brian.fleming Posted May 15, 2015 Share Posted May 15, 2015 Our superuser account seems to periodically just not respond to it's normal password. I can go into postgres and set it to empty, then create a new one, it works fine for some unknown amount of time and then it's reset again.Any clue at all at what might be happening? I thought maybe it's resetting the password back to the initial default password, which is the EC2 instance ID, but that doesn't work either. Thanks for any ideas how to debug this. Link to comment Share on other sites More sharing options...
ernestoo Posted May 18, 2015 Share Posted May 18, 2015 Strange one! allowUserPasswordChange is off by default (though not 100% sure on Amazon!). Are you perhaps importing a repository export (either by the UI or js-import.sh) that is overriding the password? Link to comment Share on other sites More sharing options...
brian.fleming Posted May 18, 2015 Author Share Posted May 18, 2015 We're not importing anything. This is a new server has not seen much activity. I noticed there is a script on the AWS instance /etc/init.d/jrs_init_password This sets the password to the instance ID. But I thought I tried the instance id password as one of my guesses at what the password might have been reset to. We created a new superuser account just in case this one keeps giving us trouble. I moved that /etc script out of /etc/init.d. Seems like our password hasn't changed since. Link to comment Share on other sites More sharing options...
brian.fleming Posted May 20, 2015 Author Share Posted May 20, 2015 Happened again. This is in the logs. Annoying that there is no date timestamp, but can someone confirm my suspicion that this is being reset from within the UI? LOG: execute <unnamed>: update JIUser set username=$1, tenantId=$2, fullname=$3, emailAddress=$4, password=$5, externallyDefined=$6, enabled=$7, previousPasswordChangeTime=$8 where id=$9DETAIL: parameters: $1 = 'superuser', $2 = '3', $3 = 'superuser', $4 = '', $5 = '<new password???!>', $6 = 'f', $7 = 't', $8 = '2015-05-20 18:08:33.834', $9 = '11' Link to comment Share on other sites More sharing options...
brian.fleming Posted May 20, 2015 Author Share Posted May 20, 2015 I just determined that the superuser password is being reset after I login as the superuser account SOMETIMES. The password is being reset to the same value every time (by looking in the postgres db) What is this about?? LOG: execute S_2: COMMITLOG: execute S_1: BEGINLOG: execute <unnamed>: select roles0_.userId as userId1_, roles0_.roleId as roleId1_, reporole1_.id as id9_0_, reporole1_.rolename as rolename9_0_, reporole1_.tenantId as tenantId9_0_, reporole1_.externallyDefined as external4_9_0_ from JIUserRole roles0_ left outer join JIRole reporole1_ on roles0_.roleId=reporole1_.id where roles0_.userId=$1DETAIL: parameters: $1 = '11'LOG: execute <unnamed>: select repoprofil0_.id as id12_, repoprofil0_.attrName as attrName12_, repoprofil0_.attrValue as attrValue12_, repoprofil0_.principalobjectclass as principa4_12_, repoprofil0_.principalobjectid as principa5_12_ from JIProfileAttribute repoprofil0_ where (repoprofil0_.principalobjectid in ($1)) and repoprofil0_.principalobjectclass=$2 order by repoprofil0_.id ascDETAIL: parameters: $1 = '11', $2 = 'com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser'LOG: execute S_2: COMMITLOG: execute S_1: BEGINLOG: execute <unnamed>: select roles0_.userId as userId1_, roles0_.roleId as roleId1_, reporole1_.id as id9_0_, reporole1_.rolename as rolename9_0_, reporole1_.tenantId as tenantId9_0_, reporole1_.externallyDefined as external4_9_0_ from JIUserRole roles0_ left outer join JIRole reporole1_ on roles0_.roleId=reporole1_.id where roles0_.userId=$1DETAIL: parameters: $1 = '11'LOG: execute <unnamed>: select this_.id as id9_0_, this_.rolename as rolename9_0_, this_.tenantId as tenantId9_0_, this_.externallyDefined as external4_9_0_ from JIRole this_ where (this_.tenantId=$1 and this_.rolename=$2)DETAIL: parameters: $1 = '3', $2 = 'ROLE_SUPERUSER'LOG: execute <unnamed>: select this_.id as id9_0_, this_.rolename as rolename9_0_, this_.tenantId as tenantId9_0_, this_.externallyDefined as external4_9_0_ from JIRole this_ where (this_.tenantId=$1 and this_.rolename=$2)DETAIL: parameters: $1 = '3', $2 = 'ROLE_ADMINISTRATOR'LOG: execute <unnamed>: update JIUser set username=$1, tenantId=$2, fullname=$3, emailAddress=$4, password=$5, externallyDefined=$6, enabled=$7, previousPasswordChangeTime=$8 where id=$9DETAIL: parameters: $1 = 'superuser', $2 = '3', $3 = 'superuser', $4 = '', $5 = '<same password>', $6 = 'f', $7 = 't', $8 = '2015-05-20 22:15:19.567', $9 = '11'LOG: execute <unnamed>: delete from JIUserRole where userId=$1DETAIL: parameters: $1 = '11'LOG: execute <unnamed>: insert into JIUserRole (userId, roleId) values ($1, $2)DETAIL: parameters: $1 = '11', $2 = '5'LOG: execute <unnamed>: insert into JIUserRole (userId, roleId) values ($1, $2)DETAIL: parameters: $1 = '11', $2 = '9' Link to comment Share on other sites More sharing options...
marianol Posted May 20, 2015 Share Posted May 20, 2015 I'll look into it and try to replicate, which version of Jasper are you using in AWS?The only thing I can think of is some sort of hibernate caching issue that is flushing some old cache data, but I don't get where it would get the new password from. Do you anything at the Jasperserver log at the same time? Any SSO mechanism setup? Link to comment Share on other sites More sharing options...
kkumlien Posted May 21, 2015 Share Posted May 21, 2015 It would be interesting to know what is featured in the password used to reset. Is that a previous password, random characters or some well defined word related to the superuser?That might give an indication as to where it's coming from. Link to comment Share on other sites More sharing options...
kkumlien Posted May 21, 2015 Share Posted May 21, 2015 Have you tried to set the logging for com.jaspersoft.jasperserver.api.metadata.user.domain.* to DEBUG level? Or maybe a more specific class in that package or in another within the same hierarchy?There are probably other classes that will be useful to expose, but I'm not sure. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now