portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "elise badr (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] [Created] (JS2-1358) Password validations failing in several screens
Date Tue, 18 Jul 2017 05:41:00 GMT
elise badr created JS2-1358:
-------------------------------

             Summary: Password validations failing in several screens
                 Key: JS2-1358
                 URL: https://issues.apache.org/jira/browse/JS2-1358
             Project: Jetspeed 2
          Issue Type: Bug
          Components: Admin Portlets
    Affects Versions: 2.3.0
         Environment: Windows 
            Reporter: elise badr
         Attachments: security-spi-atn.xml

When putting the attached security-spi-atn.xml in the Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override
folder and tested this from 4 different features:

1. The Change Password portlet - There is a bug here, and it fails to validate,
and allows the user to set an invalid password
2. The Old User Manager - (user edit from admin) - was able to use unaccepted password format
3. The New User Manager - There is a bug here, and it fails to validate, and allows the user
to set an invalid password
4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with me couldn't test
due to the following exception:

   [Failed to add user.org.apache.jetspeed.administration.AdministrationEmailException: Failed
to send forgotten password email to user with email address because Mail server connection
failed; nested exception is javax.mail.MessagingException: Connection error (java.net.SocketException:
Network is unreachable: connect). Failed messages: javax.mail.MessagingException: Connection
error (java.net.SocketException: Network is unreachable: connect)]

* In addition to the above, we have the wrong password retry not working using the following
config:

 <!-- Automatically disable a password after 3 invalid authentication attempts in a row
--> 
         <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
           <constructor-arg index="0"><value>3</value></constructor-arg>
      
         </bean>

<!-- remember the last 3 passwords used and require a new password to be different from
those -->
         <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
           <constructor-arg index="0"><value>3</value></constructor-arg>
      
         </bean>

* Password hsitory feature not working with the following config:
<!-- remember the last 3 passwords used and require a new password to be different from
those -->
         <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
           <constructor-arg index="0"><value>3</value></constructor-arg>
      
         </bean>

* Not tested: password expiry using following config:
<!-- Automatically expire a password after 60 days -->
         <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
           <constructor-arg index="0"><value>60</value></constructor-arg>
      
         </bean>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message