You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@jakarta.apache.org> on 2005/02/15 23:38:45 UTC
[jira] Created: (JS2-213) Adding a User with an invalid password creates the user (without password) although an error is reported
Adding a User with an invalid password creates the user (without password) although an error is reported
--------------------------------------------------------------------------------------------------------
Key: JS2-213
URL: http://issues.apache.org/jira/browse/JS2-213
Project: Jetspeed 2
Type: Bug
Components: Security, Admin Portlets, Persistence and DAO
Versions: 2.0-dev/cvs
Reporter: Ate Douma
Assigned to: Ate Douma
Priority: Minor
When a User is added with an invalid password (we use the SimplePasswordCredentialValidator) using the User Admin Portlet
an error message is reported that the user cannot be created (just that...).
When subsequently a correct password is entered and adding the user is tried again the error: User is already defined
is reported back although the user isn't visible (yet) in the the list above.
Only after logging on again (or adding another user successfully) the created user is displayed. This is a caching problem.
A SECURITY_PRINCIPAL record *is* created but without a SECURITY_CREDENTIAL record.
To solve this problem, the user should not be created when the supplied password is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
[jira] Closed: (JS2-213) Adding a User with an invalid password creates the user (without password) although an error is reported
Posted by "Ate Douma (JIRA)" <je...@jakarta.apache.org>.
[ http://issues.apache.org/jira/browse/JS2-213?page=history ]
Ate Douma closed JS2-213:
-------------------------
Resolution: Fixed
Fix Version: 2.0-dev/cvs
2.0-M2
> Adding a User with an invalid password creates the user (without password) although an error is reported
> --------------------------------------------------------------------------------------------------------
>
> Key: JS2-213
> URL: http://issues.apache.org/jira/browse/JS2-213
> Project: Jetspeed 2
> Type: Bug
> Components: Admin Portlets, Persistence and DAO, Security
> Versions: 2.0-dev/cvs
> Reporter: Ate Douma
> Assignee: Ate Douma
> Priority: Minor
> Fix For: 2.0-dev/cvs, 2.0-M2
>
> When a User is added with an invalid password (we use the SimplePasswordCredentialValidator) using the User Admin Portlet
> an error message is reported that the user cannot be created (just that...).
> When subsequently a correct password is entered and adding the user is tried again the error: User is already defined
> is reported back although the user isn't visible (yet) in the the list above.
> Only after logging on again (or adding another user successfully) the created user is displayed. This is a caching problem.
> A SECURITY_PRINCIPAL record *is* created but without a SECURITY_CREDENTIAL record.
> To solve this problem, the user should not be created when the supplied password is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org