Commandbox: Cannot access, no password is defined

Hi,

I came across a strange issue today that I couldn’t access Server Admin page.

I created an empty folder and run box start. The server started okay. When I tried to access Server Admin page, it gave the following error:

Lucee 5.4.4.38 Error (expression)
Message	Cannot access, no password is defined
Stacktrace	The Error Occurred in
/admin/web.cfm: line 179
called from /admin/server.cfm: line 2
Java Stacktrace	lucee.runtime.exp.ExpressionException: Cannot access, no password is defined
  at lucee.runtime.config.ConfigServerImpl.checkAccess(ConfigServerImpl.java:693)
  at lucee.runtime.config.ConfigWebImpl.getConfigServer(ConfigWebImpl.java:179)
  at lucee.runtime.tag.Admin._doStartTag(Admin.java:613)
  at lucee.runtime.tag.Admin.doStartTag(Admin.java:364)
  at web_cfm$cf.call(/admin/web.cfm:179)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1056)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:948)
  at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:929)
  at server_cfm$cf.call(/admin/server.cfm:2)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1056)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:948)
  at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:219)
  at lucee.runtime.listener.ModernAppListener.onRequest(ModernAppListener.java:107)
  at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2493)
  at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2478)
  at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2449)
  at lucee.runtime.engine.Request.exe(Request.java:45)
  at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1215)
  at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1161)
  at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
  at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
  at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
  at org.cfmlprojects.regexpathinfofilter.RegexPathInfoFilter.doFilter(RegexPathInfoFilter.java:54)
  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
  at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
  at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
  at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
  at runwar.undertow.SSLCertHeaderHandler.handleRequest(SSLCertHeaderHandler.java:161)
  at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
  at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
  at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
  at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
  at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
  at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
  at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
  at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
  at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
  at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
  at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
  at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:175)
  at io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at runwar.undertow.WelcomeFileHandler.handleRequest(WelcomeFileHandler.java:39)
  at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:104)
  at runwar.undertow.SiteDeployment$1.handleRequest(SiteDeployment.java:162)
  at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:141)
  at io.undertow.server.handlers.DisallowedMethodsHandler.handleRequest(DisallowedMethodsHandler.java:62)
  at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113)
  at io.undertow.server.handlers.encoding.EncodingHandler.handleRequest(EncodingHandler.java:72)
  at runwar.undertow.LifecyleHandler.handleRequest(LifecyleHandler.java:143)
  at runwar.undertow.SiteDeployment$4.handleRequest(SiteDeployment.java:345)
  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
  at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
  at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
  at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
  at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
  at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449)
  at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
  at java.base/java.lang.Thread.run(Thread.java:829)
 
Timestamp	3/22/24 9:44:32 AM CST

I tried copying password.txt to /Users/myleslee/.CommandBox/server/2639F7434565D5B0C90E070356410450-pdm-server2/lucee-5.4.4.38/WEB-INF/lucee-server/context, it didn’t work.

What could possibly cause this error?

My other old sites work fine. I tried server forget and it doesn’t help.

****************************************************************************************************
*                                         About CommandBox                                         *
****************************************************************************************************
*                                                                                                  *
*                                                                                                  *
*  CommandBox Version: 6.0.0+00787                                                                 *
*  CommandBox Authors: Brad Wood, Luis Majano, Denny Valiant                                       *
*  CommandBox Binary   /usr/local/Cellar/commandbox/5.6.1/libexec/bin/box                          *
*  CommandBox Home     /Users/myleslee/.CommandBox                                                 *
*  CFML Engine:        Lucee                                                                       *
*  CFML Version:       5.4.4.38 stable (Gelert)                                                    *
*  Java Version:       11.0.16.1 (Homebrew)                                                        *
*  Java Path:          /usr/local/Cellar/openjdk@11/11.0.16.1_1/libexec/openjdk.jdk/Contents/Home/bin/java*
*  OS Username         myleslee                                                                    *
*  JLine Terminal      org.jline.terminal.impl.PosixSysTerminal                                    *
*  Runwar Version      5.0.0 (/Users/myleslee/.CommandBox/lib/runwar-5.0.0.jar)                    *
*                                                                                                  *
*                                                                                                  *
****************************************************************************************************

Thanks in advance.

Looks like a bug in Lucee. I’d be asking them

I have also been receiving this, but only while using a Lucee server in CommandBox. My manual Lucee installs did not do this. I have been “mitigating” it by accessing the admin URLs from different a domain and then a sub-domain for the different admin pages, i.e. mydomain.com/lucee/admin/web.cfm and www.mydomain.com/lucee/admin/server.cfm. (Note the www.)

But, you are not the only one experiencing this! And it does seem unique, in my experience, to CommandBox.

That’s so odd. I use Lucee every day on CommandBox and I’ve never seen that error. I also have a default Lucee password set via CFConfig so I guess I also probably always have a lucee password, which is likely the difference. When you install Lucee via their installer, it also always sets a password. I have a feeling Lucee has a bug regarding handling the scenario where a password hasn’t been set, but the only people who encounter it are ones using an installation of Lucee with no password set.