[J2] Security component updated: existing SECURITY_CREDENTIAL table data changes required!!!

[Ate Douma <at...@douma.nu>]

Hi all,

To be able to implement the enhanced password security (see: http://issues.apache.org/jira/browse/JS2-151)
I had to make a few changed to the security component interfaces and quite a lot in its implementation.
Tonight changes only lay the foundation for JS2-151 which implementation I will start with now.

The current functionality of J2 isn't changed so far, but the security credential data as stored in
the database is changed.

I've changed the PasswordCredential class to an interface (to allow more flexibility) and added 
o.a.j.security.spi.impl.DefaultPasswordCredentialImpl as replacement for the old PasswordCredential.

The CLASSNAME field of the SECURITY_CREDENTIAL table contains the class name of the PasswordCredential class
used by the CredentialHandler and thus is changed from o.a.j.security.PasswordCredential to the above mentioned.

The maven db.recreate goal (called from the quickStart goal) will automatically insert the corrected demo data,
but for those creating users themselves (including their password) through SQL will have to adapt their scripts
used for that and update their current data in the database as well.
Forgetting to do so will result in users not being able anymore to login and a LoginException with message
"Authentication failed: Password does not match" will be thrown from the DefaultLoginModule which is displayed on
the Tomcat console.

The upcoming changes I'll have to make for the implementation of JS2-151 will require further changes to the
SECURITY_CREDENTIAL table (additional fields). When that happens I'll put out another warning to the list.

Regards,

Ate


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org