Installing Lucee's Ehcache disables default admin pwd handling

AdamCameron · February 20, 2025, 10:27am

Yeah. That title doesn’t make much sense, but nor does the situation.

Firstly, we’re on 5.4.4.38.

In our Dockerfile we configure the initial admin pwd via this mechanism:

RUN echo letmein123 > "/opt/lucee/server/lucee-server/context/password.txt";

This was the prescribed way of setting this pwd for the version of Lucee we’re on. I realise it’s changed since 5.4.6, but upgrading is not an option for us. Anyway, said approach works fine.

Except.

We need to use the Ehcache extension - as per Lucee Admin:

I add the relevant entry to my LUCEE_EXTENSIONS env var, and…

… when I then rebuild the container, the pwd has not been applied:

This is readily replicable… remove the installation of the Ehcache extension: everything is back to working fine. Add it back in: bung again. We’re loading half a dozen other extensions via the same mechanism, and these have never given us an issue. I tried a few other random extensions… also no probs.

The issue can be worked-around by moving the password-setting code to be after the extension installation phase, but it seems to me there’s something with the Ehcache extensions that is doing something it really shouldn’t be? Might be worth a quick look (or might not).

Anyway, if anyone is thinking “ah yeah this is because …” then I’d be keen to know what’s going on. But beyond that, this is more just a “WTH?” and an FYI, I guess.

Cheers for reading this far

–
Adam

markdrew · February 20, 2025, 11:55am

Alright, I think I know what is happening here, but would need to see some of the relevant parts of the Dockerfile.
Are you warming up Lucee after extension installation? (during build) ?

RUN LUCEE_ENABLE_WARMUP=true ${CATALINA_HOME}/bin/catalina.sh run

We actually copy the extension files into opt/lucee/server/lucee-server/deploy/ rather than env var and restart.

There is an program called dive which is really useful to see what has changed in each step of the build to see where it’s getting removed.

AdamCameron · February 22, 2025, 10:30pm

Hi Mark

To be clear… I don’t give a rat’s arse what’s happening (given I have worked around it, so “I’m all right Jack”). I’m reporting an anomaly, which seems “non trivial” as an extensions seems to be messing with security-oriented shit that it shouldn’t be touching, which might be something someone ought to care about. Maybe.

My post was for ppl who ought to care about “an extensions seems to be messing with shit that it shouldn’t”, which might be the extension maintainers, or might be the Lucee dev team. In this case I think it’s a native Lucee extension, so the venn diagram is just one circle. However I fully get that the denizens of said venn diagram probs have better stuff to be getting on with.

To confirm, yes I am running the warm-up. Indeed I am pretty sure you helped me get all this working in the first place, a year or so ago. I’m running the prescribed (such as it is) approach to setting extensions to install via an env var, and then “warming” stuff.

TBH, we can largely consider this an FYI / “here be monsters” sorta situation.

Hope everything is going well for you fella.

–
Adam