Allow for direct access from cadmin to CPAS instances.

CPAS instances need to accept admin requests directly from clients, not only via the DAS. To permit this, these changes fall into two broad categories: - Relaxing the prohibition against direct (non-DAS) admin access to instances, and - Allowing commands which affect authentication to be replicated to instances. AdminAdapter used to require admin requests to instances to originate from the DAS. This restriction is no longer enforced. Some of the important authentication-related commands - changing the admin password and managing file users - need to be replicated to running instances so that they use the up-to-date information when authenticating users, since such users can now connect directly to the instances. The general approach to authentication will be changing anyway, but this handful of changes will allow cadmin to connect directly to instances in the short term. git-svn-id: https://svn.java.net/svn/glassfish~svn/trunk/main@53781 6f3ba3e3-413c-0410-a8aa-90bee3ab43b5
payara · May 2, 2012 · 0ef96b5 · 0ef96b5
1 parent f32783d
commit 0ef96b5
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/nucleus/core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java b/nucleus/core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java
@@ -346,16 +346,16 @@ private boolean authenticate(Request req, ActionReport report, Response res)
                 break;
 
             case NONE:
-                if (env.isDas()) {
+//                if (env.isDas()) {
                     reportAuthFailure(res, report, "adapter.auth.userpassword",
                         "Invalid user name or password",
                         HttpURLConnection.HTTP_UNAUTHORIZED,
                         "WWW-Authenticate", "BASIC");
-                } else {
-                    reportAuthFailure(res, report, "adapter.auth.notOnInstance",
-                            "Configuration access to an instance is not allowed; please connect to the domain admin server instead to make configuration changes",
-                        HttpURLConnection.HTTP_FORBIDDEN);
-                }
+//                } else {
+//                    reportAuthFailure(res, report, "adapter.auth.notOnInstance",
+//                            "Configuration access to an instance is not allowed; please connect to the domain admin server instead to make configuration changes",
+//                        HttpURLConnection.HTTP_FORBIDDEN);
+//                }
                 break;
 
             default:

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/ChangeAdminPassword.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/ChangeAdminPassword.java
@@ -87,7 +87,7 @@
 @Service(name="change-admin-password")
 @Scoped(PerLookup.class)
 @I18n("change.admin.password")
-@ExecuteOn({RuntimeType.DAS})
+@ExecuteOn({RuntimeType.ALL})
 public class ChangeAdminPassword implements AdminCommand {
 
     final private static LocalStringManagerImpl localStrings = 

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateFileUser.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateFileUser.java
@@ -92,7 +92,7 @@
 @Service(name="create-file-user")
 @Scoped(PerLookup.class)
 @I18n("create.file.user")
-@ExecuteOn({RuntimeType.DAS, RuntimeType.INSTANCE})
+@ExecuteOn({RuntimeType.ALL})
 @TargetType({CommandTarget.DAS,CommandTarget.STANDALONE_INSTANCE,CommandTarget.CLUSTER, CommandTarget.CONFIG})
 @RestEndpoints({
     @RestEndpoint(configBean=AuthRealm.class,

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/DeleteFileUser.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/DeleteFileUser.java
@@ -87,7 +87,7 @@
 @Service(name="delete-file-user")
 @Scoped(PerLookup.class)
 @I18n("delete.file.user")
-@ExecuteOn({RuntimeType.DAS, RuntimeType.INSTANCE})
+@ExecuteOn({RuntimeType.ALL})
 @TargetType({CommandTarget.DAS,CommandTarget.STANDALONE_INSTANCE,CommandTarget.CLUSTER, CommandTarget.CONFIG})
 @RestEndpoints({
     @RestEndpoint(configBean=AuthRealm.class,

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/UpdateFileUser.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/UpdateFileUser.java
@@ -87,7 +87,7 @@
 @Service(name="update-file-user")
 @Scoped(PerLookup.class)
 @I18n("update.file.user")
-@ExecuteOn({RuntimeType.DAS, RuntimeType.INSTANCE})
+@ExecuteOn({RuntimeType.ALL})
 @TargetType({CommandTarget.DAS,CommandTarget.STANDALONE_INSTANCE,CommandTarget.CLUSTER, CommandTarget.CONFIG})
 @RestEndpoints({
     @RestEndpoint(configBean=AuthRealm.class,