[
http://mifosforge.jira.com/browse/MIFOS-4347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
jbrewster reopened MIFOS-4347:
------------------------------
Assignee: keithwoodlock (was: mifosqa)
Keith,
this may be related to these changes, so reopening this issue. Was going to
test login attempt with a non-existent user. When I enter a user e.g. "k", no
password, and click login, I get following stack trace. Expected error message
"Please specify valid username/password to access the application." but instead
see:
rg.mifos.service.BusinessRuleException
at
org.mifos.application.servicefacade.LoginServiceFacadeWebTier.login(LoginServiceFacadeWebTier.java:63)
at
org.mifos.security.authentication.MifosLegacyUsernamePasswordAuthenticationFilter.unsuccessfulAuthentication(MifosLegacyUsernamePasswordAuthenticationFilter.java:123)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:208)
at
org.mifos.security.authentication.MifosLegacyUsernamePasswordAuthenticationFilter.doFilter(MifosLegacyUsernamePasswordAuthenticationFilter.java:108)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:167)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
> 5 invalid passwords not locking account
> ---------------------------------------
>
> Key: MIFOS-4347
> URL: http://mifosforge.jira.com/browse/MIFOS-4347
> Project: mifos
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Release 2.0.0
> Reporter: jbrewster
> Assignee: keithwoodlock
> Fix For: Elsie F - Iteration 10, Elsie F
>
>
> User is not being locked from system with 5 bad password attempts as noted in
> FS:
> http://mifos.org/functional-specifications/mfi-information-setup/user-setup
> "If the user enters an incorrect password five times consecutively, then the
> account is locked."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
