jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Klimetschek <aklim...@day.com>
Subject Re: block user and password change policy
Date Wed, 04 Aug 2010 09:34:15 GMT
On Wed, Aug 4, 2010 at 11:13, JOSE FELIX HERNANDEZ BARRIO
<jose.hernandez@isthari.com> wrote:
> hi,
>
> i'm trying to implement these charecteristics:
> - block a user after 5 wrong passwords
> - force the user to change the password after a number of days
>
> i've a full java application in front of the repository, so i don't need to
> implement every thing inside the securityManager.
>
> i've thought in creating a mix:securityRestrictions and apply it to the user
> node but this is not possible due to the user node is protected.
>
> any hint implementing this in jackrabbi?

You could have a custom LoginModule that does these additional checks
and throws some specifically marked exception that your application
can react on. This module would pass the actual check on to the
existing LoginModule, albeit I can't exactly tell you how to do that.

The LoginModule is a separate config, and is standard JAAS:
http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetschek@day.com

Mime
View raw message