You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by Francisco Carriedo Scher <fc...@gmail.com> on 2012/04/02 00:43:51 UTC

Disabling admin account

Hi there,

i am trying to disable the admin account and, apart from setting the
adminId to my custom value in the repository.xml file i changed the value
of the constants of the
org.apache.jackrabbit.core.security.SecurityConstants class. Once
recompiled (the core and the Webapp and used via Webdav) i am still able to
login having write permissions providing admin:admin credentials:

        Repository repository = JcrUtils.getRepository(repoURL + "/server");
        BufferedReader br = new BufferedReader(new
InputStreamReader(System.in));
        Session session = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()));

What else should be done to erase the admin account?

Thanks for your attention!!!

AW: Disabling admin account

Posted by "Cech. Ulrich" <Ul...@aeb.de>.

Hi,

you can change the password for the admin-account and/or set/unset the permissions for whole nodes, then it is not necessary to recompile the jackrabbit-code.

Bye,
Ulrich


-----Ursprüngliche Nachricht-----
Von: Francisco Carriedo Scher [mailto:fcarriedos@gmail.com] 
Gesendet: Montag, 2. April 2012 00:44
An: users@jackrabbit.apache.org
Betreff: Disabling admin account

Hi there,

i am trying to disable the admin account and, apart from setting the
adminId to my custom value in the repository.xml file i changed the value
of the constants of the
org.apache.jackrabbit.core.security.SecurityConstants class. Once
recompiled (the core and the Webapp and used via Webdav) i am still able to
login having write permissions providing admin:admin credentials:

        Repository repository = JcrUtils.getRepository(repoURL + "/server");
        BufferedReader br = new BufferedReader(new
InputStreamReader(System.in));
        Session session = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()));

What else should be done to erase the admin account?

Thanks for your attention!!!

Re: Disabling admin account

Posted by Francisco Carriedo Scher <fc...@gmail.com>.

Thank you very much, i will change the password programmatically then.


2012/4/4 Angela Schreiber <an...@adobe.com>

> hi francisco
>
> in the default user management implementation that is present with
> jackrabbit the admin user can neither be disabled nor removed.
> you can change the password of that user (User.changePassword).
> the ID of the administrator can be changed in the repository.xml.
>
> if you want to have a different user-mgt implementation you would
> need to change the usermanagement configuration.
>
> kind regards
> angela
>
>
> On 4/2/12 12:43 AM, Francisco Carriedo Scher wrote:
>
>> Hi there,
>>
>> i am trying to disable the admin account and, apart from setting the
>> adminId to my custom value in the repository.xml file i changed the value
>> of the constants of the
>> org.apache.jackrabbit.core.**security.SecurityConstants class. Once
>> recompiled (the core and the Webapp and used via Webdav) i am still able
>> to
>> login having write permissions providing admin:admin credentials:
>>
>>         Repository repository = JcrUtils.getRepository(repoURL +
>> "/server");
>>         BufferedReader br = new BufferedReader(new
>> InputStreamReader(System.in));
>>         Session session = repository.login(new SimpleCredentials("admin",
>> "admin".toCharArray()));
>>
>> What else should be done to erase the admin account?
>>
>> Thanks for your attention!!!
>>
>

Re: Disabling admin account

Posted by Angela Schreiber <an...@adobe.com>.

hi francisco

in the default user management implementation that is present with
jackrabbit the admin user can neither be disabled nor removed.
you can change the password of that user (User.changePassword).
the ID of the administrator can be changed in the repository.xml.

if you want to have a different user-mgt implementation you would
need to change the usermanagement configuration.

kind regards
angela

On 4/2/12 12:43 AM, Francisco Carriedo Scher wrote:
> Hi there,
>
> i am trying to disable the admin account and, apart from setting the
> adminId to my custom value in the repository.xml file i changed the value
> of the constants of the
> org.apache.jackrabbit.core.security.SecurityConstants class. Once
> recompiled (the core and the Webapp and used via Webdav) i am still able to
> login having write permissions providing admin:admin credentials:
>
>          Repository repository = JcrUtils.getRepository(repoURL + "/server");
>          BufferedReader br = new BufferedReader(new
> InputStreamReader(System.in));
>          Session session = repository.login(new SimpleCredentials("admin",
> "admin".toCharArray()));
>
> What else should be done to erase the admin account?
>
> Thanks for your attention!!!