If you are unable to login to Magnolia CMS after startup and suspect the cause to be recent changes to security configurations, use the RescueSecuritySupport Java class to reset the security configurations. The procedure below will solve most common configuration problems, but does not work in all situations. This solution is suitable, for example where a typo or the inclusion of a node under the incorrect parent, is the source of the problem. It will not work if you have, for example inadvertently removed all users.
- Stop Magnolia CMS.
Add following line to the magnolia.properties file, located at, for example <apache-tomcat>/webapps/magnoliaAuthor/WEB-INF/config/default.
info.magnolia.cms.security.SecuritySupport=info.magnolia.cms.security.RescueSecuritySupport
- Start Magnolia CMS.
- Login using the default
superuser username and password (superuser/superuser). - Fix the configuration.
- Stop Magnolia CMS.
- Remove the line inserted in 2. above from the
magnolia.properties file. - Start Magnolia CMS.
- Make a backup.
4 Comments
Philipp Bärfuss
While you might expect that the superuser would get full permissions with this rescue tool he actually won't (tested 5.4.4). The superuser role is read from the roles workspace and used.
It might be a good idea to change the returned RoleManager in a way that it gives at least permissions to security, config and website workspaces.
Federico Grilli
That sounds like a regression. I implemented and tested it (long time ago tbh) and it looked like superuser had full permissions. Will look into it.
Philipp Bärfuss
maybe I misinterpreted my debugging results. I kind got lost in the forest of classes involved in authorisation
, but thanks for double checking
Federico Grilli
Okay, I looked into this and found out that we actually have a different problem. The
RescueUserhas powers on all workspaces but theuserone due to aClassCastExceptionI filed an issue MAGNOLIA-6617 - Getting issue details... STATUS