Return-Path: Delivered-To: apmail-jakarta-jetspeed-dev-archive@www.apache.org Received: (qmail 8938 invoked from network); 4 Sep 2004 06:14:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 4 Sep 2004 06:14:18 -0000 Received: (qmail 76138 invoked by uid 500); 4 Sep 2004 06:14:02 -0000 Delivered-To: apmail-jakarta-jetspeed-dev-archive@jakarta.apache.org Received: (qmail 76072 invoked by uid 500); 4 Sep 2004 06:14:01 -0000 Mailing-List: contact jetspeed-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Jetspeed Developers List" Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@jakarta.apache.org Received: (qmail 76059 invoked by uid 99); 4 Sep 2004 06:14:01 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.18.33.10] (HELO exchange.sun.com) (192.18.33.10) by apache.org (qpsmtpd/0.28) with SMTP; Fri, 03 Sep 2004 23:13:59 -0700 Received: (qmail 6417 invoked from network); 4 Sep 2004 06:15:42 -0000 Received: from localhost (HELO nagoya) (127.0.0.1) by nagoya.betaversion.org with SMTP; 4 Sep 2004 06:15:42 -0000 Message-ID: <1921291209.1094278542732.JavaMail.apache@nagoya> Date: Fri, 3 Sep 2004 23:15:42 -0700 (PDT) From: jetspeed-dev@jakarta.apache.org To: jetspeed-dev@jakarta.apache.org Subject: [jira] Commented: (JS1-516) UserUpdateAction re-encrypts encrypted password when secure.passwords=true In-Reply-To: <964505028.1094246157634.JavaMail.apache@nagoya> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N The following comment has been added to this issue: Author: Jaq Marit Created: Fri, 3 Sep 2004 11:14 PM Body: Has this been fixed by the latest CVS? I think this is still a problem with JS1.6-dev. --------------------------------------------------------------------- View this comment: http://issues.apache.org/jira/browse/JS1-516?page=comments#action_52820 --------------------------------------------------------------------- View the issue: http://issues.apache.org/jira/browse/JS1-516 Here is an overview of the issue: --------------------------------------------------------------------- Key: JS1-516 Summary: UserUpdateAction re-encrypts encrypted password when secure.passwords=true Type: Bug Status: Unassigned Priority: Major Project: Jetspeed Components: Security Versions: 1.5 Assignee: Reporter: Arthur D'Alessandro Created: Fri, 3 Sep 2004 2:14 PM Updated: Fri, 3 Sep 2004 11:14 PM Environment: Database: Postgres JVM: J2DSK 1.4.02_04 OS: Redhat 9.x/Windows XPSP2 Description: UserUpdateAction re-encrypts encrypted password when secure.passwords=true Thus making the edit user capability unusable unless the purpose was to also reset the password. I've been throwing around something simple, such as: services.JetspeedSecurity.secure.passwords.allowblank=true|false UserUpdateAction.doUpdate: Null password is ok, depending on if secure.passwords=true { if (password != null) { forcePassword(user,password) } else { if secure.passwords.allowblank { if (unsetpassword) { forcePassword(user,"") } } else { // Skip, no changes } } } Modify user-form.vm, add a checkbox next to password (if secure.passwords.allowblank=true) eg, Unset Password --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org