Lost JasperAdmin Password

[fcramy]

   Not exactly sure what happened, but it seems the JasperAdmin password stopped working? I'll attach the log to see if there's anything fishy that may show the password being changed somehow.

   In any case, it doesn't matter to me (ostensibly) how the password was changed. What does matter is how to get my password working again. So, I found the JasperServer DB tables looked at the usernames. Encrypted of course. So, I tried to update the password for JasperAdmin. Couldn't log in after changing it (and restarting apache), even though I could read the password as what I typed into the JasperServer login page. Maybe this is as a result of the encryption settings. Not sure.

   So, next I tried adding a new user as an admin with an easy to remember password. Same problem. No luck logging in. Here's what the table looks like now:

mysql> select * from jiuser;

+----+---------------+----------+----------------------+-----------------------------------+----------------------------------+-------------------+---------+----------------------------+

| id | username      | tenantId | fullname             | emailAddress                      | password                         | externallyDefined | enabled | previousPasswordChangeTime |

+----+---------------+----------+----------------------+-----------------------------------+----------------------------------+-------------------+---------+----------------------------+

|  1 | anonymousUser |        1 | Anonymous User       | NULL                              | CF35D2E88192D6EB                 |                   | ☺       | NULL                       |

|  2 | jasperadmin   |        1 | Jasper Administrator | mike.cialowicz@firstcoverage.com  | 1stCoverage                      |                   | ☺       | 2009-12-29 14:47:21        |

|  3 | jasperuser    |        1 | jasperuser           |                                   | 332F12C5F5D083ED88CFE6D20284B07C |                   | ☺       | 2009-05-07 11:50:20        |

|  4 | ramyAdmin     |        1 | Ramy Jasper Admin    | ramy.abdel-azim@firstcoverage.com | password                         |                   | ☺       | NULL                       |

+----+---------------+----------+----------------------+-----------------------------------+----------------------------------+-------------------+---------+----------------------------+

4 rows in set (0.00 sec)

 

PLEASE HELP!

[fcramy]

 just to clarify, this is the password to JasperServer

[tkavanagh]

You can copy and then paste (into a sql statement) the encrypted password that you see when you do the select *.

So, if you already know what the *clear text* password is for say jasperuser. You do a sql update with that encrypted string to jasperadmin row.

Then, you can login with jasperuser's password ;-) And then change jasperadmin to the final password that you want.

[fcramy]

Thanks for the reply TK. That's almost exactly what i ended up doing (after a lot of digging through manuals and the forum). I got the original encrypted password from one of the install scripts and updated the row with that for the password field. I'm wondering though if there's any way I can encrypt a clear text password and install that. Of course, that would pretty much defeat the purpose of having a database with that information in it, but just wondering.

[tkavanagh]

It would be possible to encrypt a clear text password but you would have to write a little application that uses the spring security and is configured with the same settings an seed value as your jasperserver. But that would be a bit or work ;-).

However, there is a way to have the jasperserver import-export utility take care of password encryption for you.

For instance, if you do an export of users by:

  cd <js-install>/scripts/js-export  --users joeuser --output-dir  test-export    OR

  cd <js-install>/buildomatic/js-ant  -DexportArgs="--users joeuser" -DexportFile=test-export

If you look at the XML created for the export set of files, you will see that the user's password is written out in clear text.

So.... (not that I am suggesting such a hack)... you could actually create new users this way. And you could set the passwords as clear text and they would be encrypted on the import operation.

[vbykin]

It might be easier to update the password to an empty string in the database:
update jiuser set password='' where username='superuser'

Then restart the app server, log in and change the password using the UI.

 

[mdahlman]

There's no need to restart the app server. Setting the password to the empty string like this is definitely the simplest solution. (Setting it to NULL would not work.)

[johan.r]

Hi everyone.

 

I'm using an AWS Instance with JasperServer installed on it. Suddenly, I have lost acces to the Superuser user, 

I really don't know what might have happened. The last thing i did was setting up the anonymous user profile for an specific report with read only permision, 

but after this set up was completed I still was able to access the server normaly. Was a couple of hours later that I lost access. when I try to login it trow 

an invalid credentials erros.

 

Does anyone has an idea of what could have happened and how could I regain access?

 

Thanks

[cschultz_1]

In my case, a restart was necessary. It's possible that the (munged) password is stored in memory after one login attempt, and so a restart is required under some circumstances.