portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Dam" <d....@onehippo.com>
Subject RE: SSO PasswordCredential Question
Date Mon, 09 Feb 2009 13:18:32 GMT

Hi Randi,

it's fine by me if you don't have other options. I guess you can't (or don't want to) force
a write-through of the password, and discard the transient credential?

regards,
Dennis

-----Oorspronkelijk bericht-----
Van: Randy Watler [mailto:watler@wispertel.net]
Verzonden: ma 9-2-2009 10:41
Aan: Jetspeed Developers List
Onderwerp: SSO PasswordCredential Question
 
Ate/Dennis,

In SSOManagerImpl.setPassword(), we invoke 
PasswordCredential.setPassword(xxx, false) from 
TestSSOManager.testCredentials() and then requery the password later in 
the test to see if it has changed.

This works fine with OBJ, but with JPA I get the same PasswordCredential 
instance back on the requery because it is in an 
'Extended'/'Conversational' transaction. As a result, the 'new password 
set' transient tracking in PrincipalCredentialImpl is active and is as 
if the user just set the password. This means that the 
PasswordCredential.getPassword() returns the previous password value and 
the test fails.

I am wondering if immediately after the PasswordCredential.setPassword() 
call the SSOManagetImpl.setPassword() method should invoke 
PasswordCredential.clearNewPasswordSet()? That seems like it might make 
sense in this case since we're forcing a password change, no?

Randy


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org





Mime
View raw message