Stop the server, if it is currently running.
Change to the appropriate WEB-INF directory; for example:
Comment out the entire <security-constraint\> element in the web.xml file.
Do not delete the element, as you will be reenabling it later. This action disables security for command-line operations.
The commands will still expect a value for --username (or -u) and --password (or -w). But these can be dummy values, since the server side does not impose any security.
Start the server.
At this point, the server does not have command-line security.
Run the following command:
asadmin create-file-user --user <dummy\> --password <dummy\> --userpassword <new_secret\> --groups asadmin <new_user_id\>
This command creates the following new entry:
Uncomment the <security-constraint\> element in web.xml file.
Restart the server for the new user name-password to take effect.
When the server is started, any remote command-line operations will need new_user_id and new_secret as user name and password.