Loading...

XML

Word

Printable

Define a public API interface PasswordPolicy that exposes a password validation method
The password policy is evaluted by the db-based identity provider whenever a user is created
Create a default implementation => check for best practices guides, e.g. OWASP
default password policy is disabled by default
there is a boolean engine configuraiton property to enable the password policy; throw an exception if this value is set to true but no password policy is defined
the demo users of the distros should still have the short passwords that they have now

is depended on by

CAM-10182 IdentityService#getPasswordPolicy is not functional

CAM-9893 I can define a password policy for engine-managed users

is related to

CAM-9931 In Webapps, passwords are validated against a password policy

CAM-10069 Password policy should be disabled by default

CAM-10074 PasswordPolicy Feedback Implementation

CAM-10075 password-policy REST endpoint should not require authorization

CAM-9936 I can validate a password against the password policy via REST API

CAM-10114 IdentityService#checkPasswordAgainstPolicy is not intuitive

CAM-10115 Improve tests for IdentityService#checkPasswordAgainstPolicy

(4 is related to)