Hi Stephen, I agree with Jared, it is not in the shiro codebase.
Rgds , Thibault 2013/6/20 Jared Bunting <[email protected]> > I am not aware of this behavior existing in the shiro codebase. Perhaps > you could share what it is that you've configured and seen to lead you to > this conclusion? > > -Jared > On Jun 19, 2013 6:02 PM, "Stephen McCants" <[email protected]> > wrote: > >> Hello All, >> >> I'm a new user to Shiro and still very much on the learning >> curve. I >> recently ran into a strange problem that seems to be that Shiro will not >> allow a log in if the password is set to 'password'. Is that really >> hard coded somewhere inside Shiro? While good passwords are wise, I >> just spent two hours wondering why I couldn't log in when the only >> problem seems to be that I choose a trivial password while I'm learning >> how to use Shiro and it is only deployed on my laptop. This 'feature' >> also doesn't seem to be in the documentation and I don't understand >> enough to delve into the source code and look for it. >> So, is it really hard coded to prevent log ins with the password >> 'password'? If so, what other follies is Shiro secretly preventing? Is >> that really a good idea to have Shiro rejecting passwords or should that >> be delegated to something that checks password strength when a password >> is being setup? >> Thanks! >> >> Sincerely, >> Stephen McCants >> >> -- >> Stephen McCants >> Senior Software Engineer >> Healthcare Control Systems >> 1-877-877-8795 x116 >> >>
