You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Elyse Badr <el...@gotocme.com> on 2017/07/13 04:57:10 UTC

Jetspeed 2.3.0 - Enabling password validation - Request for support - Urgent

Hi Support team,

 

We are using Jetspeed 2.3.0 to deploy our set of portlets applications. I am
sharing a problem I am facing in order to provide me with help or hints.

We would like to enable password validation rules that are already supported
by Jetspeed security.

 

We would like to enable the following rules:

 

*	Set min & max character, alphanumeric count for passwords
*	Set password age [90 days]
*	Set count of password history [last 5 passwords]
*	Set notification period for password change reminder

 

I uncommented some sections in
Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and
Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-p
assword-auth.xml but nothing was happening.

I did the same and nothing happened too. 

 

I made some research with no luck as no documentation or question related to
this topic. In Jetspeed documentation link
<https://portals.apache.org/jetspeed-2/deployguide/security-config.html#secu
rity-spi-atn_xml>  they provide a sample config which is not working too. I
am getting 

	
java.lang.ClassNotFoundException:
org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptors
Proxy

Although the jar jetspeed-security is present in the lib folder of the same
location: Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\lib

After investigations, it turned out that the sample configuration defined in
Jetspeed 2 documentation link
<https://portals.apache.org/jetspeed-2/deployguide/security-config.html#secu
rity-spi-atn_xml>  for security-spi-atn.xml, is referencing classes not
present in  Jetspeed jars probably belonging to older versions of Jetspeed
(1):

 



 

 



 

 

I even downloaded 2.3.1 and found out it has the same problem. 

 

I had to decompile the jetspeed-security-2.3.0 jar to get some equivalent
names of some implementations. I created my own security-spi-atn.xml,
Jetspeed did start successfully, however the validation rules are not
applied, and I can try incorrect login password for several times.

Please find attached my new configuration file and advice.

 

Awaiting your reply.

Thanks in advance.

 

Thanks,

 

Elyse BADR
Software Engineer, CME

(O)+961-01-389-392, (M) +961-03-533-179 

 <ma...@gotocme.com> elyse.badr@gotocme.com

Re: Jetspeed 2.3.0 - Enabling password validation - Request for support - Urgent

Posted by DavidSeanTaylor <da...@bluesunrise.com>.

> I uncommented some sections in Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-password-auth.xml but nothing was happening.


The alternate directory configs are examples only. They are not used. Drop your Spring overrides into /WEB-INF/assembly/override directory. Try the file attached



> On Jul 12, 2017, at 9:57 PM, Elyse Badr <el...@gotocme.com> wrote:
> 
> Hi Support team,
>  
> We are using Jetspeed 2.3.0 to deploy our set of portlets applications. I am sharing a problem I am facing in order to provide me with help or hints.
> We would like to enable password validation rules that are already supported by Jetspeed security.
>  
> We would like to enable the following rules:
>  
> Set min & max character, alphanumeric count for passwords
> Set password age [90 days]
> Set count of password history [last 5 passwords]
> Set notification period for password change reminder
>  
> I uncommented some sections in Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-password-auth.xml but nothing was happening.
> I did the same and nothing happened too. 
>  
> I made some research with no luck as no documentation or question related to this topic. In Jetspeed documentation link <https://portals.apache.org/jetspeed-2/deployguide/security-config.html#security-spi-atn_xml>they provide a sample config which is not working too. I am getting 
> java.lang.ClassNotFoundException: org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy
> Although the jar jetspeed-security is present in the lib folder of the same location: Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\lib
> After investigations, it turned out that the sample configuration defined in Jetspeed 2 documentation link <https://portals.apache.org/jetspeed-2/deployguide/security-config.html#security-spi-atn_xml> for security-spi-atn.xml, is referencing classes not present in  Jetspeed jars probably belonging to older versions of Jetspeed (1):
>  
> <image001.jpg>
>  
>  
> <image002.jpg>
>  
>  
> I even downloaded 2.3.1 and found out it has the same problem. 
>  
> I had to decompile the jetspeed-security-2.3.0 jar to get some equivalent names of some implementations… I created my own security-spi-atn.xml, Jetspeed did start successfully, however the validation rules are not applied, and I can try incorrect login password for several times.
> Please find attached my new configuration file and advice.
>  
> Awaiting your reply.
> Thanks in advance.
>  
> Thanks,
>  
> Elyse BADR
> Software Engineer, CME
> (O)+961-01-389-392, (M) +961-03-533-179
> elyse.badr@gotocme.com <ma...@gotocme.com>
>  
>  
> <security-spi-atn.xml>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org <ma...@portals.apache.org>
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org <ma...@portals.apache.org>