Hi Mohamed,

We are glad to see your interest in this project. In order to make you
familiar with this project with regard to WSO2 platform, we would like you
to complete the following task which would provide an understanding on how
the userstore managers are used in WSO2 products.


1. Refer [1] and understand how a userstore manager can be written and used
in a product like WSO2 Identity Server [2].

2. Refer [3] and understand more about Claims and Claim Management.

3. Referring [1], extend the
*org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager* class and write your
own JDBC userstore manaager. (MySQL is preferred).

4. Introduce a new claim called *lastPasswordResetTimestamp* which tracks
the timestamp of each user's last successful password reset attempt. (in
WSO2 Identity Server). For this you can refer [1] and override the
*doUpdateCredential*, *doUpdateCredentialByAdmin* methods in the custom
userstore manager you wrote in previous step. Inside these methods after
successful password reset, set the current timestemp as a user claim. For
this you can refer [4].

5. In the JDBC userstore manager you have written in above step, override
the *doAuthenticate *method. Inside the method, after performing
authentication, compare the timestamp of the last time the user updated the
credentials with current timestamp. If it is greater than 60 days (you can
hardcode this value for the moment) return an exception with a message
saying the user has to reset the password as it is expired. (For the users
where the claim for password reset timestamp is empty, you can let the
users successfully authenticate)

When performing above tasks, if you face any difficulty, you can ask for
help from this mail thread. You can use GitHub to share your source code
and after completing a deliverable from above steps, you can share your
progress with us.

If you need further clarifications, please get back.

[1] https://docs.wso2.com/display/IS510/Writing+a+Custom+User+Store+Manager
[2] http://wso2.com/products/identity-server/
[3]
http://tharindue.blogspot.com/2015/08/claim-management-operations-in-wso2.html
[4]
http://tharindue.blogspot.com/2015/12/tracking-last-successful-login-attempt.html
[5]
http://tharindue.blogspot.com/2015/05/a-workaround-for-renaming-username-of.html

Thank you !
Tharindu Edirisinghe

On Wed, Feb 24, 2016 at 12:50 AM, Mohamed ZAJITH <mohamedzaj...@gmail.com>
wrote:

> Hi
> I'm a final year Computer Science Student from University of Jaffna. I'm
> interested in above mentioned project that is suggested by WSO2 for the
> event GSOC 2016. Meanwhile I am familiar with the skills which provided
> with the relevant topic
>
> --
> *Regards.*
> *MohamedZajith*
> *Linkedin*
> <https://mailtrack.io/trace/link/ea5c4dfb9fe4057115621593cadf881aace4dc1f?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmohamedzajith&signature=9f62cd224c1a0fd7>
>
> Sent with MailTrack
> <https://mailtrack.io/install?source=signature&lang=en&referral=mohamedzaj...@gmail.com&idSignature=22>
>



-- 

Tharindu Edirisinghe
Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to