You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org> on 2006/09/05 09:50:24 UTC

[jira] Updated: (GERONIMO-2379) Security Realms portlet - form field validation using javascript

     [ http://issues.apache.org/jira/browse/GERONIMO-2379?page=all ]

Vamsavardhana Reddy updated GERONIMO-2379:
------------------------------------------

    Attachment: GERONIMO-2379.patch

GERONIMO-2379.patch:

1.  Validates name field.  Checks for empty strings.
2.  For Properties File and Certificate Properties File Realms, validates the usersURI and groupsURI fields.  Checks for empty strings.
3.  For Databse Realm, validates userSelect and groupSelect.  If a database pool is not selected then it will validate the JDBC parameters.  Checks for empty strings.
4. For LDAP realm, validates all fields except connectionProtocol, authentication and userRoleName fields.  Checks for empty strings.
5.  Field validation can be controlled by setting a property like the following in login-modules.properties:
    module.ldap.field.connectionProtocol.blankAllowed=true
6.  In advanced configuration, validates auditPath (check for empty string), lockoutCount, lockoutWindow, lockoutDuration (checks for integral values).  Conditional validation based on the checkBoxes checked.

> Security Realms portlet - form field validation using javascript
> ----------------------------------------------------------------
>
>                 Key: GERONIMO-2379
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2379
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 1.1.1
>         Environment: WinXP, Sun JDK 1.4.2_08, G-1.1.1-rc1
>            Reporter: Vamsavardhana Reddy
>             Fix For: 1.2, 1.1.x, 1.1.2
>
>         Attachments: GERONIMO-2379.patch
>
>
> Security Realm portlet pages do not perform any field validations before submitting the form.  Some of the fields can be validated using javascript.  Even though it is not complete validation of every field, checks can be put in place for non empty strings, non numerical values etc.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira