Coming Up for Air

Adding Users to a GlassFish Realm via REST

Wednesday, Mar 9, 2011 |

Adding Users to a GlassFish Realm via REST

Jason Lee 2011-03-09

A user on the GlassFish forums recently asked how to create users in bulk. The asadmin command create-file-user doesn't support passing the password as a parameter, which makes scripting difficult. The REST interface, though, can help there, and it's really pretty simple. // more

The REST endpoint of interest is http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/create-user , and here's a sample bash shell script to exercise it:

#!/bin/bash
for USER in user1 user2 user3 user4 user5 user6 user7 user8 user9 user10 ; do
    curl -X POST -H 'Accept: application/json' \
        -d id=$USER -d AS_ADMIN_USERPASSWORD=$USER http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/create-user
done

Want to see what users exist in the realm?

$ curl -H 'Accept: application/json' http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm/file/list-users
{
    "command": "list-file-users AdminCommand",
    "exit_code": "SUCCESS",
    "extraProperties": {"users": [
        {
            "name": "user10",
            "groups": []
        },
        {
            "name": "user9",
            "groups": []
        },
// ...
    ]},
    "children": [
        {
            "message": "user10",
            "properties": {}
        },
        {
            "message": "user9",
            "properties": {}
        },
// ...
    ]
}

Minor update ------------ I forgot that the poster asked about deleting users. Here's how you do that:

$ curl -H 'Accept: application/json' -X DELETE -d id=user1 $mgmt/configs/config/server-config/security-service/auth-realm/file/delete-user
{
    "command": "delete-file-user AdminCommand",
    "exit_code": "SUCCESS"
}

It's important to note that only FileRealm-based realms support user management in this manner. For other realm types, like LdapRealm and JdbcRealm, for example, the system administrator will need to use tools that are appropriate for the type of realm in question.

If you have any questions, leave a message. :)