Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.4.3
    • Fix Version/s: 4.4.4
    • Component/s: security
    • Labels:
      None
    • Magnolia Release:
      4.4.4

      Description

      I updated to Magnolia 4.4.3, my frontend configuration is clustered, two public instances.
      When the load rises, sometimes this exception below happens. This is particularly problematic because after the problem the instance is completely locked, and shows the magnolia login.
      This seems to be caused by modification done in MAGNOLIA-3557, that stores the access count. Doing so for the anonymous user seems to cause concurrent modification. I'll do further investigation, but this is a real blocking problem for me because my instances are failing often.

      ERROR info.magnolia.cms.security.SystemUserManager 28.04.2011 10:35:53 – Failed to login as anonymous user
      javax.security.auth.login.LoginException: java.lang.RuntimeException: javax.jcr.InvalidItemStateException: 2d78094b-8f7e-4c95-8b1d-22e3dc417c34/{}failedAttempts has been modified externally
      at info.magnolia.cms.security.MgnlUser.setFailedLoginAttempts(MgnlUser.java:96)
      at info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.matchPassword(JCRAuthenticationModule.java:140)

        Attachments

        1. JCRAuthenticationModule.java
          7 kB
        2. MgnlUser.java
          13 kB
        3. stacktrace.txt
          7 kB

          Issue Links

            Activity

              People

              • Assignee:
                ochytil Ondrej Chytil
                Reporter:
                dfghi Danilo Ghirardelli
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: