[#JS2-215] security email extensions: password reminder/user creation

Jetspeed 2

security email extensions: password reminder/user creation

Created: 21/Feb/05 01:51 PM Updated: 06/Dec/05 03:47 AM

Return to search

Component/s:

Security

Affects Version/s:

2.0-FINAL

Fix Version/s:

2.0-FINAL

Time Tracking:

Not Specified

Issue Links:

Reference

This issue is related to:

~~JS2-239~~ Improved feedback on Login failure

Resolution Date:

06/Dec/05 03:47 AM

Description

« Hide

From "Ate Douma" <ate@douma.nu>
Subject Re: More Login/Security Enhancements
Date Sun, February 20, 2005 1:44 pm
To "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org>

Randy Watler wrote:
> Ate/All,
>
> I have these additional Login/Security requirements that have made there
> way into a formal requirements process for our portal implementation:
>
> - Send email to end user for forgotten passwords, (offered on failed
> login attempts if user email address known).
+1
> - Ability of a non-authenticated end user to create and populate a
> disabled user account to be enabled later by admin/moderator, (includes
> automatic email notification of the request and approved/denied messages
> if user email address known).
+1
>
> I think these features are fairly typical for most sites requiring end
> user authentication. Is there any interest in, (or objections to), these
> features being added to J2 proper? If there is interest, I will generate
> a JIRA issue and we can see if there are other similar capabilities that
> can be added at the same time.
+1

I myself have been asked by my client to provide more/correct feedback to
a user trying to login but whose account already has been disabled (too many
failed login attempts). The current functionality clearly isn't giving
good feedback at all. The problem to do this better though is that there
isn't a formal way to communicate information back *through* the JAAS implementation
(i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own
channel or such for that.

>
> Thanks!
>
> Randy

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Ate Douma made changes - 24/Apr/05 08:12 PM

Field	Original Value	New Value
Link		This issue is related to ~~JS2-239~~ [ ~~JS2-239~~ ]

Michael Lipp made changes - 31/Oct/05 09:27 PM

Description	From "Ate Douma" <ate@douma.nu> Subject Re: More Login/Security Enhancements Date Sun, February 20, 2005 1:44 pm To "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org> Randy Watler wrote: > Ate/All, > > I have these additional Login/Security requirements that have made there > way into a formal requirements process for our portal implementation: > > - Send email to end user for forgotten passwords, (offered on failed > login attempts if user email address known). +1 > - Ability of a non-authenticated end user to create and populate a > disabled user account to be enabled later by admin/moderator, (includes > automatic email notification of the request and approved/denied messages > if user email address known). +1 > > I think these features are fairly typical for most sites requiring end > user authentication. Is there any interest in, (or objections to), these > features being added to J2 proper? If there is interest, I will generate > a JIRA issue and we can see if there are other similar capabilities that > can be added at the same time. +1 I myself have been asked by my client to provide more/correct feedback to a user trying to login but whose account already has been disabled (too many failed login attempts). The current functionality clearly isn't giving good feedback at all. The problem to do this better though is that there isn't a formal way to communicate information back through the JAAS implementation (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own channel or such for that. > > Thanks! > > Randy	From "Ate Douma" <ate@douma.nu> Subject Re: More Login/Security Enhancements Date Sun, February 20, 2005 1:44 pm To "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org> Randy Watler wrote: > Ate/All, > > I have these additional Login/Security requirements that have made there > way into a formal requirements process for our portal implementation: > > - Send email to end user for forgotten passwords, (offered on failed > login attempts if user email address known). +1 > - Ability of a non-authenticated end user to create and populate a > disabled user account to be enabled later by admin/moderator, (includes > automatic email notification of the request and approved/denied messages > if user email address known). +1 > > I think these features are fairly typical for most sites requiring end > user authentication. Is there any interest in, (or objections to), these > features being added to J2 proper? If there is interest, I will generate > a JIRA issue and we can see if there are other similar capabilities that > can be added at the same time. +1 I myself have been asked by my client to provide more/correct feedback to a user trying to login but whose account already has been disabled (too many failed login attempts). The current functionality clearly isn't giving good feedback at all. The problem to do this better though is that there isn't a formal way to communicate information back through the JAAS implementation (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own channel or such for that. > > Thanks! > > Randy
Environment
Fix Version/s	2.0-M2 [ 11015 ]
Fix Version/s		2.0-FINAL [ 10940 ]

David Sean Taylor made changes - 22/Nov/05 05:24 AM

Assignee

David Sean Taylor [ taylor ]

David Sean Taylor made changes - 22/Nov/05 05:30 AM

Affects Version/s		2.0-FINAL [ 10940 ]
Affects Version/s	2.0-M1 [ 10931 ]

David Sean Taylor made changes - 06/Dec/05 03:47 AM

Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Resolved [ 5 ]