Details
-
Bug
-
Resolution: Done
-
Major
-
EAP_EWP 5.1.0_CR3
-
None
-
Documentation (Ref Guide, User Guide, etc.), Release Notes
-
-
Documented as Resolved Issue
Description
The Tomcat console is always secured with the JAAS security domain "jmx-console", even when the user changes the JAAS security domain during the graphical install process. This leaves the user unable to login to this console without editing files manually.
What happens on the JMX Security screen of the graphical installer as of CR 3.5:
MANDATORY: Enter a password for the admin user of a new JAAS security domain
OPTIONAL: Change the name of the JAAS security domain
OPTIONAL: Specify to not secure http-invoker, jmx-invoker-service, web-console.war, and jmx-console.war. Default is to secure.
Result:
1. New JAAS security domain is created with the name you specify.
2. Users for your new JAAS security domain are in "jmx-console-users.properties", regardless of the JAAS security domain name you specified.
3. Admin console is secured with the JAAS security domain you specified.
4. Tomcat console is secured with "jmx-console" security domain, even if it doesn't exist. If you changed the JAAS security domain name during installation you cannot log in without editing the config files.
5. If you selected to secure it, jmx-console is secured by the JAAS security domain you specified.
6. If you selected to secure it, web-console is secured by the JAAS security domain you specified.
Everything there seems as expected, [assuming that the Admin and Tomcat consoles should always be secured] except the behaviour of the Tomcat console. I would expect it to follow the behaviour of either Admin Console (always secured, using the correct JAAS security domain).
Attachments
Issue Links
- relates to
-
JBPAPP-5109 Admin console secured after Graphical Install specifying no JAAS security for admin console
- Closed