[MAGNOLIA-5724] CLONE - User name "admin" creates a Jackrabbit exception Created: 24/Mar/14 Updated: 17/Mar/21 Resolved: 17/Mar/21 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.5.16, 5.1, 5.2 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Markus Jeni | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | admininterface, login | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows 7 64bit, Java 7, Tomcat 7 |
||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||
| Testcase included: |
Yes
|
||||||||
| Release notes required: |
Yes
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
Creating a user of name admin gives an error in Jackrabbit when logging in to admin central. Workaround: do not use "admin" as username Steps to reproduce:
See this error: ... Caused by: info.magnolia.jcr.RuntimeRepositoryException: javax.jcr.LoginException at info.magnolia.context.AbstractContext.getHierarchyManager(AbstractContext.java:209) at info.magnolia.context.MgnlContext.getHierarchyManager(MgnlContext.java:125) at info.magnolia.cms.gui.control.Tree.<init>(Tree.java:190) at info.magnolia.module.dms.gui.DMSTreeControl.<init>(DMSTreeControl.java:55) ... 105 more Caused by: javax.jcr.LoginException at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1493) at org.apache.jackrabbit.core.jndi.BindableRepository.login(BindableRepository.java:162) at info.magnolia.repository.DefaultRepositoryManager.getSession(DefaultRepositoryManager.java:233) at info.magnolia.context.DefaultRepositoryStrategy.internalGetSession(DefaultRepositoryStrategy.java:63) at info.magnolia.context.AbstractRepositoryStrategy.getSession(AbstractRepositoryStrategy.java:76) at info.magnolia.context.AbstractContext.getJCRSession(AbstractContext.java:134) at info.magnolia.context.AbstractContext.getHierarchyManager(AbstractContext.java:207) ... 108 more Caused by: javax.security.auth.login.FailedLoginException at info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule.login(JackrabbitAuthenticationModule.java:115) at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:86) at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1465) ... Problematic code: info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule 113: ==> if (getAdminUser().equals(this.name)) { 114: if (!Arrays.equals(password, getAdminPassword().toCharArray())) { 115: throw new FailedLoginException(); 116: } 117: compileAdminPrincipals(); 118: return true; 119: } |
| Comments |
| Comment by Daniel Lipp [ 07/May/14 ] |
|
Summary of a discussion with Jan:
The check for user name could be done in SaveDialogAction#createOrUpdateUser - e.g.:
if ("admin".equals(newUserName)) {
uiContext.openNotification(MessageStyleTypeEnum.WARNING, true, "Username 'admin' is used internally and cannot be used else.");
return;
}
Message should be discussed with Andreas and i18n-ified as well. |
| Comment by Jan Haderka [ 17/Mar/21 ] |
|
"admin" is the username reserved by underlying JCR implementation JackRabbit. In order to prevent possible security issues that might occur if same username was used elsewhere, this username is reserved and can't be used for normal users. |