
      1 4.0_b53
      2 gf's trunk until 2012/09/12

        Activity

        Hide
        zhouronghui added a comment -

        I think that this BUG cause by the modify in GLASSFISH-18755. and the revision is 54235.
        In revision 54235, the evaluation of password in ChangeAdminPasswordCommand.java was deleted.

        nucleus\admin\server-mgmt\src\main\java\com\sun\enterprise\admin\servermgmt\cli\ChangeAdminPasswordCommand.java


        programOpts.setPassword(password,
        ProgramOptions.PasswordLocation.USER);


        I think that the evaluation of password should be reserved. I moditied the source and tested it.
        I have attetched the patch for this ISSUE, Would you please check it?

        Thanks.

        Show
        zhouronghui added a comment - I think that this BUG cause by the modify in GLASSFISH-18755 . and the revision is 54235. In revision 54235, the evaluation of password in ChangeAdminPasswordCommand.java was deleted. nucleus\admin\server-mgmt\src\main\java\com\sun\enterprise\admin\servermgmt\cli\ChangeAdminPasswordCommand.java programOpts.setPassword(password, ProgramOptions.PasswordLocation.USER); I think that the evaluation of password should be reserved. I moditied the source and tested it. I have attetched the patch for this ISSUE, Would you please check it? Thanks.
        Hide
        Tom Mueller added a comment -

        Fix on the trunk in revision 55997.

        Thank you for submitting the patch.

        Show
        Tom Mueller added a comment - Fix on the trunk in revision 55997. Thank you for submitting the patch.

          People

          • Assignee:
            Tom Mueller
            Reporter:
            zhouronghui
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: