|
Replies:
3
-
Last Post:
Apr 21, 2008 5:54 AM
by: jr158900
|
|
|
|
|
|
|
Multiple password files
Posted:
Apr 17, 2008 4:36 AM
|
|
|
Hi,
I'm having trouble with the password file system of glassfish. I don't have anything against it in itself, but I find it a little too restrictive right now (or can anyone tell me how to do it differently?)
The problem I have is with AS_ADMIN_MAPPEDPASSWORD. This allows the setting of passwords (in the security map of a connection pool, as an example). The principle itself is okay, I don't mind having all my password in a secure file... But if I have different user that need to be mapped (something that is VERY quickly the case, just think of a FTP Adapter with 1 connection factory to different EIS), I need two password files with both of them sporting the AS_ADMIN and other platform related stuff.
I do not want to have one file per connection factory (or one per mapped user)! The adminstrative overhead of controlling so many files for nothing is just wrong!
Is there a better way to do it or is this something that has been overlooked until now?
Should I create a change request for the next version?
thanks
jeremie
|
|
|
|
|
|
|
Re: Multiple password files
Posted:
Apr 20, 2008 5:10 AM
in response to: granat
|
|
|
you can use password-alias instead.
http://forums.java.net/jive/thread.jspa?threadID=15715
asadmin create-password-alias --help will provide more details.
You may have to use the password alias via GUI.
Connector-connection-pool > security-maps> Backend principal
Thanks,
-Jagadish
|
|
|
|
|
|
|
|
|
Re: Multiple password files
Posted:
Apr 20, 2008 11:47 PM
in response to: jr158900
|
|
|
Hi,
Using the GUI works even without using the aliases. The password file is only used when you want to use the command line tooling mechanism.
As a rule, we don't use the GUI for Integration / Production deployment, mostly because we have no way of garantying a repeat of the process (no recording of the clicks). We have created bash files that install applications as well as create datasources / connection factories. We then only record the parameter used in this way.
Password aliases doesn't solve the problem of having only ONE parameter to pass mapped password. In this case, the used key would not be the password but the password alias... The fact that you can't have two password alias for two different connection poll security maps is still there.
greets
jeremie
|
|
|
|
|
|
|
|
|
Re: Multiple password files
Posted:
Apr 21, 2008 5:54 AM
in response to: granat
|
 |
Helpful |
|
|
you can use dotted-names commands to set the password or alias-name.
eg:
asadmin list "*security-map*"
domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map
domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal
server.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map
server.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal
asadmin get domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal.*
domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal.password =
domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal.user-name = jagadish
asadmin set domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal.password=jagadish
domain.resources.connector-connection-pool.jms/topicpool.security-map.topicpool-map.backend-principal.password = jagadish
|
|
|
|
|
java.net RSS
