elise badr created JS2-1358:
-------------------------------
Summary: Password validations failing in several screens
Key: JS2-1358
URL: https://issues.apache.org/jira/browse/JS2-1358
Project: Jetspeed 2
Issue Type: Bug
Components: Admin Portlets
Affects Versions: 2.3.0
Environment: Windows
Reporter: elise badr
Attachments: security-spi-atn.xml
When putting the attached security-spi-atn.xml in the
Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override folder and tested
this from 4 different features:
1. The Change Password portlet - There is a bug here, and it fails to validate,
and allows the user to set an invalid password
2. The Old User Manager - (user edit from admin) - was able to use unaccepted
password format
3. The New User Manager - There is a bug here, and it fails to validate, and
allows the user
to set an invalid password
4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with me
couldn't test due to the following exception:
[Failed to add
user.org.apache.jetspeed.administration.AdministrationEmailException: Failed to
send forgotten password email to user with email address because Mail server
connection failed; nested exception is javax.mail.MessagingException:
Connection error (java.net.SocketException: Network is unreachable: connect).
Failed messages: javax.mail.MessagingException: Connection error
(java.net.SocketException: Network is unreachable: connect)]
* In addition to the above, we have the wrong password retry not working using
the following config:
<!-- Automatically disable a password after 3 invalid authentication attempts
in a row -->
<bean
class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
<constructor-arg index="0"><value>3</value></constructor-arg>
</bean>
<!-- remember the last 3 passwords used and require a new password to be
different from those -->
<bean
class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
<constructor-arg index="0"><value>3</value></constructor-arg>
</bean>
* Password hsitory feature not working with the following config:
<!-- remember the last 3 passwords used and require a new password to be
different from those -->
<bean
class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
<constructor-arg index="0"><value>3</value></constructor-arg>
</bean>
* Not tested: password expiry using following config:
<!-- Automatically expire a password after 60 days -->
<bean
class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
<constructor-arg index="0"><value>60</value></constructor-arg>
</bean>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
