tracker issue : CF-3926238

Related ticket: CF-3546323

Comment by External U.

Simply try making an Admin API call within a <cflogin>-protected page. It will fail w/ the above error.

Comment by External U.

I see this is marked Fixed. Awesome! Looking forward to the fix =) Thanks!, -Aaron

Comment by External U.

Fix verified and will be available in the next ColdFusion version.

Comment by S P.

Hi Preethi, I see "Fixed In Build: CF11 Update7" This ticket isn't listed in the CF11 Update 7 bugs fixed PDF (https://helpx.adobe.com/coldfusion/kb/bugs-fixed-in-coldfusion-11-update-7.html). Is this really fixed in CF11 Update 7? If not, what is it fixed in? If it is, then it should be listed in that PDF. Thanks!, -Aaron

Comment by External U.

*bump* The "Fixed In Build" says "CF11 Update7", so why isn't it listed here: https://helpx.adobe.com/coldfusion/kb/bugs-fixed-in-coldfusion-11-update-7.html Is this ticket not fixed in "CF11 Update7"? Thanks!, -Aaron

Comment by External U.

Verified this is fixed in CF11 Update 7 (build 11,0,07,296330). Adobe, this ticket needs added to https://helpx.adobe.com/coldfusion/kb/bugs-fixed-in-coldfusion-11-update-7.html Thanks!, -Aaron

Comment by External U.

Hi Aaron, Thanks for letting us know about this. Will add it to the doc and let you know. Regards, Preethi

Comment by S P.

Hi Preethi, You're very welcome and thanks! -Aaron

Comment by External U.

Hi Aaron, The above ticket must be listed in the doc link now. Thanks, Preethi

Comment by S P.

Hi Preethi, Yes, I see CF-3926238, and the following revision note, in the doc now: ----------- Revision 26 Feb, 2016: bug#CF-3926238 added to the fixed bugs list. ----------- Thanks for adding that revision note! -Aaron

Comment by External U.

Hi Adobe, This ticket wasn't properly fixed and needs re-opened b/c cfloginuser still breaks some Admin API access. Confirmed in CF 11,0,07,296330 and 2016.0.01.298513. Issue was fixed for servermonitoring.cfc's getAllActiveRequests() and scheduler.cfc's getTasks(). Good. Issue was not fixed for datasource.cfc's getDatasources() and runtime.cfc's clearTrustedCache(). Bad. Issue should be fixed for ALL Admin API methods. Not sure why I need to say that.. Repro: <cfscript> theUsername = "";//specify Admin API username thePassword = "";//specify Admin API password theDSN = "";//specify a DSN cflogout(); cflogin() {cfloginuser(name="foo", password="bar", roles="foobar");}//cfloginuser still breaks some Admin API access new CFIDE.adminapi.administrator().login(thePassword, theUsername); obj = new CFIDE.adminapi.servermonitoring(); r = obj.getAllActiveRequests();//works, good writeDump(r); obj = new CFIDE.adminapi.scheduler(); r = obj.getTasks();//works, good writeDump(r); obj = new CFIDE.adminapi.datasource(); r = obj.getDatasources(theDSN);//throws coldfusion.security.SecurityManager$UnauthenticatedCredentialsException, bad writeDump(r); //Related URL: https://cfml.slack.com/archives/adobe/p1482869458000695 obj = new CFIDE.adminapi.runtime(); obj.clearTrustedCache(expandPath("./mypage.cfm"));//throws coldfusion.security.SecurityManager$UnauthenticatedCredentialsException, bad </cfscript> Thanks!, -Aaron

Comment by Aaron N.

I've run into this with a client. With the latest patches installed

Vote by Wil G.

This is still not working in this scenario either. https://gist.github.com/wilgeno/e85dfd15522add4db8e1d1bc1a427af9 <cfscript> adminUser = "admin"; adminPW = "password"; thefile = "/absolute/path/to/file.cfm"; adminObj = createObject("component","cfide.adminapi.administrator"); adminObj.login(adminPW, adminUser); // if I dump the return I will see the boolean is true meaning the login worked. adminRuntime = createObject("component","cfide.adminapi.runtime"); // yet on this line we will get the coldfusion.security.SecurityManager$UnauthenticatedCredentialsException error. adminRuntime.clearTrustedCache(thefile); </cfscript>

Comment by Wil G.

*bump* Should we follow-up in another year? Is Adobe going to look into this? Thanks!, -Aaron

Comment by Aaron N.