3 Replies Latest reply on Nov 18, 2005 3:12 PM by Bradley Smith

    Login Policies

    Peter Bruhn Newbie

      Hi,

      for a jboss portal I would like to have login policies like:

      - password must match a certain pattern (e.g. not only letters)
      - password must be changed every 8 weeks
      - on changing the password the last 5 passwords may not be used again

      Could you please give me some pointer to where to look. What portlet/servlets do i have to change? I also would be glad to get a pointer to detailed documentation, how the login process works.

      Thanks a lot for any help,
      Peter

        • 1. Re: Login Policies
          Viet Master

          look at the UserModule code.

          • 2. Re: Login Policies
            Peter Bruhn Newbie

             

            "julien@jboss.com" wrote:
            look at the UserModule code.


            In UserModuleImpl.java I find methods for creating users, listing users and so on. I dont quite understand how this is related to my problems. Could you please give a more specific hint? All I could possibly do in this Module, as I see it, is a validation of the password at the time of user creation.

            Thanks a lot,
            Peter

            • 3. Re: Login Policies
              Bradley Smith Master



              You may want to 'stack' a LoginModule in front of JBoss Portal's login module (see its login-config.xml). In your LoginModule implementation, you can implement the business rules, etc. for your requirements. It sounds like from your reqs. that you will need your own table for storing at least the last 5 passwords as well, possibly keyed to a JBoss Portal user.

              As for LoginModules and stacking, you need to understand JAAS Security, and how to configure LoginModules for JBoss Application Server, and then you need to study the Portal's schema a bit to see how you want to 'integrate' with it. It's relatively easy to find articles about JAAS on the web, you can get the JBoss AS guide to learn about writing LoginModules for JBoss, and you can download the docs and source for the portal as well.

              Good Luck!