jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: block user and password change policy
Date Wed, 04 Aug 2010 09:30:08 GMT
hi

> i'm trying to implement these charecteristics:
> - block a user after 5 wrong passwords
> - force the user to change the password after a number of days
> 
> i've a full java application in front of the repository, so i don't need to
> implement every thing inside the securityManager.
> 
> i've thought in creating a mix:securityRestrictions and apply it to the user
> node but this is not possible due to the user node is protected.

you are on talking about jackrabbit < 2.x, right?
as of jr 2.0 the user node isn't protected any more.

but if i'm not mistaken you should be able to create child
items below the user node that would store the required
information.

apart from that: to me it looks a bit problematic if your
block is only enforced by your app and not by the repository
itself... if i was you, i would enforce that in the login
module [that's what i plan to do for the disable-user
functionality see JCR-2635].

regards
angela

> any hint implementing this in jackrabbi?
> 
> 
> thx
> 


Mime
View raw message