Hi all, I wanted to propose contributing some uPortal enhancements on behalf of the University of Chicago. The enhancements improve the existing CachePasswordSecurityContext to encrypt the password with a Spring-configurable encryption service before storing it in the session. We've also updated the CachedPasswordUserInfoService to configurably either decrypt the cached password before adding it to a portlet's UserInfoMap, or to pass it through in its encrypted form. These changes are intended to preserve the ability of uPortal to potentially cache user passwords, while ensuring that any passwords present in the user session are encrypted.
Is this a change that we could contribute to the uPortal 3.2-oriented trunk? - Jen -- Jen Bourey -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
