Author: taylor Date: Fri Dec 1 00:52:27 2017 New Revision: 1816783 URL: http://svn.apache.org/viewvc?rev=1816783&view=rev Log: JS2-1356: new password overrides configuration
Added: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/password-overrides.xml Added: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/password-overrides.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/password-overrides.xml?rev=1816783&view=auto ============================================================================== --- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/password-overrides.xml (added) +++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/password-overrides.xml Fri Dec 1 00:52:27 2017 @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> + + <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" name="org.apache.jetspeed.security.CredentialPasswordValidator" + class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"> + <meta key="j2:cat" value="default or security" /> + + <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives: + * Must be at least 6 characters + * Must contain at least one one lower case letter, one upper case letter, one digit and one special character + * Valid special characters are @#$%^&+= + --> + <constructor-arg index="0"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg> + </bean> + + <bean id="loginValidationValve" + class="org.apache.jetspeed.security.impl.LoginValidationValveImpl" + init-method="initialize"> + <!-- maxNumberOfAuthenticationFailures + This value should be in sync with the value for + org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor + (if used) to make sense. + Any value < 2 will suppress the LoginConststants.ERROR_FINAL_LOGIN_ATTEMPT + error code when only one last attempt is possible before the credential + will be disabled after the next authentication failure. + --> + <constructor-arg index="0"><value>3</value></constructor-arg> + </bean> + + <bean id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl" + class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"> + <meta key="j2:cat" value="default or security" /> + <constructor-arg index="0" ref="org.apache.jetspeed.security.CredentialPasswordEncoder" /> + <constructor-arg index="1" ref="org.apache.jetspeed.security.CredentialPasswordValidator" /> + <constructor-arg index="2"> + <list> + <!-- enforce an invalid preset password value in the persisent store is required to be changed --> + <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor" /> + <!-- ensure preset cleartext passwords in the persistent store will be encoded on first use --> + <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor" /> + + <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor"> + <constructor-arg index="0"><value>3</value></constructor-arg> + </bean> + <!-- set value in days for password expiration interceptor --> + <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor"> + <constructor-arg index="0"><value>30</value></constructor-arg> + </bean> + <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor"> + <constructor-arg index="0"><value>3</value></constructor-arg> + </bean> + </list> + </constructor-arg> + </bean> + + <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor"> + <constructor-arg index="0"><value>3</value></constructor-arg> + </bean> + + <!-- set value in days for password expiration interceptor --> + <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor"> + <constructor-arg index="0"><value>30</value></constructor-arg> + </bean> + + <bean id="passwordCredentialValve" + class="org.apache.jetspeed.security.impl.PasswordCredentialValveImpl" + init-method="initialize"> + <constructor-arg> + <!-- expirationWarningDays --> + <list> + <value>2</value> + <value>3</value> + <value>7</value> + </list> + </constructor-arg> + </bean> + + +</beans> + --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org