ate 2004/11/11 19:17:47 Modified: jetspeed-api/src/java/org/apache/jetspeed/security SecurityException.java components/security/src/test/org/apache/jetspeed/security/spi TestInternalPasswordCredentialStateHandlingInterceptor.java jetspeed-api/src/java/org/apache/jetspeed/security/om InternalCredential.java components/security/src/java/org/apache/jetspeed/security/om/impl InternalCredentialImpl.java components/security/src/java/org/apache/jetspeed/security/spi/impl InternalPasswordCredentialStateHandlingInterceptor.java DefaultInternalPasswordCredentialInterceptor.java DefaultCredentialHandler.java components/security/src/java/org/apache/jetspeed/security/spi InternalPasswordCredentialInterceptor.java components/security/src/java/META-INF security_repository.xml portal/src/webapp/WEB-INF/assembly jetspeed-spring.xml Added: components/security/src/test/org/apache/jetspeed/security/spi TestInternalPasswordCredentialHistoryHandlingInterceptor.java components/security/src/test/META-INF sipchhi.xml components/security/src/java/org/apache/jetspeed/security/spi/impl InternalPasswordCredentialHistoryHandlingInterceptor.java Log: JS2-151 feature: password history implemented (item 3) Revision Changes Path 1.6 +3 -0 jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java Index: SecurityException.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- SecurityException.java 8 Nov 2004 03:23:35 -0000 1.5 +++ SecurityException.java 12 Nov 2004 03:17:46 -0000 1.6 @@ -60,6 +60,9 @@ /** <p>Invalid authentication provider exception message.</p> */ public static final String INVALID_AUTHENTICATION_PROVIDER = "Invalid authentication provider."; + /** <p>Password already used exception message.</p> */ + public static final String PASSWORD_ALREADY_USED = "Password already used."; + /** * <p>Default Constructor.</p> */ 1.3 +4 -4 jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java Index: TestInternalPasswordCredentialStateHandlingInterceptor.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- TestInternalPasswordCredentialStateHandlingInterceptor.java 8 Nov 2004 22:36:04 -0000 1.2 +++ TestInternalPasswordCredentialStateHandlingInterceptor.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -22,8 +22,8 @@ import junit.framework.Test; import junit.framework.TestSuite; +import org.apache.jetspeed.security.om.InternalCredential; import org.apache.jetspeed.security.om.InternalUserPrincipal; -import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase; /** @@ -37,7 +37,7 @@ public class TestInternalPasswordCredentialStateHandlingInterceptor extends AbstractSecurityTestcase { private InternalUserPrincipal internalUser; - private InternalCredentialImpl credential; + private InternalCredential credential; protected void setUp() throws Exception { @@ -85,7 +85,7 @@ protected void loadUser() throws Exception { internalUser = securityAccess.getInternalUserPrincipal("testcred"); - credential = (InternalCredentialImpl)internalUser.getCredentials().iterator().next(); + credential = (InternalCredential)internalUser.getCredentials().iterator().next(); } protected void updateCredential() throws Exception 1.1 jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialHistoryHandlingInterceptor.java Index: TestInternalPasswordCredentialHistoryHandlingInterceptor.java =================================================================== /* Copyright 2004 Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.jetspeed.security.spi; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import junit.framework.Test; import junit.framework.TestSuite; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.om.InternalUserPrincipal; import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase; /** * <p> * TestInternalPasswordCredentialHistoryHandlingInterceptor * </p> * * @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a> * @version $Id: TestInternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12 03:17:46 ate Exp $ */ public class TestInternalPasswordCredentialHistoryHandlingInterceptor extends AbstractSecurityTestcase { private InternalUserPrincipal internalUser; private InternalCredentialImpl credential; protected void setUp() throws Exception { super.setUp(); // cleanup for previously failed test destroyUser(); initUser(); } public void tearDown() throws Exception { destroyUser(); super.tearDown(); } public static Test suite() { return new TestSuite(TestInternalPasswordCredentialHistoryHandlingInterceptor.class); } public void testPasswordHistory() throws Exception { assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password")); ums.setPassword("testcred","password","password1"); ums.setPassword("testcred","password1","password2"); assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password2")); try { ums.setPassword("testcred","password2","password"); fail("Should not be allowed to reuse a password from password history"); } catch (SecurityException sex) { assertEquals(SecurityException.PASSWORD_ALREADY_USED, sex.getMessage()); } ums.setPassword("testcred","password2","password3"); ums.setPassword("testcred","password3","password4"); ums.setPassword("testcred","password4","password"); assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password")); } protected void initUser() throws Exception { ums.addUser("testcred", "password"); } protected void destroyUser() throws Exception { ums.removeUser("testcred"); } protected String[] getConfigurations() { String[] confs = super.getConfigurations(); List confList = new ArrayList(Arrays.asList(confs)); confList.add("META-INF/sipchhi.xml"); return (String[])confList.toArray(new String[1]); } } 1.1 jakarta-jetspeed-2/components/security/src/test/META-INF/sipchhi.xml Index: sipchhi.xml =================================================================== <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <!-- Copyright 2004 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <beans> <!-- MessageDigestCredentialPasswordEncoder usage --> <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/> <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder"> <constructor-arg index="0"><value>SHA-1</value></constructor-arg> </bean> <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor"> <constructor-arg index="0"><value>3</value></constructor-arg> <constructor-arg index="1"><value>7</value></constructor-arg> <!-- historySize --> <constructor-arg index="2"><value>3</value></constructor-arg> </bean> <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider"> <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg> <constructor-arg index="1"><null/></constructor-arg> </bean> <!-- Security SPI: CredentialHandler --> <bean id="org.apache.jetspeed.security.spi.CredentialHandler" class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler" > <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg> <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg> </bean> </beans> 1.3 +5 -0 jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java Index: InternalCredential.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- InternalCredential.java 8 Nov 2004 03:23:36 -0000 1.2 +++ InternalCredential.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -37,6 +37,11 @@ */ public interface InternalCredential extends Serializable, Cloneable { + /** Private credentials type. */ + public static final int PRIVATE = 0; + /** Public credentials type. */ + public static final int PUBLIC = 1; + /** * <p>Getter for the credential id.</p> * @return The credential id. 1.3 +40 -1 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java Index: InternalCredentialImpl.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- InternalCredentialImpl.java 8 Nov 2004 03:23:35 -0000 1.2 +++ InternalCredentialImpl.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -18,6 +18,7 @@ import java.sql.Timestamp; import org.apache.jetspeed.security.om.InternalCredential; +import org.apache.jetspeed.util.HashCodeBuilder; /** * <p>[EMAIL PROTECTED] InternalCredential} interface implementation.</p> @@ -34,7 +35,7 @@ } /** - * <p>InternalPrincipal constructor given a value, type and classname.</p> + * <p>InternalCredentialImpl constructor given a value, type and classname.</p> * @param principalId The principal id. * @param value The value. * @param type The type. @@ -49,6 +50,28 @@ this.creationDate = new Timestamp(System.currentTimeMillis()); this.modifiedDate = this.creationDate; } + + /** + * <p>InternalCredentialImpl copy constructor given another InternalCredential and overriding classname</p> + * @param credential The credential to copy from + * @param classname The classname for the new credential + */ + public InternalCredentialImpl(InternalCredential credential, String classname) + { + this.authenticationFailures = credential.getAuthenticationFailures(); + this.classname = classname; + this.creationDate = credential.getCreationDate(); + this.enabled = credential.isEnabled(); + this.encoded = credential.isEncoded(); + this.expirationDate = credential.getExpirationDate(); + this.expired = credential.isExpired(); + this.lastLogonDate = credential.getLastLogonDate(); + this.modifiedDate = credential.getModifiedDate(); + this.principalId = credential.getPrincipalId(); + this.type = credential.getType(); + this.updateRequired = credential.isUpdateRequired(); + this.value = credential.getValue(); + } private long credentialId; @@ -301,6 +324,22 @@ { this.lastLogonDate = lastLogonDate; } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() + { + HashCodeBuilder hasher = new HashCodeBuilder(1, 3); + hasher.append(getPrincipalId()); + hasher.append(getCreationDate().getTime()); + if (getClassname() != null) + { + hasher.append(getClassname()); + } + return hasher.toHashCode(); + } + /** * <p>Compares this [EMAIL PROTECTED] InternalCredential} to the provided credential 1.3 +4 -4 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java Index: InternalPasswordCredentialStateHandlingInterceptor.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- InternalPasswordCredentialStateHandlingInterceptor.java 8 Nov 2004 22:35:41 -0000 1.2 +++ InternalPasswordCredentialStateHandlingInterceptor.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -103,12 +103,12 @@ } /** - * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String) + * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean) */ public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, - InternalCredential credential, String password) throws SecurityException + InternalCredential credential, String password, boolean authenticated) throws SecurityException { - super.beforeSetPassword(internalUser, credentials, userName, credential, password); + super.beforeSetPassword(internalUser, credentials, userName, credential, password, authenticated); credential.setExpirationDate(new Date(System.currentTimeMillis()+maxLifeSpanInMillis)); credential.setExpired(false); credential.setAuthenticationFailures(0); 1.3 +3 -3 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java Index: DefaultInternalPasswordCredentialInterceptor.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- DefaultInternalPasswordCredentialInterceptor.java 8 Nov 2004 22:35:41 -0000 1.2 +++ DefaultInternalPasswordCredentialInterceptor.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -74,10 +74,10 @@ } /** - * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String) + * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean) */ public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, - InternalCredential credential, String password) throws SecurityException + InternalCredential credential, String password, boolean authenticated) throws SecurityException { } } 1.10 +4 -10 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java Index: DefaultCredentialHandler.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- DefaultCredentialHandler.java 8 Nov 2004 03:23:35 -0000 1.9 +++ DefaultCredentialHandler.java 12 Nov 2004 03:17:46 -0000 1.10 @@ -40,12 +40,6 @@ { private static final Log log = LogFactory.getLog(DefaultCredentialHandler.class); - /** Private credentials type. */ - private static final int PRIVATE = 0; - - /** Public credentials type. */ - private static final int PUBLIC = 1; - private SecurityAccess securityAccess; private PasswordCredentialProvider pcProvider; @@ -106,7 +100,7 @@ while (iter.hasNext()) { credential = (InternalCredential) iter.next(); - if (credential.getType() == PRIVATE ) + if (credential.getType() == InternalCredential.PRIVATE ) { if ((null != credential.getClassname()) && (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName()))) @@ -184,9 +178,9 @@ boolean create = credential == null; - if ( credential == null ) + if ( create ) { - credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, PRIVATE, + credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, InternalCredential.PRIVATE, pcProvider.getPasswordCredentialClass().getName()); credential.setEncoded(encoded); credentials.add(credential); @@ -212,7 +206,7 @@ } else { - ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword ); + ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null ); } } if (!create) 1.1 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialHistoryHandlingInterceptor.java Index: InternalPasswordCredentialHistoryHandlingInterceptor.java =================================================================== /* Copyright 2004 Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.jetspeed.security.spi.impl; import java.sql.Timestamp; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Comparator; import java.util.Iterator; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.om.InternalCredential; import org.apache.jetspeed.security.om.InternalUserPrincipal; import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; /** * <p> * InternalPasswordCredentialHistoryHandlingInterceptor * </p> * * @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a> * @version $Id: InternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12 03:17:46 ate Exp $ */ public class InternalPasswordCredentialHistoryHandlingInterceptor extends InternalPasswordCredentialStateHandlingInterceptor { private int historySize; private static String HISTORICAL_PASSWORD_CREDENTIAL = "org.apache.jetspeed.security.spi.impl.HistoricalPasswordCredentialImpl"; private static final Comparator internalCredentialCreationDateComparator = new Comparator() { public int compare(Object obj1, Object obj2) { return ((InternalCredential)obj2).getCreationDate().compareTo(((InternalCredential)obj1).getCreationDate()); } }; public InternalPasswordCredentialHistoryHandlingInterceptor(int maxNumberOfAuthenticationFailures, int maxLifeSpanInDays, int historySize) { super(maxNumberOfAuthenticationFailures, maxLifeSpanInDays); this.historySize = historySize; } /** * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialStateHandlingInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean) */ public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password, boolean authenticated) throws SecurityException { Collection internalCredentials = internalUser.getCredentials(); ArrayList historicalPasswordCredentials = new ArrayList(); if ( internalCredentials != null ) { InternalCredential currCredential; Iterator iter = internalCredentials.iterator(); while (iter.hasNext()) { currCredential = (InternalCredential) iter.next(); if (currCredential.getType() == InternalCredential.PRIVATE ) { if ((null != currCredential.getClassname()) && (currCredential.getClassname().equals(HISTORICAL_PASSWORD_CREDENTIAL))) { historicalPasswordCredentials.add(currCredential); } } } } if (historicalPasswordCredentials.size() > 1) { Collections.sort(historicalPasswordCredentials,internalCredentialCreationDateComparator); } int historyCount = historyCount = historicalPasswordCredentials.size(); InternalCredential historicalPasswordCredential; if ( authenticated ) { // check password already used for ( int i = 0; i < historyCount && i < historySize; i++ ) { historicalPasswordCredential = (InternalCredential)historicalPasswordCredentials.get(i); if ( historicalPasswordCredential.getValue() != null && historicalPasswordCredential.getValue().equals(password) ) { throw new SecurityException(SecurityException.PASSWORD_ALREADY_USED); } } } for ( int i = historySize-1; i < historyCount; i++ ) { credentials.remove(historicalPasswordCredentials.get(i)); } historicalPasswordCredential = new InternalCredentialImpl(credential,HISTORICAL_PASSWORD_CREDENTIAL); credentials.add(historicalPasswordCredential); // fake update to current InternalCredential as being an insert of a new one credential.setCreationDate(new Timestamp(System.currentTimeMillis())); super.beforeSetPassword(internalUser, credentials, userName, credential, password, authenticated); } } 1.3 +2 -2 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java Index: InternalPasswordCredentialInterceptor.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- InternalPasswordCredentialInterceptor.java 8 Nov 2004 22:35:41 -0000 1.2 +++ InternalPasswordCredentialInterceptor.java 12 Nov 2004 03:17:46 -0000 1.3 @@ -33,5 +33,5 @@ boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential) throws SecurityException; boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName, InternalCredential credential, boolean authenticated) throws SecurityException; void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password) throws SecurityException; - void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password) throws SecurityException; + void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password, boolean authenticated) throws SecurityException; } 1.3 +2 -0 jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml Index: security_repository.xml =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- security_repository.xml 8 Nov 2004 03:23:36 -0000 1.2 +++ security_repository.xml 12 Nov 2004 03:17:46 -0000 1.3 @@ -81,6 +81,8 @@ <collection-descriptor name="credentials" element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl" + proxy="true" + refresh="true" auto-retrieve="true" auto-update="object" auto-delete="object" 1.32 +3 -1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml Index: jetspeed-spring.xml =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- jetspeed-spring.xml 8 Nov 2004 03:23:37 -0000 1.31 +++ jetspeed-spring.xml 12 Nov 2004 03:17:47 -0000 1.32 @@ -385,11 +385,13 @@ </bean> <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" - class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor"> + class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor"> <!-- maxNumberOfAuthenticationFailures --> <constructor-arg index="0"><value>3</value></constructor-arg> <!-- maxLifeSpanInDays --> <constructor-arg index="1"><value>60</value></constructor-arg> + <!-- historySize --> + <constructor-arg index="2"><value>3</value></constructor-arg> </bean> <!-- Security SPI: CredentialHandler -->
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]