You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2017/12/01 01:20:00 UTC
[jira] [Assigned] (JS2-1358) Password validations failing in
several screens
[ https://issues.apache.org/jira/browse/JS2-1358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor reassigned JS2-1358:
--------------------------------------
Assignee: David Sean Taylor
Fix Version/s: 2.3.2
> Password validations failing in several screens
> -----------------------------------------------
>
> Key: JS2-1358
> URL: https://issues.apache.org/jira/browse/JS2-1358
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.3.0
> Environment: Windows
> Reporter: elise badr
> Assignee: David Sean Taylor
> Labels: password, validation
> Fix For: 2.3.2
>
> Attachments: security-spi-atn.xml
>
>
> When putting the attached security-spi-atn.xml in the Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override folder and tested this from 4 different features:
> 1. The Change Password portlet - There is a bug here, and it fails to validate,
> and allows the user to set an invalid password
> 2. The Old User Manager - (user edit from admin) - was able to use unaccepted password format
> 3. The New User Manager - There is a bug here, and it fails to validate, and allows the user
> to set an invalid password
> 4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with me couldn't test due to the following exception:
> [Failed to add user.org.apache.jetspeed.administration.AdministrationEmailException: Failed to send forgotten password email to user with email address because Mail server connection failed; nested exception is javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect). Failed messages: javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect)]
> * In addition to the above, we have the wrong password retry not working using the following config:
> <!-- Automatically disable a password after 3 invalid authentication attempts in a row -->
> <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
> </bean>
> <!-- remember the last 3 passwords used and require a new password to be different from those -->
> <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
> </bean>
> * Password hsitory feature not working with the following config:
> <!-- remember the last 3 passwords used and require a new password to be different from those -->
> <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
> <constructor-arg index="0"><value>3</value></constructor-arg>
> </bean>
> * Not tested: password expiry using following config:
> <!-- Automatically expire a password after 60 days -->
> <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
> <constructor-arg index="0"><value>60</value></constructor-arg>
> </bean>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org