[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1776) User.updatePassword() fails silently
Jon Whitmore (JIRA)
jira-events at lists.jboss.org
Wed Oct 31 14:29:44 EDT 2007
User.updatePassword() fails silently
------------------------------------
Key: JBPORTAL-1776
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1776
Project: JBoss Portal
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: Portal Identity, Portal Security
Affects Versions: 2.6.2 Final
Environment: XP, portal 2.6.2, AS 4.2.2.GA, authenticating against LDAP with org.jboss.security.auth.spi.LdapExtLoginModule
Reporter: Jon Whitmore
The method updatePassword() on org.jboss.portal.identity.User offers the user no information as to the success or failure of the operation. The method can fail if the password offered is not strong enough for the authenticating authority behind the LoginModule.
I'm requesting that the method at least return a boolean to indicate success or failure. A more descriptive return code would be even better.
My work around to is call verifyPassword() after calling updatePassword() to see if in fact the password has been changed. This trick works for me only because I am not caching passwords - installations caching passwords for only a couple seconds will not be able to use my work around.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list