users@glassfish.java.net

Re: problem with insecure admin console and

From: Christian Andersson <ca_at_ofs.no>
Date: Mon, 08 Dec 2008 09:58:15 +0100

just to let you all know.. This is still not working for me :-(

I've also checked the policy files to see if there is something in there
that mightbe a possible error, but cannot find anything.
and I've checked the omain.xml file manually, but no lck..

can anyone think of anything else for me to check?



Christian Andersson skrev:
> Thank you for trying to help me. (see answer inline)
>
> Wolfram Rittmeyer wrote:
>> Christian Andersson wrote:
>>> Hi there, I have just taken over an server with Application server
>>> installed on it (it is about to go into production) by someone else
>>> (notin our office)
>>>
>>> On this server there is application server, accessmanager and portal
>>> server.
>>>
>>> my problemhowever is that when I start the default domain (domain1)
>>> and surf to the admin console (port 4848) I get directly into the
>>> admin console, I'm not required to enter username or password..
>>>
>>
>> This is configured in the admingui's web.xml. You can find it in
>> GF_INSTALL/lib/install/applications/admingui/adminGUI_war/WEB-INF
> Ok, just looked at this file and from what I can see the section below
> is there.
> exactly as written.
>
> besides if this is a generic webapp (the location of the files is not
> in the domains folder)
> should not this be used for all domains, and this is workjing for domain2
>> Generally you can find the following configuration in here:
>> 218 <login-config>
>> 219 <auth-method>FORM</auth-method>
>> 220 <realm-name>admin-realm</realm-name>
>> 221 <form-login-config>
>> 222 <form-login-page>/login.jsf</form-login-page>
>> 223
>> <form-error-page>/loginError.jsf</form-error-page>
>> 224 </form-login-config>
>> 225 </login-config>
>> 226 <security-role>
>> 227 <role-name>admin</role-name>
>> 228 </security-role>
>>
>> Most probably s.o. has changed these lines.
>>
>>
>>> the person doing the installationis not available right now so I'm
>>> hoping that anyone here can help me (we must have username/password
>>> for the admin console)
>>>
>>>
>>> I've loocked over th4 settings and cannot see any directly wrong
>>>
>>> I've also created a new domain just to see if I get the login screen
>>> there, and I do so it is not an application server problem.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.