portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Elyse Badr" <elyse.b...@gotocme.com>
Subject Jetspeed 2.3.0 - Enabling password validation - Request for support - Urgent
Date Thu, 13 Jul 2017 04:57:10 GMT
Hi Support team,

 

We are using Jetspeed 2.3.0 to deploy our set of portlets applications. I am
sharing a problem I am facing in order to provide me with help or hints.

We would like to enable password validation rules that are already supported
by Jetspeed security.

 

We would like to enable the following rules:

 

*	Set min & max character, alphanumeric count for passwords
*	Set password age [90 days]
*	Set count of password history [last 5 passwords]
*	Set notification period for password change reminder

 

I uncommented some sections in
Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\security-spi-atn.xml and
Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\alternate\credentials\max-p
assword-auth.xml but nothing was happening.

I did the same and nothing happened too. 

 

I made some research with no luck as no documentation or question related to
this topic. In Jetspeed documentation link
<https://portals.apache.org/jetspeed-2/deployguide/security-config.html#secu
rity-spi-atn_xml>  they provide a sample config which is not working too. I
am getting 

	
java.lang.ClassNotFoundException:
org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptors
Proxy

Although the jar jetspeed-security is present in the lib folder of the same
location: Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\lib

After investigations, it turned out that the sample configuration defined in
Jetspeed 2 documentation link
<https://portals.apache.org/jetspeed-2/deployguide/security-config.html#secu
rity-spi-atn_xml>  for security-spi-atn.xml, is referencing classes not
present in  Jetspeed jars probably belonging to older versions of Jetspeed
(1):

 



 

 



 

 

I even downloaded 2.3.1 and found out it has the same problem. 

 

I had to decompile the jetspeed-security-2.3.0 jar to get some equivalent
names of some implementations. I created my own security-spi-atn.xml,
Jetspeed did start successfully, however the validation rules are not
applied, and I can try incorrect login password for several times.

Please find attached my new configuration file and advice.

 

Awaiting your reply.

Thanks in advance.

 

Thanks,

 

Elyse BADR
Software Engineer, CME

(O)+961-01-389-392, (M) +961-03-533-179 

 <mailto:elyse.badr@gotocme.com> elyse.badr@gotocme.com

 

 


Mime
View raw message