Oracle GlassFish Server "asadmin create-auth-realm" command Does Not Write The Password Alias Name In The domain.xml File (Doc ID 1413935.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle GlassFish Server - Version: 3.0 to 3.1.1 - Release: 3.0 to 3.1
Information in this document applies to any platform.

Symptoms

When a password alias name is used with the "asadmin create-auth-realm" command it does not write the password alias name in the domain.xml file. Instead it writes the actual password. The problem is reproducible if you run the following command:

bash-3.00#./asadmin --port 3148 create-auth-realm --classname com.sun.enterprise.security.auth.realm.ldap.LDAPRealm --property directory=ldap\\://test\.oracle\.com\\:389:jaas-context=ldapRealm:base-dn=dc\\=oracle\,dc\\=com:search-bind-password=\$\{ALIAS\\=ldapbind-password\} my-ldap-realm
Command create-auth-realm executed successfully.

From domain.xml:
<auth-realm name="my-ldap-realm" classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
<property name="directory" value="ldap://test.oracle.com:389"></property>
<property name="base-dn" value="dc=oracle,dc=com"></property>
<property name="search-bind-password" value="mypassword"></property>
<property name="jaas-context" value="ldapRealm"></property>
</auth-realm>

Please note the actual password displayed at:
<property name="search-bind-password" value="mypassword"></property>

It should be:
<property name="search-bind-password" value="${ALIAS=ldapbind-password}"></property>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms