Hi Mohamed, We are glad to see your interest in this project. In order to make you familiar with this project with regard to WSO2 platform, we would like you to complete the following task which would provide an understanding on how the userstore managers are used in WSO2 products.
1. Refer [1] and understand how a userstore manager can be written and used in a product like WSO2 Identity Server [2]. 2. Refer [3] and understand more about Claims and Claim Management. 3. Referring [1], extend the *org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager* class and write your own JDBC userstore manaager. (MySQL is preferred). 4. Introduce a new claim called *lastPasswordResetTimestamp* which tracks the timestamp of each user's last successful password reset attempt. (in WSO2 Identity Server). For this you can refer [1] and override the *doUpdateCredential*, *doUpdateCredentialByAdmin* methods in the custom userstore manager you wrote in previous step. Inside these methods after successful password reset, set the current timestemp as a user claim. For this you can refer [4]. 5. In the JDBC userstore manager you have written in above step, override the *doAuthenticate *method. Inside the method, after performing authentication, compare the timestamp of the last time the user updated the credentials with current timestamp. If it is greater than 60 days (you can hardcode this value for the moment) return an exception with a message saying the user has to reset the password as it is expired. (For the users where the claim for password reset timestamp is empty, you can let the users successfully authenticate) When performing above tasks, if you face any difficulty, you can ask for help from this mail thread. You can use GitHub to share your source code and after completing a deliverable from above steps, you can share your progress with us. If you need further clarifications, please get back. [1] https://docs.wso2.com/display/IS510/Writing+a+Custom+User+Store+Manager [2] http://wso2.com/products/identity-server/ [3] http://tharindue.blogspot.com/2015/08/claim-management-operations-in-wso2.html [4] http://tharindue.blogspot.com/2015/12/tracking-last-successful-login-attempt.html [5] http://tharindue.blogspot.com/2015/05/a-workaround-for-renaming-username-of.html Thank you ! Tharindu Edirisinghe On Wed, Feb 24, 2016 at 12:50 AM, Mohamed ZAJITH <mohamedzaj...@gmail.com> wrote: > Hi > I'm a final year Computer Science Student from University of Jaffna. I'm > interested in above mentioned project that is suggested by WSO2 for the > event GSOC 2016. Meanwhile I am familiar with the skills which provided > with the relevant topic > > -- > *Regards.* > *MohamedZajith* > *Linkedin* > <https://mailtrack.io/trace/link/ea5c4dfb9fe4057115621593cadf881aace4dc1f?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmohamedzajith&signature=9f62cd224c1a0fd7> > > Sent with MailTrack > <https://mailtrack.io/install?source=signature&lang=en&referral=mohamedzaj...@gmail.com&idSignature=22> > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev