[
https://issues.apache.org/jira/browse/SLING-10902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated SLING-10902:
--------------------------------
Description:
This is to support a use case where the user login form utilizes a field other
than the principalName (i.e. email address or phone number) for authentication.
For that use case, the exact principalName value isn't as important and a
unique value can be auto-generated from some other hint. With a generated
unique princpalName, the end user doesn't have to keep retrying to find a value
that hasn't been used already.
With this change the principalName value would be determined by the locating
the first request parameter that is a match of one of the choices in the
following order:
1. *":name"* - value is the exact name to use
{code:java}
curl -F:name=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html
{code}
2. *":name@ValueFrom"* - value is the name of another submitted parameter whose
value is the exact name to use
{code:java}
curl -F:name@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
-FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
3. *":nameHint"* - value is filtered, trimmed and made unique
{code:java}
curl -F:nameHint=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
4. *":nameHint@ValueFrom"* - value is the name of another submitted parameter
whose value is filtered, trimmed and made unique
{code:java}
curl -F:nameHint@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
-FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
5. otherwise, try the value of any server-side configured
*"principalNameHints"* parameters to treat as a hint that is filtered, trimmed
and made unique
{code:java}
curl -FdisplayName=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
One other benefit of having an extensible way of autogenerating the
principalName values is that one could provide an implementation that generates
randomized principalName values. This should make it more difficult to script
the enumeration of the valid user names.
was:
This is to support a use case where the user login form utilizes a field other
than the principalName (i.e. email address or phone number) for authentication.
For that use case, the exact principalName value isn't as important and a
unique value can be auto-generated from some other hint. With a generated
unique princpalName, the end user doesn't have to keep retrying to find a value
that hasn't been used already.
With this change the principalName value would be determined by the locating
the first request parameter that is a match of one of the choices in the
following order:
1. *":name"* - value is the exact name to use
{code:java}
curl -F:name=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html
{code}
2. *":name@ValueFrom"* - value is the name of another submitted parameter whose
value is the exact name to use
{code:java}
curl -F:name@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
-FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
3. *":nameHint"* - value is filtered, trimmed and made unique
{code:java}
curl -F:nameHint=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
4. *":nameHint@ValueFrom"* - value is the name of another submitted parameter
whose value is filtered, trimmed and made unique
{code:java}
curl -F:nameHint@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
-FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
5. otherwise, try the value of any server-side configured
*"principalNameHints"* parameters to treat as a hint that is filtered, trimmed
and made unique
{code:java}
curl -FdisplayName=myuser -Fpwd=password -FpwdConfirm=password
http://localhost:8080/system/userManager/user.create.html{code}
One other benefit of having an extensible way of autogenerating the
principalName values is that one could provide an implementation that generates
randomized principalName values. This should make it more difficult to script
the enumeration of the valid usenames.
> Add the ability to autogenerate a unique user/group principalName from a hint
> -----------------------------------------------------------------------------
>
> Key: SLING-10902
> URL: https://issues.apache.org/jira/browse/SLING-10902
> Project: Sling
> Issue Type: New Feature
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit User Manager 2.2.16
>
>
> This is to support a use case where the user login form utilizes a field
> other than the principalName (i.e. email address or phone number) for
> authentication. For that use case, the exact principalName value isn't as
> important and a unique value can be auto-generated from some other hint. With
> a generated unique princpalName, the end user doesn't have to keep retrying
> to find a value that hasn't been used already.
> With this change the principalName value would be determined by the locating
> the first request parameter that is a match of one of the choices in the
> following order:
> 1. *":name"* - value is the exact name to use
> {code:java}
> curl -F:name=myuser -Fpwd=password -FpwdConfirm=password
> http://localhost:8080/system/userManager/user.create.html
> {code}
> 2. *":name@ValueFrom"* - value is the name of another submitted parameter
> whose value is the exact name to use
> {code:java}
> curl -F:name@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
> -FpwdConfirm=password
> http://localhost:8080/system/userManager/user.create.html{code}
> 3. *":nameHint"* - value is filtered, trimmed and made unique
> {code:java}
> curl -F:nameHint=myuser -Fpwd=password -FpwdConfirm=password
> http://localhost:8080/system/userManager/user.create.html{code}
> 4. *":nameHint@ValueFrom"* - value is the name of another submitted parameter
> whose value is filtered, trimmed and made unique
> {code:java}
> curl -F:nameHint@ValueFrom=displayName -FdisplayName=myuser -Fpwd=password
> -FpwdConfirm=password
> http://localhost:8080/system/userManager/user.create.html{code}
> 5. otherwise, try the value of any server-side configured
> *"principalNameHints"* parameters to treat as a hint that is filtered,
> trimmed and made unique
> {code:java}
> curl -FdisplayName=myuser -Fpwd=password -FpwdConfirm=password
> http://localhost:8080/system/userManager/user.create.html{code}
>
> One other benefit of having an extensible way of autogenerating the
> principalName values is that one could provide an implementation that
> generates randomized principalName values. This should make it more difficult
> to script the enumeration of the valid user names.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
