You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "angela (Resolved) (JIRA)" <ji...@apache.org> on 2011/11/09 09:53:51 UTC

[jira] [Resolved] (JCR-3140) Add configurable hook for password validation

     [ https://issues.apache.org/jira/browse/JCR-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved JCR-3140.
-------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 2.4)
                   2.3.3

slightly redefined the authorizableaction interface. it now covers the following
user/group operations:

- createUser
- createGroup
- remove (authorizable)
- changePassword

jackrabbit-core currently provides the following example implementations:

- ClearMembership: removes group membership before removing an authorizable
- AccessControl: upon creation sets up permissions for a new user/group on the corresponding node (configurable set of privileges for users and groups)
- PasswordValidation: simple password validation upon createUser and changePassword based on a configured regexp.

the desired set of validation actions needs to be configured with the UserManagement section in the security configuration by optionally adding one or multiple <AuthorizableAction class="" /> elements. the actions will be called according to the order within the configuration.
                
> Add configurable hook for password validation
> ---------------------------------------------
>
>                 Key: JCR-3140
>                 URL: https://issues.apache.org/jira/browse/JCR-3140
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>            Priority: Minor
>             Fix For: 2.3.3
>
>
> it's a common use case that applications would like to enforce additional logic associated with 
> changing a user password. currently this can only be achieved by using a derived user implementation.
> by extending the functionality added with JCR-3118 it was fairly trivial to provide a hook for those
> custom password validation checks, writing password expiration date etc.etc. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira