Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-548

Extending password policy to require alternate characters (eg 2 numbers along with 4 letters) will fail on auto-password generation for new user registration

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0-FINAL
    • Fix Version/s: 2.2.1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      All environments

      Description

      The class org.apache.jetspeed.administration.AdminUtil in the Portal component has a generatePassword method that is used by the registration portlet to create an auto-generated password for new user registration. However that funtionality doesn't take into account any additional password policy requirements, for example requiring at least 2 numbers in addition to several letters, in this case, probability allows for a high success rate on succesfully generating proper passwords, but sometimes it will fail generating a password without any numbers. Additionally, the password policy to require a "funny" character #$@% will never allow a generated password to be created, because those characters are not in the password seed set. Eventually it would be nice to expose the password policy to the administration bean and generate new passwords with the password policy configuration in mind.

        Attachments

          Activity

            People

            • Assignee:
              adouma Ate Douma
              Reporter:
              sveesible1 Brad Svee
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: