Uploaded image for project: 'Jetspeed 2 (Retired)'
  1. Jetspeed 2 (Retired)
  2. JS2-1358

Password validations failing in several screens

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.3.0
    • 2.3.2
    • Admin Portlets
    • Windows

    Description

      When putting the attached security-spi-atn.xml in the Jetspeed-2.3.0\webapps\jetspeed\WEB-INF\assembly\override folder and tested this from 4 different features:

      1. The Change Password portlet - There is a bug here, and it fails to validate,
      and allows the user to set an invalid password
      2. The Old User Manager - (user edit from admin) - was able to use unaccepted password format
      3. The New User Manager - There is a bug here, and it fails to validate, and allows the user
      to set an invalid password
      4. User Registration - worked fine with David Taylor (2.3.2 trunk) but with me couldn't test due to the following exception:

      [Failed to add user.org.apache.jetspeed.administration.AdministrationEmailException: Failed to send forgotten password email to user with email address because Mail server connection failed; nested exception is javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect). Failed messages: javax.mail.MessagingException: Connection error (java.net.SocketException: Network is unreachable: connect)]

      • In addition to the above, we have the wrong password retry not working using the following config:

      <!-- Automatically disable a password after 3 invalid authentication attempts in a row -->
      <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
      <constructor-arg index="0"><value>3</value></constructor-arg>
      </bean>

      <!-- remember the last 3 passwords used and require a new password to be different from those -->
      <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
      <constructor-arg index="0"><value>3</value></constructor-arg>
      </bean>

      • Password hsitory feature not working with the following config:
        <!-- remember the last 3 passwords used and require a new password to be different from those -->
        <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
        <constructor-arg index="0"><value>3</value></constructor-arg>
        </bean>
      • Not tested: password expiry using following config:
        <!-- Automatically expire a password after 60 days -->
        <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
        <constructor-arg index="0"><value>60</value></constructor-arg>
        </bean>

      Attachments

        1. security-spi-atn.xml
          9 kB
          elise badr

        Activity

          People

            taylor David Sean Taylor
            elise.badr.cme elise badr
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: