Needless to say, I never use the installer. :-)
Yes, the installer should probably remove the concept of "anonymous",
but it might want to offer a similar choice - default admin user with
not password, or you specify the admin user (default "admin") and password.
An interesting question is whether it would be better to just display
username and password fields, with the username pre-filled in with "admin"
and the password field empty, and just let people click "ok".
Let me know if there's anything I can do to help you update the installer.
If you want me to wait on these changes until you're further along, let
me know.
Sathyan Catari wrote on 09/09/09 16:35:
> Thanks for the heads up Bill, this would also require changes in the
> installer to remove "anonymous" option
> and our changes need to be synced up.
>
> -Sathyan
>
> Bill Shannon wrote:
>> We've been struggling with a number of issues related to anonymous
>> admin login, such as:
>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=8673
>>
>> It's been unclear how the transition from anonymous login to
>> authenticated login should work.
>>
>> It's also the case that if you send incorrect credentials to a
>> domain that's configured for anonymous login, it will accept them,
>> which can hide configuration errors.
>>
>>
>> Several of us discussed these issues offline and we decided to simplify
>> all of this. Here's what we'll do...
>>
>> We'll remove the "anonymous" user. Instead, there will be a default
>> admin user named "admin" with no password.
>>
>> If there's exactly one admin user (whatever the name), with no password,
>> unauthenticated login will be allowed. The admin GUI will send you to
>> the main page without you needing to type anything to the login page.
>> For the admin CLI, if you don't specify a --user option, it will send
>> requests with no authentication information, which will be accepted in
>> this case. If you specify a user name, it must be the correct user
>> name with the correct (by default empty) password.
>>
>> When creating a new domain you can choose the name of the admin user
>> (or use the default). You can also specify a --nopassword option and
>> you won't be prompted for a password for the admin user (avoiding the
>> need to provide a password file for scripts that create such domains).
>>
>> An important aspect of this change is that creating a domain with
>> "--user anonymous" is no longer special; you'll be required to specify
>> a password using a password file, or use the --nopassword option.
>> There's nothing special about the user name "anonymous", and you
>> probably shouldn't be using that user name anymore.
>>
>> The transition to an authenticated domain is easy - simply assign a
>> password to the admin user.
>>
>>
>> I'll be committing this change later this week. Changes to the quicklook
>> tests will be included. Likely other tests will need to be updated to
>> accommodate these changes, in particular to remove any use of the user
>> name
>> "anonymous".
>>
>> Let me know if you have any questions.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>