portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject SSO PasswordCredential Question
Date Mon, 09 Feb 2009 09:41:45 GMT

In SSOManagerImpl.setPassword(), we invoke 
PasswordCredential.setPassword(xxx, false) from 
TestSSOManager.testCredentials() and then requery the password later in 
the test to see if it has changed.

This works fine with OBJ, but with JPA I get the same PasswordCredential 
instance back on the requery because it is in an 
'Extended'/'Conversational' transaction. As a result, the 'new password 
set' transient tracking in PrincipalCredentialImpl is active and is as 
if the user just set the password. This means that the 
PasswordCredential.getPassword() returns the previous password value and 
the test fails.

I am wondering if immediately after the PasswordCredential.setPassword() 
call the SSOManagetImpl.setPassword() method should invoke 
PasswordCredential.clearNewPasswordSet()? That seems like it might make 
sense in this case since we're forcing a password change, no?


To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message