Author: taylor
Date: Tue Jul 7 01:07:10 2015
New Revision: 1689546
URL: http://svn.apache.org/r1689546
Log:
JS2-1330: fixing bug in Password Credential Policy. Providing examples of using
Credential interceptors that are not configured out of box
Added:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/max-password-auth.xml
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1689546&r1=1689545&r2=1689546&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
Tue Jul 7 01:07:10 2015
@@ -17,10 +17,6 @@
package org.apache.jetspeed.security.spi.impl;
-import java.sql.Timestamp;
-import java.util.Date;
-import java.util.List;
-
import org.apache.jetspeed.security.CredentialPasswordEncoder;
import org.apache.jetspeed.security.CredentialPasswordValidator;
import org.apache.jetspeed.security.InvalidPasswordException;
@@ -30,6 +26,10 @@ import org.apache.jetspeed.security.spi.
import org.apache.jetspeed.security.spi.PasswordCredentialInterceptor;
import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;
+import java.sql.Timestamp;
+import java.util.Date;
+import java.util.List;
+
/**
* @version $Id$
*
@@ -131,11 +131,6 @@ public class UserPasswordCredentialPolic
credential.setLastAuthenticationDate(new Timestamp(new
Date().getTime()));
update = true;
}
- else
- {
-
credential.setAuthenticationFailures(credential.getAuthenticationFailures()+1);
- }
-
return update;
}
Added:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/max-password-auth.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/max-password-auth.xml?rev=1689546&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/max-password-auth.xml
(added)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/max-password-auth.xml
Tue Jul 7 01:07:10 2015
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd";>
+ <bean id="loginValidationValve"
class="org.apache.jetspeed.security.impl.LoginValidationValveImpl"
+ init-method="initialize">
+ <meta key="j2:cat" value="default" />
+ <!-- remove (from the session) the following list of session
attributes upon login -->
+ <constructor-arg index="0"><value>3</value></constructor-arg>
+ <constructor-arg index="1">
+ <list>
+ <value>org.apache.jetspeed.powertool.actions</value>
+ </list>
+ </constructor-arg>
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"
+
class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0"
ref="org.apache.jetspeed.security.CredentialPasswordEncoder" />
+ <constructor-arg index="1"
ref="org.apache.jetspeed.security.CredentialPasswordValidator" />
+ <constructor-arg index="2">
+ <list>
+ <!-- enforce an invalid preset password value in the persisent
store is required to be changed -->
+ <bean
class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"
/>
+ <!-- ensure preset cleartext passwords in the persistent store
will be encoded on first use -->
+ <bean
class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"
/>
+
+ <bean
class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
+ <constructor-arg
index="0"><value>3</value></constructor-arg>
+ </bean>
+
+ <!-- set value in days for password expiration interceptor
+ <bean
class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
+ <constructor-arg
index="0"><value>30</value></constructor-arg>
+ </bean>
+ -->
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
