BPMS installer should not offer user admin as a default. I've tried our official example app afterwards and got into problem with human tasks, as there were after installation both user and group named admin in the property file. My env: BPMS 6.0.2.ER2 (patched build)
fyi: 14:48:01,979 WARN [org.jbpm.services.task.persistence.TaskTransactionInterceptor] (http-localhost.localdomain/127.0.0.1:8080-3) Could not commit session: java.lang.RuntimeException: Organizational entity already exists with [GroupImpl:'admin'] id, please check that there is no group and user with same id at org.jbpm.services.task.persistence.JPATaskPersistenceContext.persistOrgEntity(JPATaskPersistenceContext.java:190) [jbpm-human-task-core-6.0.2-redhat-6.jar:6.0.2-redhat-6]
What roles should be created by the installer, Jiri?
only 'admin' role should be sufficient
Thomas: I agree with Kris that role 'admin' should be sufficient. However the proposed username cannot be 'admin' too, this key word is already reserved for the role name. The default user can be named administrator, boss, etc. But it cannot be the same keyword that is used for a role/group name.
The default username is now "bpmsAdmin" / "brmsAdmin" respectively. Additionally, the user is not able to use role keywords as the username.
This fix is in the current ER3 build.
Created attachment 900936 [details] installer-admin.png Hi Thomas, I've just checked it with BPMS 6.0.2.ER3 and the default user there is still admin. When I fill in the password and confirm, the following happens: admin is rewritten to bpmsAdmin and password fields are emptied. I fill the passwords again and after that the installation continues. I do not find this behavior to be the best solution, the users can be confused. Could the default user be bpmsAdmin? If user rewrites bpmsAdmin to something like admin or other group name like manager or analyst, could he be notified that these keywords are forbidden? I continued to the next installation screen and returned back to admin user dialog. I've tried to change the administrator user name from bpmsAdmin to admin and now I got an error message saying that this keyword cannot be used. I think this behavior should be seen also on the first attempt.
Returning back.
Hi Jiri, I think there is a little bit of confusion here: a) There are actually 2 users being defined. i) The EAP Admin user (this is the panel you have linked, which creates a user in mgmt-users.properties) for accessing the management console and things. ii) The BPMS user (this default should be bpmsAdmin now, as a result of this bug) for authenticating with the business-central webapp, within application-users.properties and application-roles.properties. b) I assumed I was fixing an issue with the name of the BPMS user and the roles it was assigned (this default was previously 'admin'). If we also cannot have the EAP admin have the name 'admin', then the fix is indeed incomplete. However, I think there's some confusion as to what is happening on the panel. When you fill the passwords and press next for the EAP admin user, the values are saved; they are not cleared, it's actually another distinct user that must be defined. The restrictions about the username are only applied to the BPMS user; I assumed that there are no problems with the EAP user (since there are no roles for this user). If we could clear this up, that would be great. Summary: - The default user for the EAP admin user: admin - The default user for the BPMS user: bpmsAdmin * Username cannot be: 'admin','analyst','user','manager','developer', stated in the description Thanks, Tom
Ah, now I see. Thanks for the explanation, you are correct. I was hasty. I have not read the dialog text and thought it to be the same dialog again. The original problem has been fixed, so this issue is verified in BPMS 6.0.2.ER3.