Page tree
Skip to end of metadata
Go to start of metadata
Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 110 rates

Account lockout is triggered after five unsuccessful login attempts. The enabled property on the user account is set to false and the user can no longer log into the system even if they knew their password.

Normally, superuser or an administrative user with equivalent permissions can re-enable normal user accounts by checking the Enabled box on the account profile. However, if you managed to lock out the superuser account itself or want to set the enabled property back to true programmatically on any account, use the following JSP script.

To re-enable a locked-out account:

  1. Stop Magnolia CMS.
  2. Copy the following JSP script and save it to your docroot folder, for example <apache-tomcat>/webapps/magnoliaAuthor/docroot/reenable-script.jsp.
    <%@ page contentType="text/plain" %>
    <%@ page import="info.magnolia.cms.core.Content"%>
    <%@ page import="info.magnolia.cms.core.HierarchyManager"%>
    <%@ page import="info.magnolia.context.MgnlContext"%>
    <%
    MgnlContext.doInSystemContext(new MgnlContext.Op<Void, Throwable>() {
        public Void exec() throws Throwable {
            HierarchyManager hm = MgnlContext.getHierarchyManager("users");
            final Content su = hm.getContent("/system/superuser");
            su.setNodeData("enabled", true);
            su.save();
            return null;
        }
    });
    %>
    
  3. Change the account name in the script. The example above re-enables superuser.
    • System accounts superuser and anonymous are under /system.
    • Admin accounts such as editors and publishers are under /admin.
    • Public users are under /public.
  4. If you are working on an author instance:
    1. Open <apache-tomcat>/webapps/magnoliaAuthor/WEB-INF/web.xml in a text editor.
    2. Comment out the <filter> and <filter-mapping> sections.
      <!-- filter>
        <display-name>Magnolia global filters</display-name>
        <filter-name>magnoliaFilterChain</filter-name>
        <filter-class>info.magnolia.cms.filters.MgnlMainFilter</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>magnoliaFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>ERROR</dispatcher>
      </filter-mapping -->
      

      This will also disable the URI security filter, making your system vulnerable. Use a firewall or Apache Web Server in front of your application server to prevent unauthorized access while you do this.

    3. Save the web.xml file.
  5. Start Magnolia CMS.
  6. Request the JSP script at http://localhost:8080/magnoliaAuthor/docroot/reenable-script.jsp.
    The script resets the enabled property on the account.

You now have five more login attempts.

If you cannot remember superuser password, use Reset superuser account instead.

  • No labels