users@glassfish.java.net

Re: default roles of glassfish admin console ?

From: Nithya Subramanian <Nithya.Subramanian_at_Sun.COM>
Date: Sat, 27 Dec 2008 23:10:03 +0530

The default admin user/pwd is admin/adminadmin while the default admin
group is asadmin
(as defined in admin-realm)

So to configure this admin user, you could configure any arbitrary role
in auth-constraint in web.xml as follows:


        <auth-constraint>
            <description/>
            <role-name>tester</role-name>
         </auth-constraint>

 and map this role to the group - asadmin in sun-web.xml:

  <security-role-mapping>
    <role-name>tester</role-name>
    <group-name>asadmin</group-name>
  </security-role-mapping>

Alternatively the role-name could be specified as asadmin, and default
principal-role mapping option enabled in GF . This would obviate the
need to have a security-role mapping in sun-web.xml

        <auth-constraint>
            <description/>
            <role-name>asadmin</role-name>
            </auth-constraint>

Additionally in both cases, the realm should be specified as
admin-realm in web.xml

<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>admin-realm</realm-name>
</login-config>

HTH,
Nithya

Felipe Gaúcho wrote:
> what are the default roles of the administrative console of Glassfish ?
>
> may I use it in my own applications ? let's say: I declare a resource
> as secure, using the container itself to authenticate the access:
>
> <security-constraint>
> <display-name>Only Glassfish admin can access</display-name>
> <web-resource-collection>
> <web-resource-name>ALL</web-resource-name>
> <description />
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>Glassfish default admin role</description>
> <role-name>admin</role-name> <-- what can I use here ??
> </auth-constraint>
> </security-constraint>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.