You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2017/12/01 00:59:50 UTC
svn commit: r1816785 - in /portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed: security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java serializer/JetspeedSecuritySerializer.java

Author: taylor
Date: Fri Dec  1 00:59:49 2017
New Revision: 1816785

URL: http://svn.apache.org/viewvc?rev=1816785&view=rev
Log:
JS2-1358: password validator order broken when new password credentials. When migrating security credentials, handle updating of password

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/serializer/JetspeedSecuritySerializer.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1816785&r1=1816784&r2=1816785&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java Fri Dec  1 00:59:49 2017
@@ -156,6 +156,16 @@ public class UserPasswordCredentialPolic
             String newPassword = null;
             if (credential.getNewPassword() != null)
             {
+                if (validator != null)
+                {
+                    if (!authenticated)
+                    {
+                        // Note: authenticated is also forced set to true during synchronization like from Ldap
+                        // this might means the initial password isn't valid, but needs to be accepted anyway
+                        // but will be forced to be changed after first login.
+                        validator.validate(credential.getNewPassword());
+                    }
+                }
                 if (credential.getOldPassword() != null && !authenticated)
                 {
                     String validatingOldPassword = credential.getOldPassword();
@@ -176,16 +186,6 @@ public class UserPasswordCredentialPolic
                     }
                     authenticated = true;
                 }
-                if (validator != null)
-                {
-                    if (!authenticated)
-                    {
-                        // Note: authenticated is also forced set to true during synchronization like from Ldap
-                        // this might means the initial password isn't valid, but needs to be accepted anyway
-                        // but will be forced to be changed after first login.
-                        validator.validate(credential.getNewPassword());
-                    }
-                }
                 newPassword = credential.getNewPassword();
                 if (encoder != null)
                 {

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/serializer/JetspeedSecuritySerializer.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/serializer/JetspeedSecuritySerializer.java?rev=1816785&r1=1816784&r2=1816785&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/serializer/JetspeedSecuritySerializer.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/serializer/JetspeedSecuritySerializer.java Fri Dec  1 00:59:49 2017
@@ -423,6 +423,21 @@ public class JetspeedSecuritySerializer
                         }
                         log.debug("add User done ");
                     }
+                    // DST: 2017-04-28
+                    else { // existing user needs password updated
+                        if (doPwData) {
+                            String pwdString = (jsuser.getPwDataValue("password"));
+                            char [] pwdChars = (pwdString != null ? pwdString.toCharArray() : null);
+                            String password = recreatePassword(pwdChars);
+                            if (password != null && password.length() > 0)
+                            {
+                                PasswordCredential pwc = userManager.getPasswordCredential(user);
+                                pwc.setPassword(password, (passwordEncoding == JetspeedSerializer.PASSTHRU_REQUIRED));
+                                log.debug("updating password for User " + jsuser.getName());
+                                userManager.storePasswordCredential(pwc);
+                            }
+                        }
+                    }
                     if (doPwData)
                     {
                         try



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org