You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by Marco Filosi <ma...@blu-labs.com> on 2010/06/23 15:16:43 UTC

Anonymous User Autocreation

Hi,

I removed the anonymous user but when I restart the servlet container (e.g.
tomcat) the anonymous user is recreated. I need to know how I can remove
anonymous user permanently if it is possible.

Here below I explain the steps followed:


   1. Get a list of users by calling  curl -X GET
   http://localhost:8080/sling/system/userManager/user.tidy.1.json
   2. By default the unique users in a new system are: admin and anonymous.
   3. Remove anonymous user by calling curl -Fgo=1
   http://localhost:8080/sling/system/userManager/user/anonymous.delete.html
   4. Get a list of users and this time I have only admin user as I want.
   5. Restart servlet container tomcat
   6. Get a list of users and this time with the admin user appears also the
   anonymous user.

What is the best way to prevent the anonymous user autocreation?
Cheers,
Marco

Re: Anonymous User Autocreation

Posted by Angela Schreiber <an...@day.com>.

hi marco

> What is the best way to prevent the anonymous user autocreation?

currently there is no way to prevent the autocreation of the
anonymous user except for writing a custom security manager.

for jackrabbit 2.2 we will add a disable-user functionality
that will allow to prevent users from login into the repository
without having to remove them altogether (see 
https://issues.apache.org/jira/browse/JCR-2635)

regards
angela