portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Created: (JS2-239) Improved feedback on Login failure
Date Sun, 24 Apr 2005 11:11:24 GMT
Improved feedback on Login failure
----------------------------------

         Key: JS2-239
         URL: http://issues.apache.org/jira/browse/JS2-239
     Project: Jetspeed 2
        Type: Improvement
  Components: Security  
    Versions: 2.0-M2    
    Reporter: Ate Douma
 Assigned to: Ate Douma 
    Priority: Minor
     Fix For: 2.0-M3


The LoginPortlet currently displays a simple error message on a failed login.
Although the number of invalid attempts is displayed it's confusing because that is *not*
related to the
number of authenticationFailures for a specific UserPrincipal.

I'll provide a new LoginValidationValve implementation which checks if an failed login attempt
occurred.
In that case, the real cause of the failure is determined and an errorCode is saved in the
request so the
LoginPortlet can provide a sensible response to the user.
These error codes are defined in the LoginConstants interface and with the i18n language bundle
already used
by the LoginPortlet the required message to be displayed can be looked up.

If the InternalPasswordCredentialStateHandlingInterceptor is used (as it is in the default
configuration), its  maxNumberOfLoginFailureAttempts can be passed on to the LoginValidationValve
implementation to allow
warning message to the user when only one last login attempt is possible before the PasswordCredential
will
be disabled.
To be able to give this feedback, the PasswordCredential interface will be extended (as well
as the default
implementation) to include the authenticationFailures from the InternalCredential.

This solution will provide at least one part of the JS2-215 issue (more/correct feedback on
login failures).
The other features or JS2-215 (email notification, disabled account creation by an end user
itself) still have to be addressed though.

The LoginConstants interface currently is defined in the Jetspeed commons project and I'm
going to move it
to the Jetspeed-API project as I think it really belongs there. This shouldn't have any impact
on any 
custom login implementation as that would need the Jetspeed-API already too.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message