portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r1101694 - /portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
Date Wed, 11 May 2011 00:31:25 GMT
Author: ate
Date: Wed May 11 00:31:25 2011
New Revision: 1101694

URL: http://svn.apache.org/viewvc?rev=1101694&view=rev
Log:
JS2-1251: Only (should) validate new user credential password when not synchronizing like
from Ldap

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1101694&r1=1101693&r2=1101694&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
Wed May 11 00:31:25 2011
@@ -173,7 +173,13 @@ public class UserPasswordCredentialPolic
                 }
                 if (validator != null)
                 {
-                    validator.validate(credential.getNewPassword());
+                    if (!authenticated)
+                    {
+                        // Note: authenticated is also forced set to true during synchronization
like from Ldap
+                        // this might means the initial password isn't valid, but needs to
be accepted anyway
+                        // but will be forced to be changed after first login.
+                        validator.validate(credential.getNewPassword());
+                    }
                 }
                 newPassword = credential.getNewPassword();
                 if (encoder != null)



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message