[J2] New JS2-151 feature: password history implemented

[Ate Douma <at...@douma.nu>]

I've just committed another JS2-151 feature:
3) keeping a history (queue) of previously used password and preventing a user to reuse one from this queue (with a configurable queue size)

Implementation class: org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor

I've configured a default test history of 3, meaning a new password has to be different from the last three,
but only when set through the Change Password Portlet.

If the User Management Portlet is used to set a new password, the value isn't checked against the history (although history is maintained). 
This is to allow a administrator to set a new password (for example when a user expired its own password by failing to use the correct 
password three times in a row), even if that password was used before in the saved history (like a 'default' password which must be
changed on first use).

Regards, Ate


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org