AuthenticationManager.allowSetPassword is problematic with stacked
authentication modules
-----------------------------------------------------------------------------------------
Key: DS-1088
URL: https://jira.duraspace.org/browse/DS-1088
Project: DSpace
Issue Type: Bug
Affects Versions: 1.8.0, 1.7.2, 1.8.1
Reporter: Hardy Pottinger
This is related to DS-1007 (found in DS-994). In
AthenticationManager.allowSetPassword there's a loop which goes through each
authentication method in the stack, and if any of them returns true for their
allowSetPassword method, the AuthenticationManager.allowSetPassword method also
returns true. This creates situations where the DSpace interface implies that a
user can do things such as change their LDAP or Shibboleth password. See this
thread on DSpace_tech:
http://dspace.2283337.n4.nabble.com/Prevent-LDAP-users-from-changing-password-tt4155171.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
