admin@glassfish.java.net

Re: master password during upgrade

From: Tim Quinn <tim.quinn_at_oracle.com>
Date: Wed, 28 Apr 2010 15:21:14 -0500

In our earlier conversation I half-jokingly mentioned this, but things
might be quite a bit simpler on several fronts if the upgrade tool
did use "callable asadmin."

There has been some change in the classes lately - Bill should confirm
this - but the upgrade tool could instantiate a RemoteCommand (in the
admin/cli module). The constructor accepts a ProgramOptions object
which could contain a password option which would be the password
itself (not a file containing the password). The ProgramOptions
object could also contain other settings that would otherwise be
passed on the asadmin command line.

The RemoteCommand.executeAndReturnOutput method would run the command
and give the results back in a String.

This approach might resolve the password issue while also removing the
need to actually run the asadmin utility.

Just a thought.

Note: (not an issue for the upgrade tool which is part of GlassFish)
As far as I know, the RemoteCommand class and its methods are not part
of the published, supported interface to GlassFish, so GlassFish users
should not view this approach as a general-purpose callable admin
interface.


- Tim

On Apr 28, 2010, at 2:26 PM, Bobby Bissett wrote:

> Hi all,
>
> The upgrade tool prompts a user for a domain's master password, and
> then (if one is given) writes it to a temp file and passes it to
> asadmin with a --passwordfile option. As a reminder, the tool calls
> the command line interface of asadmin with a Runtime#exec call.
> Writing out this password in clear text is a no-no, so I need some
> other way to get the password into asadmin.
>
> It'd be great if we could drop the password from the tool
> completely, have the user do some form of 'asadmin login' first, and
> rely on the .asadminpass file that contains the hashed password, but
> I can only see that this applies to the admin password and not the
> master password.
>
> Does someone else have an idea of how I can handle this? Is there a
> way to avoid specifying the master password entirely when the --
> upgrade argument is present?
>
> Thanks,
> Bobby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.