You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Alex O'Ree <al...@apache.org> on 2018/06/25 19:24:01 UTC
Programmatically unlocking an account?
Is it possible to programmatically unlock an account that's been locked via
the lockoutrealm and the simple xml user store? If so, how?
Re: Programmatically unlocking an account?
Posted by Mark Thomas <ma...@apache.org>.
On 26/06/18 01:49, Alex O'Ree wrote:
> Actually I figured it out. It is possible via the mx bean. I'd like to
> request that the method isLocked be changed to public in a future version.
Done in 9.0.x for 9.0.11 onwards.
Mark
>
> The use case is not a typical one but I'd like admins to know if a service
> account is locked out for some reason and to be able to reset it if
> necessary. The timeout is 15 minutes but the account is frequently used by
> service processes which causes the timeout to continually get reset (unless
> I am misunderstanding the code)
>
> On Mon, Jun 25, 2018, 7:13 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Alex,
>
> On 6/25/18 3:24 PM, Alex O'Ree wrote:
>>>> Is it possible to programmatically unlock an account that's been
>>>> locked via the lockoutrealm and the simple xml user store?
>
> Regardless of the user-storage mechanism, the answer is no.
>
>>>> If so, how?
>
> Sorry.
>
> What's the use-case, here? Support gets a call saying "please unlock
> this account"? What's the lock-timeout in your environment?
>
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Programmatically unlocking an account?
Posted by Alex O'Ree <sp...@gmail.com>.
No problem. Thanks!
On Mon, Aug 13, 2018, 3:52 AM Mark Thomas <ma...@apache.org> wrote:
> On 13/08/18 00:32, Alex O'Ree wrote:
> > Thanks everyone. Would it be possible to get this backported to 8.5?
>
> Done. Although I'm afraid it just missed the cut for the 8.5.33 release.
> It will be in 8.5.34 onwards.
>
> Mark
>
>
> >
> > On Tue, Jun 26, 2018 at 12:17 PM, Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> > Alex,
> >
> > On 6/25/18 8:49 PM, Alex O'Ree wrote:
> >>>> Actually I figured it out. It is possible via the mx bean. I'd like
> >>>> to request that the method isLocked be changed to public in a
> >>>> future version.
> >
> > In spite of my affinity for JMX, I completely forgot about it in this
> > case! Sorry for the confusion.
> >
> > Presumably, you want both isLocked(String) and unlock(String) to be
> > made public?
> >
> > Looks like Mark did exactly that with his latest commit.
> >
> > -chris
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Programmatically unlocking an account?
Posted by Mark Thomas <ma...@apache.org>.
On 13/08/18 00:32, Alex O'Ree wrote:
> Thanks everyone. Would it be possible to get this backported to 8.5?
Done. Although I'm afraid it just missed the cut for the 8.5.33 release.
It will be in 8.5.34 onwards.
Mark
>
> On Tue, Jun 26, 2018 at 12:17 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Alex,
>
> On 6/25/18 8:49 PM, Alex O'Ree wrote:
>>>> Actually I figured it out. It is possible via the mx bean. I'd like
>>>> to request that the method isLocked be changed to public in a
>>>> future version.
>
> In spite of my affinity for JMX, I completely forgot about it in this
> case! Sorry for the confusion.
>
> Presumably, you want both isLocked(String) and unlock(String) to be
> made public?
>
> Looks like Mark did exactly that with his latest commit.
>
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Programmatically unlocking an account?
Posted by Alex O'Ree <al...@apache.org>.
Thanks everyone. Would it be possible to get this backported to 8.5?
On Tue, Jun 26, 2018 at 12:17 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Alex,
>
> On 6/25/18 8:49 PM, Alex O'Ree wrote:
> > Actually I figured it out. It is possible via the mx bean. I'd like
> > to request that the method isLocked be changed to public in a
> > future version.
>
> In spite of my affinity for JMX, I completely forgot about it in this
> case! Sorry for the confusion.
>
> Presumably, you want both isLocked(String) and unlock(String) to be
> made public?
>
> Looks like Mark did exactly that with his latest commit.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsyZyEACgkQHPApP6U8
> pFhdOBAAlfMA4PeO4EsdyO5XI7RC4erocWAm0Ws8j6w3Q5kzMIQIgc1knKrdBHvP
> gNCoNk39gcdrbF7PzcQMSByaBCf9m09Omgd8plcv3ND/TTCOUbsStwKJpevQQF0E
> ZwFxrNWg8CgsEjJNxgNqWEUm++LIFGGXA9HNeV41cdCBd3E2jQBbuB3CD9Y5VNxm
> RawLNOvlIpjLrx0uTmdH1LeQQ2XdjuiMMZIP/vxqQO2uxO5IogF7JYRCdsxGpd/f
> DQ4ADT8tWjM3vcWwj7BL7vo/D5VCYD3rhOLFIje0lF+7+ZsfCjpkvI+AA+8eo+C6
> lmaUFNj8vkEWV61KUmgPXSMiTGKZ+7kaMG7BcW6VyavrGkJWWfnJ4TDUrzZzpkYs
> NGU3OdruTVwJKufho1PTxv3HF6i4m6SfcsJE/1Y/md9BPhbl1rYU07q+cN54UJfy
> P9vFkXieYaCYUOCTpJsWC9GWJcs4E6aCPNTEiC1ycL2KS81y3aGewizl8Plnh/FD
> sQ+ZZbqIVGieo40jskpjjzSFaZxp7JWGb+Y0Iu+TjW6BWJthfMj6tDlZBAQwitXQ
> D5usdsBNF+qNACKxBmizcgtUG+5J/2+JVvGQ2iFltnF7kN8ahjZy6TkdAzT3NHTy
> hbajJa8URa6pRymAa5Kzk6kqJlgEEPAHL/anRzjY8J93AZ7LaN4=
> =MBiJ
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Programmatically unlocking an account?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Alex,
On 6/25/18 8:49 PM, Alex O'Ree wrote:
> Actually I figured it out. It is possible via the mx bean. I'd like
> to request that the method isLocked be changed to public in a
> future version.
In spite of my affinity for JMX, I completely forgot about it in this
case! Sorry for the confusion.
Presumably, you want both isLocked(String) and unlock(String) to be
made public?
Looks like Mark did exactly that with his latest commit.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsyZyEACgkQHPApP6U8
pFhdOBAAlfMA4PeO4EsdyO5XI7RC4erocWAm0Ws8j6w3Q5kzMIQIgc1knKrdBHvP
gNCoNk39gcdrbF7PzcQMSByaBCf9m09Omgd8plcv3ND/TTCOUbsStwKJpevQQF0E
ZwFxrNWg8CgsEjJNxgNqWEUm++LIFGGXA9HNeV41cdCBd3E2jQBbuB3CD9Y5VNxm
RawLNOvlIpjLrx0uTmdH1LeQQ2XdjuiMMZIP/vxqQO2uxO5IogF7JYRCdsxGpd/f
DQ4ADT8tWjM3vcWwj7BL7vo/D5VCYD3rhOLFIje0lF+7+ZsfCjpkvI+AA+8eo+C6
lmaUFNj8vkEWV61KUmgPXSMiTGKZ+7kaMG7BcW6VyavrGkJWWfnJ4TDUrzZzpkYs
NGU3OdruTVwJKufho1PTxv3HF6i4m6SfcsJE/1Y/md9BPhbl1rYU07q+cN54UJfy
P9vFkXieYaCYUOCTpJsWC9GWJcs4E6aCPNTEiC1ycL2KS81y3aGewizl8Plnh/FD
sQ+ZZbqIVGieo40jskpjjzSFaZxp7JWGb+Y0Iu+TjW6BWJthfMj6tDlZBAQwitXQ
D5usdsBNF+qNACKxBmizcgtUG+5J/2+JVvGQ2iFltnF7kN8ahjZy6TkdAzT3NHTy
hbajJa8URa6pRymAa5Kzk6kqJlgEEPAHL/anRzjY8J93AZ7LaN4=
=MBiJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Programmatically unlocking an account?
Posted by Alex O'Ree <al...@apache.org>.
Actually I figured it out. It is possible via the mx bean. I'd like to
request that the method isLocked be changed to public in a future version.
The use case is not a typical one but I'd like admins to know if a service
account is locked out for some reason and to be able to reset it if
necessary. The timeout is 15 minutes but the account is frequently used by
service processes which causes the timeout to continually get reset (unless
I am misunderstanding the code)
On Mon, Jun 25, 2018, 7:13 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Alex,
>
> On 6/25/18 3:24 PM, Alex O'Ree wrote:
> > Is it possible to programmatically unlock an account that's been
> > locked via the lockoutrealm and the simple xml user store?
>
> Regardless of the user-storage mechanism, the answer is no.
>
> > If so, how?
>
> Sorry.
>
> What's the use-case, here? Support gets a call saying "please unlock
> this account"? What's the lock-timeout in your environment?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsxdvgACgkQHPApP6U8
> pFhrRw//VrUjvQBr3krQMZqzViTmrSK6t/JIpeRAxz17PZ9Pvo9K5OIrKcP1tx/x
> nAFJvkzIiMX4RL7i/6UEx65INiSONApIOOmfFAXKwpjPiHsRxulYMskMi4V8TYNq
> coT7gJUZxq2OBu3XjmeYkGvuxEsqKdMLzFXdWWmaDLd1slxDFThWnXz8RRORIV3u
> Y59zo17tMysI1stdO7OdNKEVuFUFIUJZWMwqRMWYEumOXqOI7ExMLiVlWPeuITuz
> eKCpssMBwolMsjJJlr723YXfsd93yhAsoKaH4lASEhECcXRZHjUgAP5nheWpYTp3
> UhqsUKi8gwINq31UA+Lw6n/aq3OIRzPLhcTaeSXcE5lJ40A85cb+O8rxeuarfM9t
> CSlWVsYa9XPQHUmEApVfo2nVSx2xIorRHMOHvcOToKPRcVtw89xraH7Jykx86eW0
> SCc2DsZWZOtU9HQ8cpDb2ySSlccATYllLPkQEU7Wwq6y0f9Y8CMOZybmZEVC6ghb
> so0F8rq7j1ZL5VjhekEcrvF0eGrKlmIlDxnuz0OgY97JkA4PISopthfT+Ayn2dEj
> i2TbrlkBBYMdjys0be7PSLSqyZvypQIKsTgYa4RK2k8bQeDW/xvrs7UWT14Kp4l0
> M7UpvqeKXNYMYv5cgH/nFV7R8Vj6lnxvtRCXMjySOljzMq7pmE8=
> =R1Pn
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Programmatically unlocking an account?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Alex,
On 6/25/18 3:24 PM, Alex O'Ree wrote:
> Is it possible to programmatically unlock an account that's been
> locked via the lockoutrealm and the simple xml user store?
Regardless of the user-storage mechanism, the answer is no.
> If so, how?
Sorry.
What's the use-case, here? Support gets a call saying "please unlock
this account"? What's the lock-timeout in your environment?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsxdvgACgkQHPApP6U8
pFhrRw//VrUjvQBr3krQMZqzViTmrSK6t/JIpeRAxz17PZ9Pvo9K5OIrKcP1tx/x
nAFJvkzIiMX4RL7i/6UEx65INiSONApIOOmfFAXKwpjPiHsRxulYMskMi4V8TYNq
coT7gJUZxq2OBu3XjmeYkGvuxEsqKdMLzFXdWWmaDLd1slxDFThWnXz8RRORIV3u
Y59zo17tMysI1stdO7OdNKEVuFUFIUJZWMwqRMWYEumOXqOI7ExMLiVlWPeuITuz
eKCpssMBwolMsjJJlr723YXfsd93yhAsoKaH4lASEhECcXRZHjUgAP5nheWpYTp3
UhqsUKi8gwINq31UA+Lw6n/aq3OIRzPLhcTaeSXcE5lJ40A85cb+O8rxeuarfM9t
CSlWVsYa9XPQHUmEApVfo2nVSx2xIorRHMOHvcOToKPRcVtw89xraH7Jykx86eW0
SCc2DsZWZOtU9HQ8cpDb2ySSlccATYllLPkQEU7Wwq6y0f9Y8CMOZybmZEVC6ghb
so0F8rq7j1ZL5VjhekEcrvF0eGrKlmIlDxnuz0OgY97JkA4PISopthfT+Ayn2dEj
i2TbrlkBBYMdjys0be7PSLSqyZvypQIKsTgYa4RK2k8bQeDW/xvrs7UWT14Kp4l0
M7UpvqeKXNYMYv5cgH/nFV7R8Vj6lnxvtRCXMjySOljzMq7pmE8=
=R1Pn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org