Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Fix
Priority: Major
Fix Version/s: None
Affects Version/s: 4.5.16, 5.1, 5.2
Component/s: security
Labels:
- admininterface
- login
Environment:
Windows 7 64bit, Java 7, Tomcat 7

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less
Testcase included:

Yes
Release notes required:

Yes

Creating a user of name admin gives an error in Jackrabbit when logging in to admin central.

Workaround: do not use "admin" as username

Steps to reproduce:

create a user named "admin"
login as "admin"

See this error:

...
Caused by: info.magnolia.jcr.RuntimeRepositoryException: javax.jcr.LoginException
	at info.magnolia.context.AbstractContext.getHierarchyManager(AbstractContext.java:209)
	at info.magnolia.context.MgnlContext.getHierarchyManager(MgnlContext.java:125)
	at info.magnolia.cms.gui.control.Tree.<init>(Tree.java:190)
	at info.magnolia.module.dms.gui.DMSTreeControl.<init>(DMSTreeControl.java:55)
	... 105 more
Caused by: javax.jcr.LoginException
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1493)
	at org.apache.jackrabbit.core.jndi.BindableRepository.login(BindableRepository.java:162)
	at info.magnolia.repository.DefaultRepositoryManager.getSession(DefaultRepositoryManager.java:233)
	at info.magnolia.context.DefaultRepositoryStrategy.internalGetSession(DefaultRepositoryStrategy.java:63)
	at info.magnolia.context.AbstractRepositoryStrategy.getSession(AbstractRepositoryStrategy.java:76)
	at info.magnolia.context.AbstractContext.getJCRSession(AbstractContext.java:134)
	at info.magnolia.context.AbstractContext.getHierarchyManager(AbstractContext.java:207)
	... 108 more
Caused by: javax.security.auth.login.FailedLoginException
	at info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule.login(JackrabbitAuthenticationModule.java:115)
	at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:86)
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1465)
	...

Problematic code:

info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule

113: ==> if (getAdminUser().equals(this.name)) {
114:       if (!Arrays.equals(password, getAdminPassword().toCharArray())) {
115:         throw new FailedLoginException();
116:       }
117:       compileAdminPrincipals();
118:       return true;
119:     }

Acceptance criteria

clones

MAGNOLIA-5424 User name "admin" creates a Jackrabbit exception

Closed

Assignee:: Unassigned

Reporter:: Markus Jeni

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 24/Mar/14 12:12 AM

Updated:: 17/Mar/21 10:20 AM

Resolved:: 17/Mar/21 10:20 AM

Date of First Response:: 07/May/14 4:17 PM

Bug DoR

Task DoD

Details

Description

Checklists

Attachments

Issue Links

Activity

People

Dates

Checklists