This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 85605 - Admin name and password in properties are changed after entering user /password in Authentication dialog
Summary: Admin name and password in properties are changed after entering user /passwo...
Status: VERIFIED FIXED
Alias: None
Product: serverplugins
Classification: Unclassified
Component: Sun Appserver 9 (show other bugs)
Version: 5.x
Hardware: All All
: P2 blocker (vote)
Assignee: _ ludo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-09-22 22:30 UTC by Roderico Cruz
Modified: 2006-09-29 09:53 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Zip containing Secure Web App Project (163.21 KB, application/octet-stream)
2006-09-22 22:36 UTC, Roderico Cruz 		Details
patch (1.57 KB, text/plain)
2006-09-25 17:08 UTC, _ ludo 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roderico Cruz 2006-09-22 22:30:25 UTC 
The admin name and password is changed erroneously in the AS9 property sheet
when the user enters user name and password to gain access to a resource that is
protected by Basic Authentication. This results in an error message. To
reproduce, use the attached web project. This web project has a web service that
is protected via Basic Authentication (basically, the servlet is being protected).

Perform the following after downloading the attached project:

1. First, add a user to the security configuration of Glassfish. In the
admin-realm, add user name "usr1" and group name "users". For convenience,
password of usr1 was set to also "usr1". Restart the app server.

2. In the IDE, open the attached web project.
3. Deploy the web project to the app server.
4. Create a new web project.
5. In the new web project, right click and select New/Web Service Client.
6. In the wizard, click on the Project radio button and click the browse button.
Navigate to the SecGreet web service node and select it. Click OK.
7. Enter a package name in the Package field.
8. Click on the finish button.
9. The Authentication dialog comes up prompting you for the name and password.
Enter "usr1" for both.
10. Generation of client artifacts completes successfully.
11. After a few seconds an error dialog comes up saying that the admin user and
password are wrong.
12. Go to the runtime tag and bring up the property sheet of Glassfish. Note
that the admin name and password has now been changed to "usr1" instead of the
admin/adminadmin default values.
Comment 1 Roderico Cruz 2006-09-22 22:36:50 UTC 
Created attachment 34399 [details]
Zip containing Secure Web App Project
Comment 2 _ ludo 2006-09-24 00:34:59 UTC 
global Adminauthenticator does not filter is the request if for admin APIs or
any other http request...Mahybe we need to check for the port number? I'll look
into that (admin requests are on 4848 where as secure user apps would not be on
that port...)
Comment 3 _ ludo 2006-09-24 00:41:10 UTC 
We need to call the getRequestingPort() API  to check is it is the same as the
admin port. If not, no need to store the u/p as it is not for the admin port.

Easy fix I think. good catch.
Comment 4 _ ludo 2006-09-25 04:15:10 UTC 
Fix almost ready.
Comment 5 _ ludo 2006-09-25 17:08:43 UTC 
Created attachment 34464 [details]
patch
Comment 6 _ ludo 2006-09-25 17:10:00 UTC 
Please review the patch. The idea is to do an extra test for the requesting
server to detect if this is the admin port or the user app port.
On case of user port, we do not trigger the logic about updating the U/p for
Admin apis.
Comment 8 Vince Kraemer 2006-09-25 21:44:34 UTC 
if the preferredSDMI is null, there is still a possibility that ip won't be null.

if ip isn't null, then the InstanceProperties' username and password attributes
might get changed....

Would it be a good idea to remove the else at lines 70-74 of 1.2.8.2.2.3.2.1?
Comment 9 _ ludo 2006-09-26 00:50:53 UTC 
preferredSDMI cannot be null currently unless the constructor is given a null
value, and our code is not passing null.
But I agree with handling this case as well, as suggested.
Comment 10 _ ludo 2006-09-26 00:55:05 UTC 
incr diff checked in in dev:
--- AdminAuthenticator.java	25 Sep 2006 16:28:43 -0000	1.2.8.2.2.3.2.1
+++ AdminAuthenticator.java	25 Sep 2006 23:53:12 -0000
@@ -67,11 +67,12 @@
                         preferredSunDeploymentManagerInterface.getHost(),
                         preferredSunDeploymentManagerInterface.getPort());
             }
-        } else {
-           
keyURI=SunURIManager.SUNSERVERSURI+site.getHostName()+":"+getRequestingPort();
-            ip= InstanceProperties.getInstanceProperties(keyURI);
-
         }
+//            else {
+//           
keyURI=SunURIManager.SUNSERVERSURI+site.getHostName()+":"+getRequestingPort();
+//            ip= InstanceProperties.getInstanceProperties(keyURI);
+//
+//        }
Comment 11 Lukas Jungmann 2006-09-27 12:16:17 UTC 
v. in release55_dev; please commit the fix also to release55 branch
Comment 12 _ ludo 2006-09-28 16:29:29 UTC 
in release55 as well.

cvs commit -m "Fix for http://www.netbeans.org/issues/show_bug.cgi?id=85605 in
release55" -- AdminAuthenticator.java (in directory
E:\nb_all\serverplugins\sun\appsrv\src\org\netbeans\modules\j2ee\sun\ide\editors\)
Checking in AdminAuthenticator.java;
/cvs/serverplugins/sun/appsrv/src/org/netbeans/modules/j2ee/sun/ide/editors/AdminAuthenticator.java,v
 <--  AdminAuthenticator.java
new revision: 1.2.8.2.2.4; previous revision: 1.2.8.2.2.3
done
Comment 13 Jan Horvath 2006-09-29 09:53:49 UTC 
verified in build 20060929000