To recreate, first create a new admin password:
>>> curl -u admin:geoserver -X PUT [http://localhost:8080/geoserver/rest/security/self/password](http://localhost:8080/geoserver/rest/security/self/password) -H "accept: application/json" -H "content-type: application/json" -d "
{ \"newPassword\": \"test\"}
"
Note the log indicates the change was successful:
29 Apr 20:44:48 INFO [geoserver.security] - Start reloading user/groups for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Reloading user/groups successful for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Start reloading user/groups for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Reloading user/groups successful for service named default
29 Apr 20:44:48 INFO [security.xml] - Successful lock: security/usergroup/default/users.xml.lock
29 Apr 20:44:48 INFO [geoserver.security] - Start storing user/groups for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Storing user/groups successful for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Start reloading user/groups for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Reloading user/groups successful for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Adjusted last modified for file: security/usergroup/default/users.xml
29 Apr 20:44:48 INFO [geoserver.security] - Start reloading user/groups for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Reloading user/groups successful for service named default
29 Apr 20:44:48 INFO [geoserver.security] - Adjusted last modified for file: security/usergroup/default/users.xml
29 Apr 20:44:48 INFO [geoserver.rest] - Changed password for user admin
Then observe the new password does not work:
>>> curl -u admin:test -X GET [http://localhost:8080/geoserver/rest/layers](http://localhost:8080/geoserver/rest/layers) -H "accept: application/json"
29 Apr 20:46:27 WARN [geoserver.security] - Failed login, user admin from 172.17.0.1
29 Apr 20:46:27 INFO [geoserver.security] - Brute force attack prevention, delaying login for 1385ms
But the original password works fine:
>>> curl -u admin:geoserver -X GET [http://localhost:8080/geoserver/rest/layers](http://localhost:8080/geoserver/rest/layers) -H "accept: application/json"
{"layers":{"layer":[{"name":"tiger:giant_polygon","href":"http:\/\/localhost:8080\/geoserve....
|