You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (Created) (JIRA)" <ji...@apache.org> on 2011/11/08 08:42:51 UTC
[jira] [Created] (JCR-3140) Add configurable hook for password
validation
Add configurable hook for password validation
---------------------------------------------
Key: JCR-3140
URL: https://issues.apache.org/jira/browse/JCR-3140
Project: Jackrabbit Content Repository
Issue Type: New Feature
Reporter: angela
Assignee: angela
Priority: Minor
Fix For: 2.4
it's a common use case that applications would like to enforce additional logic associated with
changing a user password. currently this can only be achieved by using a derived user implementation.
by extending the functionality added with JCR-3118 it was fairly trivial to provide a hook for those
custom password validation checks, writing password expiration date etc.etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3140) Add configurable hook for password
validation
Posted by "angela (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCR-3140:
------------------------
Component/s: security
jackrabbit-core
> Add configurable hook for password validation
> ---------------------------------------------
>
> Key: JCR-3140
> URL: https://issues.apache.org/jira/browse/JCR-3140
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 2.4
>
>
> it's a common use case that applications would like to enforce additional logic associated with
> changing a user password. currently this can only be achieved by using a derived user implementation.
> by extending the functionality added with JCR-3118 it was fairly trivial to provide a hook for those
> custom password validation checks, writing password expiration date etc.etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3140) Add configurable hook for password
validation
Posted by "Jukka Zitting (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting updated JCR-3140:
-------------------------------
Fix Version/s: (was: 2.3.3)
2.3.4
> Add configurable hook for password validation
> ---------------------------------------------
>
> Key: JCR-3140
> URL: https://issues.apache.org/jira/browse/JCR-3140
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 2.3.4
>
>
> it's a common use case that applications would like to enforce additional logic associated with
> changing a user password. currently this can only be achieved by using a derived user implementation.
> by extending the functionality added with JCR-3118 it was fairly trivial to provide a hook for those
> custom password validation checks, writing password expiration date etc.etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (JCR-3140) Add configurable hook for password
validation
Posted by "angela (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-3140.
-------------------------
Resolution: Fixed
Fix Version/s: (was: 2.4)
2.3.3
slightly redefined the authorizableaction interface. it now covers the following
user/group operations:
- createUser
- createGroup
- remove (authorizable)
- changePassword
jackrabbit-core currently provides the following example implementations:
- ClearMembership: removes group membership before removing an authorizable
- AccessControl: upon creation sets up permissions for a new user/group on the corresponding node (configurable set of privileges for users and groups)
- PasswordValidation: simple password validation upon createUser and changePassword based on a configured regexp.
the desired set of validation actions needs to be configured with the UserManagement section in the security configuration by optionally adding one or multiple <AuthorizableAction class="" /> elements. the actions will be called according to the order within the configuration.
> Add configurable hook for password validation
> ---------------------------------------------
>
> Key: JCR-3140
> URL: https://issues.apache.org/jira/browse/JCR-3140
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 2.3.3
>
>
> it's a common use case that applications would like to enforce additional logic associated with
> changing a user password. currently this can only be achieved by using a derived user implementation.
> by extending the functionality added with JCR-3118 it was fairly trivial to provide a hook for those
> custom password validation checks, writing password expiration date etc.etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira