I believe by design, no authentication should be required if there is
only 1 admin user without password, regardless what that admin username
is. Thats why GUI bypass the login screen.
thanks
Anissa.
Shing Wai Chan wrote:
> Hi,
>
> I find that Admin GUI and (Admin CLI, REST) behave differently for
> admin user without password.
>
> Scenario 1:
> There is only one admin user with name "admin" without password.
> Admin GUI, CLI and REST do not prompt for the password.
>
> Scenario 2:
> There is only one admin user with name "anonymous" without password.
> Admin GUI does not prompt for the password.
> CLI and REST "do prompt" for the (empty) password.
>
> So, Admin GUI and (Admin CLI, REST) do behave differently.
> I think they should be consistent.
>
> Regards,
> Shing Wai Chan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>