On Tue, Mar 20, 2012 at 5:48 PM, Tom Mueller <tom.mueller_at_oracle.com> wrote:
> On 3/20/2012 1:18 PM, Laird Nelson wrote:
>
> Is this look-up-the-real-value-from-an-encrypted-store functionality tied
> to certain hard-wired properties (e.g. ones named "password", or...who
> knows), or is it a general-purpose substitution mechanism?
>
> It is a general-purpose substitution mechanism that works on any attribute
> in the domain.xml. If you are interested in the details, there is a
> GlassFish source file called TranslatedConfigView.java that does the
> substitution.
>
Excellent; figured as much--but could also make a relatively strong case
for a special-purpose "password only" implementation, which is why I
asked. Thanks again.
> Note that alias substitution has to be for the whole value, i.e.,
>
> value="abc${ALIAS=analias}xyz"
>
> will not work.
>
Oh, good to know.
> The two passwords that cannot be aliased in a password file are the
> AS_ADMIN_PASSWORD and AS_ADMIN_MASTERPASSWORD, because you have to
> authenticate with the server (the first one) and be able to open the
> domain-passwords file (the second one) in order to do password aliasing.
>
Excellent; so some portions of that article are working more or less by
chance, or simply because the user has to specify the information anyway.
Got it.
At the risk of running off on a tangent, and it's probably in the
Administration Guide, surely, but I've also seen property substitutions
like this:
${SOME_VALUE}
Are these system properties? Environment variables? Is this the usual de
facto standard Java system property substitution, or are these always
well-known values (most seem to be things like (if memory serves)
${as_install_root}, which look faintly magical)? If I use asadmin
create-system-property (or whatever that subcommand is), could I supply
these values as well?
Thanks for your help (and patience!).
Best,
Laird
--
http://about.me/lairdnelson