[
http://jira.magnolia.info/browse/MAGNOLIA-2029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grégory Joseph reopened MAGNOLIA-2029:
--------------------------------------
please don't "close", esp. if you're asking for a review ;)
either leave it "in progress" or "resolve" if you consider the issue fixed.
> If anonymous user is not found magnolia can corrupt the user repository
> -----------------------------------------------------------------------
>
> Key: MAGNOLIA-2029
> URL: http://jira.magnolia.info/browse/MAGNOLIA-2029
> Project: Magnolia
> Issue Type: Bug
> Components: core
> Affects Versions: 3.5.3
> Reporter: Fabrizio Giustina
> Assignee: Fabrizio Giustina
> Priority: Blocker
> Fix For: 3.5.4
>
>
> Ok, this is pretty difficult to explain since the principal cause is still
> unknown but I saw it several times...
> I will try to trace the root issue separately, but here I will discuss only a
> fix that can alleviate the problem.
> Happened only on a clustered instance with a jackrabbit bundle db persistence
> manager on ms sql server (since magnolia 3.1 milestones to 3.5.3):
> - on one of the nodes magnolia can't find the anonymous user at startup also
> if it should be there (this is the problem that still needs to be
> investigated)
> - ... so it creates a new Anonymous user with default permissions (none)
> - the new anonymous user gets propagated to othe instances
> - other calls still can't find such user, so more anonymous users are created
> - the result is that at the end there are hundreds of anonymous users in the
> repository (all of them called "anonymous")
> - all the cluster nodes gets locked up (public instances starts to show the
> magnolia login page!)
> the only way to restore it is to shut down all the instances, restart only
> one of the, log into magnolia as a superuser and delete manually all the
> additional "anonymous" users.
> I am debugging this problem, but I don't still have any clue on why the
> anonymous user couldn't be found. Looks like a jackrabbit bug but it's really
> strange.
> Anyway, since the scenario after the initial problem is so bad, I think we
> should at least avoid that magnolia could cause such damage, by NOT creating
> the anonymous user anymore if it can't find it. Note that this happened
> several times and that only the anonymous user looks to be affected.
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------
