[magnolia-dev] [JIRA] (MAGNOLIA-4966) Can't login with RescueSecuritySupport: Passwords do not match

[on behalf of Lutz Hühnken]

Lutz Hühnken created MAGNOLIA-4966 Can't login with RescueSecuritySupport: Passwords do not match Issue Type: Bug Affects Versions: 4.5.8 Assignee: Unassigned Components: admininterface Created: 10/Apr/13 12:04 PM Description: Changed magnolia.properties as described under http://wiki.magnolia-cms.com/display/WIKI/Rescue+Security+Support Log file shows that RescueSecuritySupport is indeed used: WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:50 – Using RescueSecuritySupport ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:50 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:50 – Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration ! WARN info.magnolia.cms.security.PermissionUtil 10.04.2013 11:51:50 – no permissions found for [info.magnolia.cms.security.RescueSecuritySupport$RescueUser@5ede6cfc] WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:51 – Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:56 – Using RescueSecuritySupport, will force authentication with a fake system user, please fix your configuration ! WARN info.magnolia.cms.security.RescueSecuritySupport 10.04.2013 11:51:56 – Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration ! Trying to login with superuser/superuser results in the following error: java.lang.RuntimeException: javax.security.auth.login.FailedLoginException: Passwords do not match info.magnolia.cms.security.RescueSecuritySupport.authenticate(RescueSecuritySupport.java:106) info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47) info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76) info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:90) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:91) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94) root cause javax.security.auth.login.FailedLoginException: Passwords do not match info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.matchPassword(JCRAuthenticationModule.java:189) info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.validateUser(JCRAuthenticationModule.java:119) info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:201) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:616) javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) javax.security.auth.login.LoginContext.login(LoginContext.java:594) info.magnolia.cms.security.RescueSecuritySupport.authenticate(RescueSecuritySupport.java:99) info.magnolia.cms.security.auth.login.LoginHandlerBase.authenticate(LoginHandlerBase.java:47) info.magnolia.cms.security.auth.login.FormLogin.handle(FormLogin.java:76) info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:66) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:90) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:91) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:131) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94) At best this is a confusing message, since it is supposed to use UserManager.SYSTEM_PSWD (i.e. "superuser"), which was definitely entered. Or maybe the RescueSecuritySupport is just not working in 4.5.8, which would be bad. Environment: Magnolia 4.5.8 Community Edition Red Hat Enterprise Linux Server release 6.4 (Santiago) Project: Magnolia Priority: Minor Reporter: Lutz Hühnken Security Level: Public

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

---

----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------