portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Resolved: (JS2-215) security email extensions: password reminder/user creation
Date Mon, 05 Dec 2005 18:48:08 GMT
     [ http://issues.apache.org/jira/browse/JS2-215?page=all ]
     
David Sean Taylor resolved JS2-215:
-----------------------------------

    Resolution: Fixed

All features required by 2.0 in place.

> security email extensions: password reminder/user creation
> ----------------------------------------------------------
>
>          Key: JS2-215
>          URL: http://issues.apache.org/jira/browse/JS2-215
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Versions: 2.0-FINAL
>     Reporter: Randy Watler
>     Assignee: David Sean Taylor
>      Fix For: 2.0-FINAL

>
> From  "Ate Douma" <ate@douma.nu>
> Subject  Re: More Login/Security Enhancements
> Date  Sun, February 20, 2005 1:44 pm
> To  "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org>
> Randy Watler wrote:
> > Ate/All,
> > 
> > I have these additional Login/Security requirements that have made there 
> > way into a formal requirements process for our portal implementation:
> > 
> > - Send email to end user for forgotten passwords, (offered on failed 
> > login attempts if user email address known).
> +1
> > - Ability of a non-authenticated end user to create and populate a 
> > disabled user account to be enabled later by admin/moderator, (includes 
> > automatic email notification of the request and approved/denied messages 
> > if user email address known).
> +1
> > 
> > I think these features are fairly typical for most sites requiring end 
> > user authentication. Is there any interest in, (or objections to), these 
> > features being added to J2 proper? If there is interest, I will generate 
> > a JIRA issue and we can see if there are other similar capabilities that 
> > can be added at the same time.
> +1
> I myself have been asked by my client to provide more/correct feedback to
> a user trying to login but whose account already has been disabled (too many
> failed login attempts). The current functionality clearly isn't giving
> good feedback at all. The problem to do this better though is that there
> isn't a formal way to communicate information back *through* the JAAS implementation
> (i.e. the Tomcat JAASRealm) to the client (J2). We need to provide our own
> channel or such for that.
> > 
> > Thanks!
> > 
> > Randy

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message