You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2011/05/11 02:31:25 UTC

svn commit: r1101694 - /portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java

Author: ate
Date: Wed May 11 00:31:25 2011
New Revision: 1101694

URL: http://svn.apache.org/viewvc?rev=1101694&view=rev
Log:
JS2-1251: Only (should) validate new user credential password when not synchronizing like from Ldap

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1101694&r1=1101693&r2=1101694&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java Wed May 11 00:31:25 2011
@@ -173,7 +173,13 @@ public class UserPasswordCredentialPolic
                 }
                 if (validator != null)
                 {
-                    validator.validate(credential.getNewPassword());
+                    if (!authenticated)
+                    {
+                        // Note: authenticated is also forced set to true during synchronization like from Ldap
+                        // this might means the initial password isn't valid, but needs to be accepted anyway
+                        // but will be forced to be changed after first login.
+                        validator.validate(credential.getNewPassword());
+                    }
                 }
                 newPassword = credential.getNewPassword();
                 if (encoder != null)



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org