[Geoserver-devel] [JIRA] (GEOS-10288) Password policy change does not take effect until GeoServer restart

Mon, 25 Oct 2021 06:11:30 -0700 

Peter Smythe ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5b3b4ba74e83c12dd31159d6
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10288?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 ) GEOS-10288 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10288?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 ) Password policy change does not take effect until GeoServer restart ( 
https://osgeo-org.atlassian.net/browse/GEOS-10288?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.19.1 Assignee: Unassigned Components: 
Security Created: 25/Oct/21 3:10 PM Environment:

Tomcat on AWS Elastic Beanstalk

Priority: Medium Reporter: Peter Smythe ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5b3b4ba74e83c12dd31159d6
 )

To reproduce:

In Security > Passwords > Password Policies > default, enable Must contain an 
uppercase letter (or any other policy) which is not on by default. Save, Save.

In Security > Users, Groups, and Roles > Users/Groups > Add new user, enter a 
test username and a password without an uppercase letter, which should fail. 
Save.

The user is created. What should happen is a warning: 
org.geoserver.security.validation.PasswordPolicyException: password must 
contain an uppercase letter, which prevents the user from being created.

Even Reloading Configuration and catalog in Server status does not cause the 
policy to take effect.

After a tomcat restart, the policy does however take effect.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10288#add-comment?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10288#add-comment?atlOrigin=eyJpIjoiYmFhOGU1YWI2M2U5NGQ3NWFkMmM5MWM5MzQ3ZTc4NDIiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100183- 
sha1:51e3c50 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to