[
https://issues.apache.org/jira/browse/JS2-1358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Sean Taylor resolved JS2-1358.
------------------------------------
Resolution: Fixed
> Password validations failing in several screens
> -----------------------------------------------
>
> Key: JS2-1358
> URL: https://issues.apache.org/jira/browse/JS2-1358
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.3.0
> Environment: Windows
> Reporter: elise badr
> Assignee: David Sean Taylor
> Labels: password, validation
> Fix For: 2.3.2
>
> Attachments: security-spi-atn.xml
>
>
> When putting the attached security-spi-atn.xml in the
> Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override folder and tested
> this from 4 different features:
> 1. The Change Password portlet - There is a bug here, and it fails to
> validate,
> and allows the user to set an invalid password
> 2. The Old User Manager - (user edit from admin) - was able to use unaccepted
> password format
> 3. The New User Manager - There is a bug here, and it fails to validate, and
> allows the user
> to set an invalid password
> 4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with
> me couldn't test due to the following exception:
> [Failed to add
> user.org.apache.jetspeed.administration.AdministrationEmailException: Failed
> to send forgotten password email to user with email address because Mail
> server connection failed; nested exception is javax.mail.MessagingException:
> Connection error (java.net.SocketException: Network is unreachable: connect).
> Failed messages: javax.mail.MessagingException: Connection error
> (java.net.SocketException: Network is unreachable: connect)]
> * In addition to the above, we have the wrong password retry not working
> using the following config:
> <!-- Automatically disable a password after 3 invalid authentication
> attempts in a row -->
> <bean
> class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
>
> </bean>
> <!-- remember the last 3 passwords used and require a new password to be
> different from those -->
> <bean
> class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
>
> </bean>
> * Password hsitory feature not working with the following config:
> <!-- remember the last 3 passwords used and require a new password to be
> different from those -->
> <bean
> class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
>
> </bean>
> * Not tested: password expiry using following config:
> <!-- Automatically expire a password after 60 days -->
> <bean
> class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
> <constructor-arg index="0"><value>60</value></constructor-arg>
>
> </bean>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
