On 11 February 2012 00:58, Christophe Laprun <claprun@redhat.com> wrote:

On Feb 3, 2012, at 6:04 AM, Trong Tran wrote:

> On 2 February 2012 21:22, Boleslaw Dawidowicz <boleslaw.dawidowicz@gmail.com> wrote:
>
> On Feb 2, 2012, at 12:09 PM, Christophe Laprun wrote:
>
> >
> > On Feb 2, 2012, at 9:11 AM, Trong Tran wrote:
> >
> >> I just created documentation JIRA issue for username validation https://issues.jboss.org/browse/GTNPORTAL-2345. All current rules are described in Description part
> >
> > Thank you. However, I would like to know the reason behind these rules (as I could infer them reading the code for UsernameValidator). My original question was more about why these rules are in place as opposed to what are they. In particular, are these rules needed by other GateIn and/or eXo components? Can we remove all these rules without issues?
>
> Trong thanks for the start however Chris is right - we need to provide some context also. I understand that it can be hard to track all requirements but if we provide users configuration capabilities they need some clear info if those are hard constraints or not. Basically we need to agree if putting less restrictive validation can cause issues on JCR/DB level or not. What do you think?
>
> I can't remember exactly why these rules are in place. The reasons I can see in my mind now are :
>
> - It bases on *common* rules used in most of websites
> - Some are needed for eXo components. For instance, username must be in lower cases and it is needed for eXo Chat feature which requires username in case-insensitive.

Why is it the case? Again, where are these rules documented?

eXo Chat relies on Openfire server which does not support usename in case-sensitive.
 

> - I'm not sure but I don't think JCR/DB level is the issue. Even if yes, we could handle it somehow in particular Organization service implementation by itself
>
> Personally I do think we can put less restriction as long as they are reasonable, users configuration capabilities and documented. The other parts could adapt somehow to be suitable with new rules.

The problem is that there won't be any "new" rules: users will be allowed to choose whatever user name format they want unless there are some valid reasons not to do so. However, since there aren't currently any documentation as to what a valid user name is, it will be up to components to make sure they can work with arbitrary user names.

Cordialement / Best,
Chris

==
Principal Software Engineer / JBoss Enterprise Middleware Red Hat, Inc.
Follow GateIn: http://blog.gatein.org / http://twitter.com/gatein
Follow me: http://metacosm.info/metacosm / http://twitter.com/metacosm




--
Tran The Trong
eXo Platform SEA