jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3577) Allow creation of users with 'null' password
Date Mon, 22 Apr 2013 06:43:16 GMT

    [ https://issues.apache.org/jira/browse/JCR-3577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13637795#comment-13637795

angela commented on JCR-3577:

as discussed offline this should be considered a back port of the changes made in the oak
therefor it should work the same way such that we don't change the behavior twice:

- creating users with null password should work
- changing a password back to null should not succeed

the corresponding test cases in OAK are:
- UserManagerTest#testCreateUserWithoutPassword
- UserManagerImpl#setPasswordNull
- UserValidatorTest#removePassword

can you confirm that this is the case?
> Allow creation of users with 'null' password
> --------------------------------------------
>                 Key: JCR-3577
>                 URL: https://issues.apache.org/jira/browse/JCR-3577
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core, security
>    Affects Versions: 2.6
>            Reporter: Lars Krapf
>            Priority: Trivial
>         Attachments: jr2_null_password_patch.txt
> In order to create of system-only users that can be impersonated but cannot actually
> the creation of users with 'null' passwords should be allowed.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message