users@glassfish.java.net

Re: asadmin troubles

From: <glassfish_at_javadesktop.org>
Date: Sat, 19 Sep 2009 06:26:22 PDT

Even more confusion:

now I just tried the asadmin login command and it seemed to work:
[pre]Enter admin user name [default: admin]>MyRoot
Enter admin password>
Admin login information for host [localhost] and port [9048]
is being overwritten with credentials provided because the
--savelogin option was used during the create-domain command.
Login information relevant to admin user name [MyRoot]
for host [localhost] and admin port [9048] stored at
[/usr/local/glassfishv3/.asadminpass] successfully.
Make sure that this file remains protected.
Information stored in this file will be used by
asadmin commands to manage the associated domain.
Command login executed successfully.[/pre]

...however in the logs again I see:
[pre]2009-09-19 15:04:06.926 [ FINE] FileRealm : file=/opt/glassfishv3/glassfish/domains/dom2/config/admin-keyfile
2009-09-19 15:04:06.926 [ FINE] FileRealm : jaas-context=ignore
2009-09-19 15:04:06.927 [ FINE] Reading file realm: /opt/glassfishv3/glassfish/domains/dom2/config/admin-keyfile
2009-09-19 15:04:06.927 [ FINE] File authentication failed for: [MyRoot][/pre]

...just exactly the same I see on all other commands:
[pre]2009-09-19 13:44:03.460 [ FINE] FileRealm : file=/opt/glassfishv3/glassfish/domains/dom2/config/admin-keyfile
2009-09-19 13:44:03.460 [ FINE] FileRealm : jaas-context=ignore
2009-09-19 13:44:03.460 [ FINE] Reading file realm: /opt/glassfishv3/glassfish/domains/dom2/config/admin-keyfile
2009-09-19 13:44:03.461 [ FINE] File authentication failed for: [MyRoot][/pre]

Then I issued a login using wrong password at the web interface to see the log output:
[pre]2009-09-19 14:00:06.649 [ FINE] [Web-Security] Setting Policy Context ID: old = null ctxID = __admingui/__admingui
2009-09-19 14:00:06.651 [ FINE] [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /j_security_check POST)
2009-09-19 14:00:06.652 [ FINE] [Web-Security] hasUserDataPermission isGranted: true
2009-09-19 14:00:06.653 [ FINEST] Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
2009-09-19 14:00:06.654 [ FINE] Logging in user [MyRoot] into realm: admin-realm using JAAS module: fileRealm
2009-09-19 14:00:06.655 [ FINE] Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
2009-09-19 14:00:06.655 [ FINE] File authentication failed for: [MyRoot]
2009-09-19 14:00:06.656 [ FINE] JAAS authentication aborted.
2009-09-19 14:00:06.657 [ INFO] SEC5046: Audit: Authentication refused for [MyRoot].
2009-09-19 14:00:06.658 [ FINEST] doPasswordLogin fails
javax.security.auth.login.LoginException: Failed file login for MyRoot.
        at com.sun.enterprise.security.auth.login.FileLoginModule.authenticate(FileLoginModule.java:80)
        at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
        at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:141)
...[/pre]

...and here the log for a web interface login using correct credentials:

[pre]2009-09-19 14:38:50.314 [ FINE] [Web-Security] Setting Policy Context ID: old = null ctxID = __admingui/__admingui
2009-09-19 14:38:50.315 [ FINE] [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /j_security_check POST)
2009-09-19 14:38:50.315 [ FINE] [Web-Security] hasUserDataPermission isGranted: true
2009-09-19 14:38:50.317 [ FINEST] Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
2009-09-19 14:38:50.318 [ FINE] Logging in user [MyRoot] into realm: admin-realm using JAAS module: fileRealm
2009-09-19 14:38:50.319 [ FINE] Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
2009-09-19 14:38:50.320 [ FINE] File login succeeded for: MyRoot
2009-09-19 14:38:50.320 [ FINE] JAAS login complete.
2009-09-19 14:38:50.321 [ FINE] JAAS authentication committed.
2009-09-19 14:38:50.322 [ FINE] Password login succeeded for : MyRoot
2009-09-19 14:38:50.323 [ FINE] Default CTOR of SecurityContext called
2009-09-19 14:38:50.324 [ FINE] SecurityContext: newInstance method called
2009-09-19 14:38:50.325 [ FINE] SecurityContext: setCurrentSecurityContext method called
2009-09-19 14:38:50.326 [ FINE] Set security context as user: MyRoot
...[/pre]


So what comes to mind is that the logging information is somewhat incorrect as the file realm (which is used by asadmin) points to file ...config/keyfile whereas the admin-realm (used by web interface) points to .../config/admin-keyfile. So the admin-keyfile file itself is correct. The keyfile is empty what is just fine so I wonder why the hell does the asadmin commands use the "file" realm for authentication?
[Message sent by forum member 'chaoslayer' (postmaster_at_chaoslayer.de)]

http://forums.java.net/jive/thread.jspa?messageID=364768
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.