You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2005/04/24 13:11:24 UTC
[jira] Created: (JS2-239) Improved feedback on Login failure
Improved feedback on Login failure
----------------------------------
Key: JS2-239
URL: http://issues.apache.org/jira/browse/JS2-239
Project: Jetspeed 2
Type: Improvement
Components: Security
Versions: 2.0-M2
Reporter: Ate Douma
Assigned to: Ate Douma
Priority: Minor
Fix For: 2.0-M3
The LoginPortlet currently displays a simple error message on a failed login.
Although the number of invalid attempts is displayed it's confusing because that is *not* related to the
number of authenticationFailures for a specific UserPrincipal.
I'll provide a new LoginValidationValve implementation which checks if an failed login attempt occurred.
In that case, the real cause of the failure is determined and an errorCode is saved in the request so the
LoginPortlet can provide a sensible response to the user.
These error codes are defined in the LoginConstants interface and with the i18n language bundle already used
by the LoginPortlet the required message to be displayed can be looked up.
If the InternalPasswordCredentialStateHandlingInterceptor is used (as it is in the default configuration), its maxNumberOfLoginFailureAttempts can be passed on to the LoginValidationValve implementation to allow
warning message to the user when only one last login attempt is possible before the PasswordCredential will
be disabled.
To be able to give this feedback, the PasswordCredential interface will be extended (as well as the default
implementation) to include the authenticationFailures from the InternalCredential.
This solution will provide at least one part of the JS2-215 issue (more/correct feedback on login failures).
The other features or JS2-215 (email notification, disabled account creation by an end user itself) still have to be addressed though.
The LoginConstants interface currently is defined in the Jetspeed commons project and I'm going to move it
to the Jetspeed-API project as I think it really belongs there. This shouldn't have any impact on any
custom login implementation as that would need the Jetspeed-API already too.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Closed: (JS2-239) Improved feedback on Login failure
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ http://issues.apache.org/jira/browse/JS2-239?page=all ]
Ate Douma closed JS2-239:
-------------------------
Resolution: Fixed
Done
> Improved feedback on Login failure
> ----------------------------------
>
> Key: JS2-239
> URL: http://issues.apache.org/jira/browse/JS2-239
> Project: Jetspeed 2
> Type: Improvement
> Components: Security
> Versions: 2.0-M2
> Reporter: Ate Douma
> Assignee: Ate Douma
> Priority: Minor
> Fix For: 2.0-M3
>
> The LoginPortlet currently displays a simple error message on a failed login.
> Although the number of invalid attempts is displayed it's confusing because that is *not* related to the
> number of authenticationFailures for a specific UserPrincipal.
> I'll provide a new LoginValidationValve implementation which checks if an failed login attempt occurred.
> In that case, the real cause of the failure is determined and an errorCode is saved in the request so the
> LoginPortlet can provide a sensible response to the user.
> These error codes are defined in the LoginConstants interface and with the i18n language bundle already used
> by the LoginPortlet the required message to be displayed can be looked up.
> If the InternalPasswordCredentialStateHandlingInterceptor is used (as it is in the default configuration), its maxNumberOfLoginFailureAttempts can be passed on to the LoginValidationValve implementation to allow
> warning message to the user when only one last login attempt is possible before the PasswordCredential will
> be disabled.
> To be able to give this feedback, the PasswordCredential interface will be extended (as well as the default
> implementation) to include the authenticationFailures from the InternalCredential.
> This solution will provide at least one part of the JS2-215 issue (more/correct feedback on login failures).
> The other features or JS2-215 (email notification, disabled account creation by an end user itself) still have to be addressed though.
> The LoginConstants interface currently is defined in the Jetspeed commons project and I'm going to move it
> to the Jetspeed-API project as I think it really belongs there. This shouldn't have any impact on any
> custom login implementation as that would need the Jetspeed-API already too.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org