Jetspeed 2
  1. Jetspeed 2
  2. JS2-548

Extending password policy to require alternate characters (eg 2 numbers along with 4 letters) will fail on auto-password generation for new user registration

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0-FINAL
    • Fix Version/s: 2.2.1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      All environments

      Description

      The class org.apache.jetspeed.administration.AdminUtil in the Portal component has a generatePassword method that is used by the registration portlet to create an auto-generated password for new user registration. However that funtionality doesn't take into account any additional password policy requirements, for example requiring at least 2 numbers in addition to several letters, in this case, probability allows for a high success rate on succesfully generating proper passwords, but sometimes it will fail generating a password without any numbers. Additionally, the password policy to require a "funny" character #$@% will never allow a generated password to be created, because those characters are not in the password seed set. Eventually it would be nice to expose the password policy to the administration bean and generate new passwords with the password policy configuration in mind.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Ate Douma
            Reporter:
            Brad Svee
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development