Details
-
Bug
-
Resolution: Won't Do
-
Minor
-
7.1.0.CR1b
-
None
Description
I'm aware of add-user.sh isn't general tool for managing an user/groups/roles credential store at all. Is it supposed only as shorthand for quick definition of users access to admin console out of the box. Well..
According previous paragraph it isn't to much meaningful for me to bring possibility of specify another realm during the invocation of this tool. I think already - Admin console can use another realm than ManagementRealm by change default configuration. I think already too - property file can't contain users definition belong multiple realms. As is stated in comment in the begin of file mgmt-users.properties, this file is for "declaration of users for the realm 'ManagementRealm'".
I think we should avoid to insert new user with different realm there (it is possible now). add-user.sh doesn't manage any other file and other property file(s) can't be specified during invocation.
I think this present situation/behavior should confuse hard our end-users - especially users with their own experiences with other JEE servers (Apache Geronimo, Sun/Oracle GlassFish etc.).
Because we don't provide/support any tool for general CRUD managing of credential store of type like property file(s) - like other JEE app. servers do, we really should use this script/tool only as way to simple very basic user creation in default AS7 environment, because we can't support this tool in any other situation with present behavior and in a such changed environments behavior or final state is hardly understandable (if we create property file (by other way) with the same username, but in different realms, we can't log to admin console never more; if we have users in one realm, switch AS7 instance to use other "admin" realm, we can't add any from existing user to this new realm; we don't know which user belongs to which realm later etc.)
So conclusion - I think we should remove specification of Realm from input process of add-user.sh script at all and use this script only to define users belongs to ManagementRealm realm and manages only properly mgmt-users.properties files (standalone and domain configuration)
