portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Closed: (JS2-239) Improved feedback on Login failure
Date Sun, 24 Apr 2005 12:50:23 GMT
     [ http://issues.apache.org/jira/browse/JS2-239?page=all ]
Ate Douma closed JS2-239:

    Resolution: Fixed


> Improved feedback on Login failure
> ----------------------------------
>          Key: JS2-239
>          URL: http://issues.apache.org/jira/browse/JS2-239
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Versions: 2.0-M2
>     Reporter: Ate Douma
>     Assignee: Ate Douma
>     Priority: Minor
>      Fix For: 2.0-M3

> The LoginPortlet currently displays a simple error message on a failed login.
> Although the number of invalid attempts is displayed it's confusing because that is *not*
related to the
> number of authenticationFailures for a specific UserPrincipal.
> I'll provide a new LoginValidationValve implementation which checks if an failed login
attempt occurred.
> In that case, the real cause of the failure is determined and an errorCode is saved in
the request so the
> LoginPortlet can provide a sensible response to the user.
> These error codes are defined in the LoginConstants interface and with the i18n language
bundle already used
> by the LoginPortlet the required message to be displayed can be looked up.
> If the InternalPasswordCredentialStateHandlingInterceptor is used (as it is in the default
configuration), its  maxNumberOfLoginFailureAttempts can be passed on to the LoginValidationValve
implementation to allow
> warning message to the user when only one last login attempt is possible before the PasswordCredential
> be disabled.
> To be able to give this feedback, the PasswordCredential interface will be extended (as
well as the default
> implementation) to include the authenticationFailures from the InternalCredential.
> This solution will provide at least one part of the JS2-215 issue (more/correct feedback
on login failures).
> The other features or JS2-215 (email notification, disabled account creation by an end
user itself) still have to be addressed though.
> The LoginConstants interface currently is defined in the Jetspeed commons project and
I'm going to move it
> to the Jetspeed-API project as I think it really belongs there. This shouldn't have any
impact on any 
> custom login implementation as that would need the Jetspeed-API already too.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message