[wsas-java-dev] svn commit r711 - in wsas/java/trunk/modules:
admin/src/org/wso2/wsas/admin/service core/src/org/wso2/wsas
svn at wso2.com
svn at wso2.com
Mon Feb 5 00:32:32 PST 2007
Author: azeez
Date: Mon Feb 5 00:32:15 2007
New Revision: 711
Modified:
wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/GlobalAdmin.java
wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/UserAdmin.java
wsas/java/trunk/modules/core/src/org/wso2/wsas/ServerManager.java
Log:
Change default admin password when starting WSAS
Modified: wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/GlobalAdmin.java
==============================================================================
--- wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/GlobalAdmin.java (original)
+++ wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/GlobalAdmin.java Mon Feb 5 00:32:15 2007
@@ -245,8 +245,8 @@
" from IP Address " + user.getLastLoginIP());
}
if (user.getLastFailedLogIn() != null) {
- log.info("Last failed login at " + date.format(user.getLastLoggedIn()) +
- " from IP Address " + user.getLastLoginIP());
+ log.info("Last failed login at " + date.format(user.getLastFailedLogIn()) +
+ " from IP Address " + user.getLastFailedLoginIP());
}
sgCtx.setProperty(ServerConstants.LAST_ADMIN_LOGIN_TIME, user.getLastLoggedIn());
sgCtx.setProperty(ServerConstants.LAST_ADMIN_LOGIN_IP, user.getLastLoginIP());
Modified: wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/UserAdmin.java
==============================================================================
--- wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/UserAdmin.java (original)
+++ wsas/java/trunk/modules/admin/src/org/wso2/wsas/admin/service/UserAdmin.java Mon Feb 5 00:32:15 2007
@@ -125,6 +125,10 @@
return false;
}
+ if(username.equals("admin") && password.equals("admin")){
+ throw new Exception("This password is not allowed for Administrator 'admin");
+ }
+
ServiceUserDO serviceUserDO = pm.getUser(username);
if (serviceUserDO == null) {
Modified: wsas/java/trunk/modules/core/src/org/wso2/wsas/ServerManager.java
==============================================================================
--- wsas/java/trunk/modules/core/src/org/wso2/wsas/ServerManager.java (original)
+++ wsas/java/trunk/modules/core/src/org/wso2/wsas/ServerManager.java Mon Feb 5 00:32:15 2007
@@ -42,13 +42,11 @@
import org.wso2.utils.security.CryptoException;
import org.wso2.utils.security.CryptoUtil;
import org.wso2.tracer.TracerConstants;
-import org.wso2.utils.NetworkUtils;
-import org.wso2.utils.RESTEndpointReferenceUtil;
-import org.wso2.utils.ServerConfiguration;
-import org.wso2.utils.ServerException;
+import org.wso2.utils.*;
import javax.xml.namespace.QName;
import java.io.File;
+import java.io.IOException;
import java.net.SocketException;
import java.util.Hashtable;
import java.util.Iterator;
@@ -126,6 +124,7 @@
configContext =
ConfigurationContextFactory
.createConfigurationContext(tunstenConfigurator);
+
initListenerManager();
RESTEndpointReferenceUtil.init(configContext.getAxisConfiguration());
@@ -333,22 +332,24 @@
private void createDefaultAdminAccount() throws ServerException {
String adminUsername = "admin";
- String adminPassword = "admin";
- String adminDescription = "Default Adminstrator";
-
ServiceUserDO admin = pm.getUser(adminUsername);
+ ServerConfiguration config = ServerConfiguration.getInstance();
+ CryptoUtil cryptoUtil =
+ new CryptoUtil(wso2wsasHome + File.separator +
+ config.getFirstProperty("Security.KeyStore.Location"),
+ config.getFirstProperty("Security.KeyStore.Password"),
+ config.getFirstProperty("Security.KeyStore.KeyAlias"),
+ config.getFirstProperty("Security.KeyStore.KeyPassword"),
+ config.getFirstProperty("Security.KeyStore.Type"));
if (admin == null) {
+
+ // There is no default admin user. WSAS is starting up for the first time
+ // Check whether the default Admin user's password has been changed
+ String adminPassword = getDefaultAdminPassword();
+ String adminDescription = "Default Adminstrator";
try {
admin = new ServiceUserDO();
admin.setUsername(adminUsername);
- ServerConfiguration config = ServerConfiguration.getInstance();
- CryptoUtil cryptoUtil =
- new CryptoUtil(wso2wsasHome + File.separator +
- config.getFirstProperty("Security.KeyStore.Location"),
- config.getFirstProperty("Security.KeyStore.Password"),
- config.getFirstProperty("Security.KeyStore.KeyAlias"),
- config.getFirstProperty("Security.KeyStore.KeyPassword"),
- config.getFirstProperty("Security.KeyStore.Type"));
admin.setPassword(cryptoUtil.encryptAndBase64Encode(adminPassword.getBytes()));
admin.setDescription(adminDescription);
ServiceUserRoleDO role = pm.getUserRole(ServerConstants.ADMIN_ROLE);
@@ -361,9 +362,62 @@
} catch (ServiceUserAlreadyExistsException ignored) {
// this exception cannot occur since we've validated it above
}
+ } else {
+ try {
+ if (new String(cryptoUtil.base64DecodeAndDecrypt(admin.getPassword())).
+ equals("admin")){
+ String password = getDefaultAdminPassword();
+ admin.setPassword(cryptoUtil.encryptAndBase64Encode(password.getBytes()));
+ pm.updateUser(admin);
+ }
+ } catch (Exception e) {
+ throw new ServerException(e);
+ }
}
}
+ /**
+ * There is no default admin user. WSAS is starting up for the first time
+ * Check whether the default Admin user's password has been changed
+ *
+ * @return Default admin password
+ */
+ private String getDefaultAdminPassword() {
+ System.out.println(" Please enter the password of Administrator 'admin'");
+ String adminPassword = null;
+ String passwordRepeat = null;
+ do {
+ while (adminPassword == null || adminPassword.trim().length() == 0) {
+ try {
+ adminPassword = InputReader.readPassword(" New password: ");
+ if (adminPassword.equals("admin")) {
+ adminPassword = null;
+ System.err.println(" This password is not allowed." +
+ " Please enter another password.");
+ }
+ } catch (IOException e) {
+ System.err.println(" Unable to read password : " + e);
+ }
+ }
+ while (passwordRepeat == null || passwordRepeat.trim().length() == 0) {
+ try {
+ passwordRepeat = InputReader.readPassword(" Re-enter new password: ");
+ } catch (IOException e) {
+ System.err.println(" Unable to read re-entered password : " + e);
+ }
+ }
+ if (!adminPassword.equals(passwordRepeat)) {
+ System.err.println(" Password and re-entered password do not match");
+ adminPassword = null;
+ passwordRepeat = null;
+ continue;
+ }
+ System.out.println(" Password for Admin user changed.");
+ break;
+ } while (true);
+ return adminPassword;
+ }
+
private void configureMessageMonitoring() {
String tracingStatusFromDB = pm.getConfigurationProperty(TracerConstants.TRACING_STATUS);
if (tracingStatusFromDB == null) { // Tracing status not available in DB
More information about the Wsas-java-dev
mailing list