jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (JCR-3140) Add configurable hook for password validation
Date Wed, 09 Nov 2011 08:53:51 GMT

     [ https://issues.apache.org/jira/browse/JCR-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

angela resolved JCR-3140.
-------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 2.4)
                   2.3.3

slightly redefined the authorizableaction interface. it now covers the following
user/group operations:

- createUser
- createGroup
- remove (authorizable)
- changePassword

jackrabbit-core currently provides the following example implementations:

- ClearMembership: removes group membership before removing an authorizable
- AccessControl: upon creation sets up permissions for a new user/group on the corresponding
node (configurable set of privileges for users and groups)
- PasswordValidation: simple password validation upon createUser and changePassword based
on a configured regexp.

the desired set of validation actions needs to be configured with the UserManagement section
in the security configuration by optionally adding one or multiple <AuthorizableAction
class="" /> elements. the actions will be called according to the order within the configuration.
                
> Add configurable hook for password validation
> ---------------------------------------------
>
>                 Key: JCR-3140
>                 URL: https://issues.apache.org/jira/browse/JCR-3140
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>            Priority: Minor
>             Fix For: 2.3.3
>
>
> it's a common use case that applications would like to enforce additional logic associated
with 
> changing a user password. currently this can only be achieved by using a derived user
implementation.
> by extending the functionality added with JCR-3118 it was fairly trivial to provide a
hook for those
> custom password validation checks, writing password expiration date etc.etc. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message