You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2005/04/24 14:50:24 UTC

[jira] Commented: (JS2-215) security email extensions: password reminder/user creation

     [ http://issues.apache.org/jira/browse/JS2-215?page=comments#action_63606 ]
     
Ate Douma commented on JS2-215:
-------------------------------

More/correct feeback after a login failure has now been implemented. See: JS2-239. 

> security email extensions: password reminder/user creation
> ----------------------------------------------------------
>
>          Key: JS2-215
>          URL: http://issues.apache.org/jira/browse/JS2-215
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Versions: 2.0-M1
>     Reporter: Randy Watler
>      Fix For: 2.0-M2

>
> From  "Ate Douma" <at...@douma.nu>
> Subject  Re: More Login/Security Enhancements
> Date  Sun, February 20, 2005 1:44 pm
> To  "Jetspeed Developers List" <je...@jakarta.apache.org>
> Randy Watler wrote:
> > Ate/All,
> > 
> > I have these additional Login/Security requirements that have made there 
> > way into a formal requirements process for our portal implementation:
> > 
> > - Send email to end user for forgotten passwords, (offered on failed 
> > login attempts if user email address known).
> +1
> > - Ability of a non-authenticated end user to create and populate a 
> > disabled user account to be enabled later by admin/moderator, (includes 
> > automatic email notification of the request and approved/denied messages 
> > if user email address known).
> +1
> > 
> > I think these features are fairly typical for most sites requiring end 
> > user authentication. Is there any interest in, (or objections to), these 
> > features being added to J2 proper? If there is interest, I will generate 
> > a JIRA issue and we can see if there are other similar capabilities that 
> > can be added at the same time.
> +1
> I myself have been asked by my client to provide more/correct feedback to
> a user trying to login but whose account already has been disabled (too many
> failed login attempts). The current functionality clearly isn't giving
> good feedback at all. The problem to do this better though is that there
> isn't a formal way to communicate information back *through* the JAAS implementation
> (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own
> channel or such for that.
> > 
> > Thanks!
> > 
> > Randy

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org