portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Updated: (JS2-215) security email extensions: password reminder/user creation
Date Mon, 21 Nov 2005 20:30:41 GMT
     [ http://issues.apache.org/jira/browse/JS2-215?page=all ]

David Sean Taylor updated JS2-215:
----------------------------------

    Version: 2.0-FINAL
                 (was: 2.0-M1)

Randy,

I've built in some infrastructure for the two portlets you required:
1. ForgottenPasswordPortlet
2. UserRegistrationPortlet

Added components:
1. Spring email
2. PortalAdministration (registration, email merging, password generation apis)

Will be checking these components in later today under JS2-215 general development.
Additionally, I will check in the Java code for both of this portlets (not completed) and
will continue work on these portlets
over the next day or so. Hope to have this ready for you by then.


> security email extensions: password reminder/user creation
> ----------------------------------------------------------
>
>          Key: JS2-215
>          URL: http://issues.apache.org/jira/browse/JS2-215
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Versions: 2.0-FINAL
>     Reporter: Randy Watler
>     Assignee: David Sean Taylor
>      Fix For: 2.0-FINAL

>
> From  "Ate Douma" <ate@douma.nu>
> Subject  Re: More Login/Security Enhancements
> Date  Sun, February 20, 2005 1:44 pm
> To  "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org>
> Randy Watler wrote:
> > Ate/All,
> > 
> > I have these additional Login/Security requirements that have made there 
> > way into a formal requirements process for our portal implementation:
> > 
> > - Send email to end user for forgotten passwords, (offered on failed 
> > login attempts if user email address known).
> +1
> > - Ability of a non-authenticated end user to create and populate a 
> > disabled user account to be enabled later by admin/moderator, (includes 
> > automatic email notification of the request and approved/denied messages 
> > if user email address known).
> +1
> > 
> > I think these features are fairly typical for most sites requiring end 
> > user authentication. Is there any interest in, (or objections to), these 
> > features being added to J2 proper? If there is interest, I will generate 
> > a JIRA issue and we can see if there are other similar capabilities that 
> > can be added at the same time.
> +1
> I myself have been asked by my client to provide more/correct feedback to
> a user trying to login but whose account already has been disabled (too many
> failed login attempts). The current functionality clearly isn't giving
> good feedback at all. The problem to do this better though is that there
> isn't a formal way to communicate information back *through* the JAAS implementation
> (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own
> channel or such for that.
> > 
> > Thanks!
> > 
> > Randy

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message