portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <...@douma.nu>
Subject [J2] New JS2-151 feature: password history implemented
Date Fri, 12 Nov 2004 03:22:20 GMT
I've just committed another JS2-151 feature:
3) keeping a history (queue) of previously used password and preventing a user to reuse one
from this queue (with a configurable queue size)

Implementation class: org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor

I've configured a default test history of 3, meaning a new password has to be different from
the last three,
but only when set through the Change Password Portlet.

If the User Management Portlet is used to set a new password, the value isn't checked against
the history (although history is maintained). 
This is to allow a administrator to set a new password (for example when a user expired its
own password by failing to use the correct 
password three times in a row), even if that password was used before in the saved history
(like a 'default' password which must be
changed on first use).

Regards, Ate

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message