Hello All,
I'm a new user to Shiro and still very much on the learning curve. I
recently ran into a strange problem that seems to be that Shiro will not
allow a log in if the password is set to 'password'. Is that really
hard coded somewhere inside Shiro? While good passwords are wise, I
just spent two hours wondering why I couldn't log in when the only
problem seems to be that I choose a trivial password while I'm learning
how to use Shiro and it is only deployed on my laptop. This 'feature'
also doesn't seem to be in the documentation and I don't understand
enough to delve into the source code and look for it.
So, is it really hard coded to prevent log ins with the password
'password'? If so, what other follies is Shiro secretly preventing? Is
that really a good idea to have Shiro rejecting passwords or should that
be delegated to something that checks password strength when a password
is being setup?
Thanks!
Sincerely,
Stephen McCants
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116
