On 9/9/09 4:35 PM, Sathyan Catari wrote:
> Thanks for the heads up Bill, this would also require changes in the
> installer to remove "anonymous" option
> and our changes need to be synced up.
>
Yep, thanks, I think we need to react to the change in both Eclipse and
NetBeans plugins.
Let us know when the integration is done...
Be patient if the plugins are a bit broken for a while, I think they
should still work with a real non empty password, as a temp workaround.
Ludo
> -Sathyan
>
> Bill Shannon wrote:
>> We've been struggling with a number of issues related to anonymous
>> admin login, such as:
>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=8673
>>
>> It's been unclear how the transition from anonymous login to
>> authenticated login should work.
>>
>> It's also the case that if you send incorrect credentials to a
>> domain that's configured for anonymous login, it will accept them,
>> which can hide configuration errors.
>>
>>
>> Several of us discussed these issues offline and we decided to simplify
>> all of this. Here's what we'll do...
>>
>> We'll remove the "anonymous" user. Instead, there will be a default
>> admin user named "admin" with no password.
>>
>> If there's exactly one admin user (whatever the name), with no password,
>> unauthenticated login will be allowed. The admin GUI will send you to
>> the main page without you needing to type anything to the login page.
>> For the admin CLI, if you don't specify a --user option, it will send
>> requests with no authentication information, which will be accepted in
>> this case. If you specify a user name, it must be the correct user
>> name with the correct (by default empty) password.
>>
>> When creating a new domain you can choose the name of the admin user
>> (or use the default). You can also specify a --nopassword option and
>> you won't be prompted for a password for the admin user (avoiding the
>> need to provide a password file for scripts that create such domains).
>>
>> An important aspect of this change is that creating a domain with
>> "--user anonymous" is no longer special; you'll be required to specify
>> a password using a password file, or use the --nopassword option.
>> There's nothing special about the user name "anonymous", and you
>> probably shouldn't be using that user name anymore.
>>
>> The transition to an authenticated domain is easy - simply assign a
>> password to the admin user.
>>
>>
>> I'll be committing this change later this week. Changes to the
>> quicklook
>> tests will be included. Likely other tests will need to be updated to
>> accommodate these changes, in particular to remove any use of the
>> user name
>> "anonymous".
>>
>> Let me know if you have any questions.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>