[ http://jira.magnolia.info/browse/MAGNOLIA-1839?page=all ]
Philipp Bracher updated MAGNOLIA-1839:
--------------------------------------
I was able to reproduce the issue by hammering the system:
It ended up in an endles loop in getAnonymousUser() and getAnonymousSubject().
First I will try to remove the recursion on failing.
It looks like the createUserNode is failing because the system realm is null
(not set). It might be that the very first exception is caused by the same
problem because it ties to read the user in the wrong realm.
Here is the relevant exceptino extract:
INFO info.magnolia.cms.security.MgnlUserManager
MgnlUserManager.java(createUser:215) 15.11.2007 11:48:11 can't create user
[anonymous]
javax.jcr.PathNotFoundException: /null
at org.apache.jackrabbit.core.ItemManager.getItem(ItemManager.java:297)
at
org.apache.jackrabbit.core.NodeImpl.internalAddNode(NodeImpl.java:721)
at
org.apache.jackrabbit.core.NodeImpl.internalAddNode(NodeImpl.java:691)
at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:2013)
at info.magnolia.cms.core.DefaultContent.<init>(DefaultContent.java:169)
at
info.magnolia.cms.core.DefaultHierarchyManager.createContent(DefaultHierarchyManager.java:208)
at
info.magnolia.cms.security.MgnlUserManager.createUserNode(MgnlUserManager.java:246)
at
info.magnolia.cms.security.MgnlUserManager.createUser(MgnlUserManager.java:207)
at
info.magnolia.cms.security.SystemUserManager.getOrCreateUser(SystemUserManager.java:120)
at
info.magnolia.cms.security.SystemUserManager.getAnonymousUser(SystemUserManager.java:110)
at
info.magnolia.cms.security.Security.getAnonymousUser(Security.java:69)
at
info.magnolia.context.UserContextImpl.getUser(UserContextImpl.java:66)
at
info.magnolia.context.DefaultRepositoryStrategy.getSubject(DefaultRepositoryStrategy.java:77)
at
info.magnolia.context.DefaultRepositoryStrategy.getAccessManager(DefaultRepositoryStrategy.java:69)
at
info.magnolia.context.AbstractContext.getAccessManager(AbstractContext.java:114)
at
info.magnolia.context.MgnlContext.getAccessManager(MgnlContext.java:167)
at
info.magnolia.cms.security.URISecurityFilter.isAllowed(URISecurityFilter.java:81)
> can't read anonymous user after a session timeout
> -------------------------------------------------
>
> Key: MAGNOLIA-1839
> URL: http://jira.magnolia.info/browse/MAGNOLIA-1839
> Project: Magnolia
> Issue Type: Bug
> Affects Versions: 3.5 RC1
> Reporter: Philipp Bracher
> Assigned To: Philipp Bracher
> Priority: Blocker
> Fix For: 3.5 RC1
>
>
> Regarding to a report the anonymous user can't get read after a session
> timeout of the http session.
> Might be that the following happens:
> - the user gets seialized
> - the deserialized user does not return the subject
> The reported exception is:
> ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
> Failed to login as anonymous user
> javax.security.auth.login.AccountNotFoundException: user anonymous not found
> at
> info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.validateUser(JCRAuthenticationModule.java:79)
> at
> info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:189)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at
> info.magnolia.cms.security.SystemUserManager.getAnonymousSubject(SystemUserManager.java:132)
> at
> info.magnolia.cms.security.SystemUserManager.getAnonymousUser(SystemUserManager.java:111)
> at
> info.magnolia.cms.security.DelegatingUserManager$2.delegate(DelegatingUserManager.java:72)
> at
> info.magnolia.cms.security.DelegatingUserManager.delegateUntilSupported(DelegatingUserManager.java:117)
> at
> info.magnolia.cms.security.DelegatingUserManager.getAnonymousUser(DelegatingUserManager.java:70)
> at
> info.magnolia.cms.security.Authenticator.getAnonymousUser(Authenticator.java:99)
> at
> info.magnolia.context.UserContextImpl.getUser(UserContextImpl.java:66)
> at
> info.magnolia.context.DefaultRepositoryStrategy.getSubject(DefaultRepositoryStrategy.java:77)
> at
> info.magnolia.context.DefaultRepositoryStrategy.getAccessManager(DefaultRepositoryStrategy.java:69)
> at
> info.magnolia.context.AbstractContext.getAccessManager(AbstractContext.java:118)
> at
> info.magnolia.context.MgnlContext.getAccessManager(MgnlContext.java:167)
> Then we end up in that
> ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
> Failed to get system or anonymous user [anonymous], will try to create new
> system user with default password
> ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
> Failed to get system or anonymous user [anonymous], will try to create new
> system user with default password
> ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
> Failed to get system or anonymous user [anonymous], will try to create new
> system user with default password
> ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
> Failed to get system or anonymous user [anonymous], will try to create new
> system user with default password
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------
