Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-1358

Password validations failing in several screens

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.3.2
    • Component/s: Admin Portlets
    • Environment:
      Windows

      Description

      When putting the attached security-spi-atn.xml in the Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override folder and tested this from 4 different features:

      1. The Change Password portlet - There is a bug here, and it fails to validate,
      and allows the user to set an invalid password
      2. The Old User Manager - (user edit from admin) - was able to use unaccepted password format
      3. The New User Manager - There is a bug here, and it fails to validate, and allows the user
      to set an invalid password
      4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with me couldn't test due to the following exception:

      [Failed to add user.org.apache.jetspeed.administration.AdministrationEmailException: Failed to send forgotten password email to user with email address because Mail server connection failed; nested exception is javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect). Failed messages: javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect)]

      • In addition to the above, we have the wrong password retry not working using the following config:

      <!-- Automatically disable a password after 3 invalid authentication attempts in a row -->
      <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
      <constructor-arg index="0"><value>3</value></constructor-arg>
      </bean>

      <!-- remember the last 3 passwords used and require a new password to be different from those -->
      <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
      <constructor-arg index="0"><value>3</value></constructor-arg>
      </bean>

      • Password hsitory feature not working with the following config:
        <!-- remember the last 3 passwords used and require a new password to be different from those -->
        <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
        <constructor-arg index="0"><value>3</value></constructor-arg>
        </bean>
      • Not tested: password expiry using following config:
        <!-- Automatically expire a password after 60 days -->
        <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
        <constructor-arg index="0"><value>60</value></constructor-arg>
        </bean>

        Attachments

        1. security-spi-atn.xml
          9 kB
          elise badr

          Activity

            People

            • Assignee:
              taylor David Sean Taylor
              Reporter:
              elise.badr.cme elise badr
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: