Coming Up for Air

Adding Users to a GlassFish Realm via REST

Wednesday, March 09, 2011 |

A user on the GlassFish forums recently asked how to create users in bulk. The asadmin command create-file-user doesn’t support passing the password as a parameter, which makes scripting difficult. The REST interface, though, can help there, and it’s really pretty simple.

The REST endpoint of interest is link: http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/create-user, and here’s a sample bash shell script to exercise it:

1
2
3
4
5

#!/bin/bash
for USER in user1 user2 user3 user4 user5 user6 user7 user8 user9 user10 ; do
    curl -X POST -H 'Accept: application/json' \
        -d id=$USER -d AS_ADMIN_USERPASSWORD=$USER http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/create-user
done

Want to see what users exist in the realm?

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

$ curl -H 'Accept: application/json' http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/list-users
{
    "command": "list-file-users AdminCommand",
    "exit_code": "SUCCESS",
    "extraProperties": {"users": [
        {
            "name": "user10",
            "groups": []
        },
        {
            "name": "user9",
            "groups": []
        },
// ...
    ]},
    "children": [
        {
            "message": "user10",
            "properties": {}
        },
        {
            "message": "user9",
            "properties": {}
        },
// ...
    ]
}

Minor update

I forgot that the poster asked about deleting users. Here’s how you do that:

1
2
3
4
5

$ curl -H 'Accept: application/json' -X DELETE -d id=user1 $mgmt/configs/config/server-config/security-service/auth-realm/file/delete-user
{
    "command": "delete-file-user AdminCommand",
    "exit_code": "SUCCESS"
}

It’s important to note that only FileRealm-based realms support user management in this manner. For other realm types, like LdapRealm and JdbcRealm, for example, the system administrator will need to use tools that are appropriate for the type of realm in question.

If you have any questions, leave a message. :)

Search

    About

    My name is Jason Lee. I am a software developer living in the middle of Oklahoma. I’ve been a professional developer since 1997, using a variety of languages, including Java, Javascript, PHP, Python, Delphi, and even a bit of C#. I currently work for Red Hat on the WildFly/EAP team, where, among other things, I maintain integrations for some MicroProfile specs, OpenTelemetry, Micrometer, Jakarta Faces, and Bean Validation. (Full resume here. LinkedIn profile)

    I am the president of the Oklahoma City JUG, and an occasional speaker at the JUG and a variety of technical conferences.

    On the personal side, I’m active in my church, and enjoy bass guitar, running, fishing, and a variety of martial arts. I’m also married to a beautiful woman, and have two boys, who, thankfully, look like their mother.

    My Links

    Quotes

    Sample quote

    Quote source

    Publications

    © Copyright Jason Lee, 2005-2023. All rights reserved.