[ http://issues.apache.org/jira/browse/JS2-371?page=all ]
Ate Douma updated JS2-371:
--------------------------
Component: Security
Summary: Provide password expiration management and defaults for
"Change password on first login" from the admin UserDetailsPortlet (was:
Provide password expiration management and default "Change password on first
loginfrom the admin UserDetailsPortlet)
Fix Version: 2.0-M4
Description:
The current password expiration functionality is rather inflexible.
For certain users like administrators, password expiration is problematic and
should preferrably be disabled.
The solution I'm going to provide is that through the admin UserDetailsPortlet,
the expiration date of a password credential can
be modified:
- Expired: directly expire an active password by setting its expiration date to
today
- Extend: reset the current expiration date (to null), the (new, see JS2-359)
PasswordExpirationInterceptor then will derive a new date starting from today
- Extend Unlimited: set the expiration date to January 1, 8099 (which is the
formally higest date allowed for java.sql.Date)
To be able to modify the expiration date, the UserManager and the
CredentialHandler interfaces will be extended with a new
setPasswordExpiration(userName,date) method.
When password expiration is not wanted at all and the
PasswordExpirationInterceptor is *not* configured, this new functionality,
including the display of the password expiration date (which then always will
be empty) doesn't need to be shown on the UserDetailsPortlet.
I'll provide an additional portlet preference with which you can control if
this functionality should be displayed or not.
A similar problem exists with the "Change password on first login"
functionality which currently is set to true by default when a new user is
created. I'll provide a UserDetailsPortlet preference through which you can
specify what the default value should be. And another preference controlling if
you would want to be able to change this default on the Add User dialog.
I'll also provide documentation, including screenshots, for this features,
together with a bunch of docs for JS2-359.
was:
Version: 2.0-M4
> Provide password expiration management and defaults for "Change password on
> first login" from the admin UserDetailsPortlet
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-371
> URL: http://issues.apache.org/jira/browse/JS2-371
> Project: Jetspeed 2
> Type: Improvement
> Components: Security, Admin Portlets
> Versions: 2.0-M4
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.0-M4
>
> The current password expiration functionality is rather inflexible.
> For certain users like administrators, password expiration is problematic and
> should preferrably be disabled.
> The solution I'm going to provide is that through the admin
> UserDetailsPortlet, the expiration date of a password credential can
> be modified:
> - Expired: directly expire an active password by setting its expiration date
> to today
> - Extend: reset the current expiration date (to null), the (new, see JS2-359)
> PasswordExpirationInterceptor then will derive a new date starting from today
> - Extend Unlimited: set the expiration date to January 1, 8099 (which is the
> formally higest date allowed for java.sql.Date)
> To be able to modify the expiration date, the UserManager and the
> CredentialHandler interfaces will be extended with a new
> setPasswordExpiration(userName,date) method.
> When password expiration is not wanted at all and the
> PasswordExpirationInterceptor is *not* configured, this new functionality,
> including the display of the password expiration date (which then always will
> be empty) doesn't need to be shown on the UserDetailsPortlet.
> I'll provide an additional portlet preference with which you can control if
> this functionality should be displayed or not.
> A similar problem exists with the "Change password on first login"
> functionality which currently is set to true by default when a new user is
> created. I'll provide a UserDetailsPortlet preference through which you can
> specify what the default value should be. And another preference controlling
> if you would want to be able to change this default on the Add User dialog.
> I'll also provide documentation, including screenshots, for this features,
> together with a bunch of docs for JS2-359.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
