I am not aware of this behavior existing in the shiro codebase. Perhaps you could share what it is that you've configured and seen to lead you to this conclusion?
-Jared On Jun 19, 2013 6:02 PM, "Stephen McCants" <[email protected]> wrote: > Hello All, > > I'm a new user to Shiro and still very much on the learning curve. > I > recently ran into a strange problem that seems to be that Shiro will not > allow a log in if the password is set to 'password'. Is that really > hard coded somewhere inside Shiro? While good passwords are wise, I > just spent two hours wondering why I couldn't log in when the only > problem seems to be that I choose a trivial password while I'm learning > how to use Shiro and it is only deployed on my laptop. This 'feature' > also doesn't seem to be in the documentation and I don't understand > enough to delve into the source code and look for it. > So, is it really hard coded to prevent log ins with the password > 'password'? If so, what other follies is Shiro secretly preventing? Is > that really a good idea to have Shiro rejecting passwords or should that > be delegated to something that checks password strength when a password > is being setup? > Thanks! > > Sincerely, > Stephen McCants > > -- > Stephen McCants > Senior Software Engineer > Healthcare Control Systems > 1-877-877-8795 x116 > >
