You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2005/04/24 14:50:24 UTC
[jira] Commented: (JS2-215) security email extensions: password reminder/user creation
[ http://issues.apache.org/jira/browse/JS2-215?page=comments#action_63606 ]
Ate Douma commented on JS2-215:
-------------------------------
More/correct feeback after a login failure has now been implemented. See: JS2-239.
> security email extensions: password reminder/user creation
> ----------------------------------------------------------
>
> Key: JS2-215
> URL: http://issues.apache.org/jira/browse/JS2-215
> Project: Jetspeed 2
> Type: Improvement
> Components: Security
> Versions: 2.0-M1
> Reporter: Randy Watler
> Fix For: 2.0-M2
>
> From "Ate Douma" <at...@douma.nu>
> Subject Re: More Login/Security Enhancements
> Date Sun, February 20, 2005 1:44 pm
> To "Jetspeed Developers List" <je...@jakarta.apache.org>
> Randy Watler wrote:
> > Ate/All,
> >
> > I have these additional Login/Security requirements that have made there
> > way into a formal requirements process for our portal implementation:
> >
> > - Send email to end user for forgotten passwords, (offered on failed
> > login attempts if user email address known).
> +1
> > - Ability of a non-authenticated end user to create and populate a
> > disabled user account to be enabled later by admin/moderator, (includes
> > automatic email notification of the request and approved/denied messages
> > if user email address known).
> +1
> >
> > I think these features are fairly typical for most sites requiring end
> > user authentication. Is there any interest in, (or objections to), these
> > features being added to J2 proper? If there is interest, I will generate
> > a JIRA issue and we can see if there are other similar capabilities that
> > can be added at the same time.
> +1
> I myself have been asked by my client to provide more/correct feedback to
> a user trying to login but whose account already has been disabled (too many
> failed login attempts). The current functionality clearly isn't giving
> good feedback at all. The problem to do this better though is that there
> isn't a formal way to communicate information back *through* the JAAS implementation
> (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own
> channel or such for that.
> >
> > Thanks!
> >
> > Randy
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org