JSP script

JSP is deprecated in 6.0. Use the Groovy Rescue App instead.

If you lost superuser password and are unable log in, use this procedure to reset the account back to its default settings. In case the user has been locked see Re-enabling a locked-out account instead.

  1. Stop Magnolia CMS.
  2. Copy the following JSP script and save it to your docroot folder, for example <apache-tomcat>/webapps/magnoliaAuthor/docroot/recovery-script.jsp.

    <%@ page contentType="text/plain" %>
    <%@ page import="info.magnolia.importexport.BootstrapUtil"%>
    <%@ page import="info.magnolia.context.*"%>
    <%@ page import="info.magnolia.cms.util.ContentUtil"%>
    <%@ page import="info.magnolia.cms.core.HierarchyManager"%>
    <%@ page import="javax.jcr.Node"%>
    <%@ page import="javax.jcr.ImportUUIDBehavior"%>
    info.magnolia.context.MgnlContext.setInstance(new info.magnolia.context.SingleJCRSessionSystemContext());
      BootstrapUtil.bootstrap(new String[]{"/mgnl-bootstrap/core/users.system.superuser.xml"}, 
      HierarchyManager hm = MgnlContext.getHierarchyManager("users");
      } catch (Exception e) {
  3. Open <apache-tomcat>/webapps/magnoliaAuthor/WEB-INF/web.xml in a text editor.

  4. Comment out the <filter> and <filter-mapping>sections.

    <!-- filter>
      <display-name>Magnolia global filters</display-name>
    </filter-mapping -->

    This will also disable the URI security filter, making your system vulnerable. Use a firewall or Apache Web Server in front of your application server to prevent unauthorized access while you do this.

  5. Save the web.xml file.
  6. Start Magnolia CMS.
  7. Request the JSP script at http://localhost:8080/magnoliaAuthor/docroot/recovery-script.jsp.
    The script will bootstrap the superuser account to default settings. You should see the following line in the log:

    WARN  info.magnolia.importexport.BootstrapUtil: 
    Deleted already existing node for bootstrapping: 
  8. Stop Magnolia CMS.
  9. Uncomment the <filter> and <filter-mapping> sections in the web.xml. (Undo step 4).
  10. Start Magnolia CMS.
  11. Log in as superuser with password superuser.

    If you still cannot login then try recreating search indexes for the users workspace.  

  12. As needed, add back any groups that might be needed by the superuser (see comment at bottom).

Alternative procedure using the Groovy Rescue App

An alternative to the above procedure is using the Groovy Rescue App.

Once set up as explained in the documentation link above, you can run the following script in the rescue app

Reset superuser with Groovy
session = MgnlContext.getJCRSession('users')
superuser = session.getNode('/system/superuser') 
superuser.pswd = info.magnolia.cms.security.SecurityUtil.getBCrypt('superuser') 

As with the JSP script, after you run the script you need to stop the web app and uncomment the filters sections in web.xml before rebooting Magnolia (refer again to Groovy Rescue App). 

  • No labels


  1. Having carried out the above in 4.5, we noticed that resetting the superuser meant the account lost membership of the "publishers" group. This makes sense because the "plain" superuser is re-bootstrapped by the recovery script and the group membership is only added by the Workflow Module but it is worth noting.


  2. If someone needs a running script for Mgnl Version 5.6.x, I managed to reset the superser account with the following:

    <%@ page contentType="text/plain" %>
    <%@ page import="info.magnolia.context.MgnlContext" %>
    <%@ page import="info.magnolia.importexport.BootstrapUtil" %>
    <%@ page import="javax.jcr.ImportUUIDBehavior" %>
    <%@ page import="javax.jcr.Session" %>
    info.magnolia.context.MgnlContext.setInstance(new info.magnolia.context.SingleJCRSessionSystemContext());
    try {
        BootstrapUtil.bootstrap(new String[] { "/mgnl-bootstrap/core/users.system.superuser.xml" },
        Session s = MgnlContext.getJCRSession("users");
    } catch (Exception e) {
  3. If you are on a devloping machine easiest is to set a breakpoint in info.magnolia.cms.security.MgnlUser.MgnlUser and set the values at runtime.