Sometimes you want to give the admin console access to users but also want to make sure that they should not be able to modify certain things. Below blog describes our attempt to achieve such requirement. Even though I couldn’t get a 100% read-only access I managed to get certain pages read only.
1. Open the file “granted.policy” located at <GlassFishInstallDir>/domains/domain1/generated/policy/admingui/
2. Paste the following code block:
grant principal com.sun.enterprise.deployment.Group "readonly" { permission javax.security.jacc.WebResourcePermission "/resource/*:/resource/js/*:/resource/css/*:/resource/images/*", "GET"; permission javax.security.jacc.WebResourcePermission "*.jsf:/resource/*:/resource/js/*:/download/*:/resource/css/*:/theme/META-INF/*:/theme/com/sun/webui/*:/resource/images/*:/theme/*", "GET"; permission javax.security.jacc.WebResourcePermission "/header.jsf","GET,POST,DELETE,PUT"; permission javax.security.jacc.WebResourcePermission "/download/*", "GET"; permission javax.security.jacc.WebRoleRefPermission "default", "admin"; permission javax.security.jacc.WebRoleRefPermission "FacesServlet", "admin"; permission javax.security.jacc.WebRoleRefPermission "jsp", "admin"; permission javax.security.jacc.WebRoleRefPermission "XmlHttpProxy", "admin"; permission javax.security.jacc.WebRoleRefPermission "ThemeServlet", "admin"; permission javax.security.jacc.WebRoleRefPermission "DownloadServlet", "admin"; permission javax.security.jacc.WebRoleRefPermission "", "admin"; };
3. Go to admin console. Login as admin.
4. Go to Configurations -> Security -> Realms -> admin-realm
5. Click on Manage Users
6. Click “New..” for adding new User.
7. Give User ID as your desired user id. Give GroupList as “readonly”. Provide the password fields and save
8. Restart the server and login with the new user id.