Re: Jetspeed 2.3.0 - Enabling password validation - Request for support - Urgent

[DavidSeanTaylor]

I uncommented some sections in Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-password-auth.xml but nothing was happening. The alternate directory configs are examples only. They are not used. Drop your Spring overrides into /WEB-INF/assembly/override directory. Try the file attached

password-overrides.xml
Description: XML document

On Jul 12, 2017, at 9:57 PM, Elyse Badr <elyse.b...@gotocme.com> wrote: Hi Support team,   We are using Jetspeed 2.3.0 to deploy our set of portlets applications. I am sharing a problem I am facing in order to provide me with help or hints. We would like to enable password validation rules that are already supported by Jetspeed security.   We would like to enable the following rules:   Set min & max character, alphanumeric count for passwords Set password age [90 days] Set count of password history [last 5 passwords] Set notification period for password change reminder   I uncommented some sections in Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-password-auth.xml but nothing was happening. I did the same and nothing happened too.    I made some research with no luck as no documentation or question related to this topic. In Jetspeed documentation linkthey provide a sample config which is not working too. I am getting  java.lang.ClassNotFoundException: org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy Although the jar jetspeed-security is present in the lib folder of the same location: Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\lib After investigations, it turned out that the sample configuration defined in Jetspeed 2 documentation link for security-spi-atn.xml, is referencing classes not present in  Jetspeed jars probably belonging to older versions of Jetspeed (1):   <image001.jpg>     <image002.jpg>     I even downloaded 2.3.1 and found out it has the same problem.    I had to decompile the jetspeed-security-2.3.0 jar to get some equivalent names of some implementations… I created my own security-spi-atn.xml, Jetspeed did start successfully, however the validation rules are not applied, and I can try incorrect login password for several times. Please find attached my new configuration file and advice.   Awaiting your reply. Thanks in advance.   Thanks,   Elyse BADR Software Engineer, CME (O)+961-01-389-392, (M) +961-03-533-179 elyse.b...@gotocme.com     <security-spi-atn.xml> --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org