You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Dominique Jäggi (JIRA)" <ji...@apache.org> on 2015/09/30 11:51:04 UTC

[jira] [Created] (OAK-3463) Communicate Password Change Failure Reason During Expiry + Pw History

Dominique Jäggi created OAK-3463:
------------------------------------

             Summary: Communicate Password Change Failure Reason During Expiry + Pw History
                 Key: OAK-3463
                 URL: https://issues.apache.org/jira/browse/OAK-3463
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: core, security
    Affects Versions: 1.3.6
            Reporter: Dominique Jäggi
            Assignee: Dominique Jäggi


when password expiry and password history are enabled, the following situation may occur:

when a password is expired, it may be changed as part of the regular _authenticate_ call, in this case handled by the _UserAuthentication_. if the new password is found in the password history, the pw change fails and _UserAuthentication_ still reports this (special) login as expired.

it would be desirable to allow consumers of the resulting state (currently CredentialExpiredException) to be able to identify that the password change failed due to it being in the pw history, even though the unchanged password could still be considered expired.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)