portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r291019 - in /portals/jetspeed-2/trunk: components/security/src/java/org/apache/jetspeed/security/spi/impl/ src/webapp/WEB-INF/assembly/
Date Thu, 22 Sep 2005 21:39:56 GMT
Author: ate
Date: Thu Sep 22 14:39:44 2005
New Revision: 291019

URL: http://svn.apache.org/viewcvs?rev=291019&view=rev
Log:
Implementation of http://issues.apache.org/jira/browse/JS2-372:
  Simplify default Jetspeed password credential security configuration
With this simplification, the old complex password credential interceptors are no longer in
use.
Furthermore, the new atomic interceptors as provided with JS2-359 fully replace their functionality.
Therefore, these old interceptors are now removed because keeping these two separate sets
of interceptors in sync is not very useful.
Note: the new interceptors already contain several (minor) fixes.

Removed:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialHistoryHandlingInterceptor.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java
Modified:
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/security-spi-atn.xml

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml?rev=291019&r1=291018&r2=291019&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml Thu Sep 22 14:39:44
2005
@@ -54,31 +54,12 @@
   <bean id="passwordCredentialValve"
         class="org.apache.jetspeed.security.impl.PasswordCredentialValveImpl"
         init-method="initialize"
-  >
-   <constructor-arg>
-     <!-- expirationWarningDays -->
-     <list>
-       <value>2</value>
-       <value>3</value>
-       <value>7</value>
-     </list>
-   </constructor-arg>
-  </bean> 
+  />
   
   <bean id="loginValidationValve"
         class="org.apache.jetspeed.security.impl.LoginValidationValveImpl"
         init-method="initialize"
-  >
-    <!-- maxNumberOfAuthenticationFailures
-         This value should be in sync with the value for
-         org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor
-         (if used) to make sense.
-         Any value < 2 will suppress the LoginConststants.ERROR_FINAL_LOGIN_ATTEMPT
-         error code when one one last attempt is possible before the credential
-         will be disabled on failure.
-    -->
-    <constructor-arg index="0"><value>3</value></constructor-arg>
 
-  </bean> 
+  />
   
   <bean id="profilerValve"
         class="org.apache.jetspeed.profiler.impl.ProfilerValveImpl"

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/security-spi-atn.xml?rev=291019&r1=291018&r2=291019&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/security-spi-atn.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/security-spi-atn.xml Thu Sep 22 14:39:44
2005
@@ -18,9 +18,12 @@
 <beans>
 
   <!-- ************** Security SPI Handlers ************** -->
+
+  <!-- require a non-empty password -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
        class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
 
+  <!-- MessageDigest encode passwords using SHA-1 -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
        class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
        <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
      
@@ -32,14 +35,18 @@
        <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"/></constructor-arg>
      
   </bean>       
 
-  <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" 
-       class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
-       <!-- maxNumberOfAuthenticationFailures -->
-       <constructor-arg index="0"><value>3</value></constructor-arg>
 
-       <!-- maxLifeSpanInDays -->     
-       <constructor-arg index="1"><value>60</value></constructor-arg>
      
-       <!-- historySize -->     
-       <constructor-arg index="2"><value>3</value></constructor-arg>
      
+  <!-- allow multiple InternalPasswordCredentialInterceptors to be used for DefaultCredentialHandler
--> 
+  <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+       class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy">
+       <constructor-arg index="0">
+         <list>
+           <!-- enforce an invalid preset password value in the persisent store is required
to be changed -->
+           <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"/>
+
+           <!-- ensure preset cleartext passwords in the persistent store  will be encoded
on first use -->
+           <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"/>
+         </list>
+       </constructor-arg>
   </bean>
 
   <!-- Security SPI: CredentialHandler -->



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message