THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Warning |
|---|
Document is in progress |
This
...
document
...
explains
...
about
...
how
...
to
...
make
...
system
...
more
...
secure
...
from
...
unauthorized
...
access.
...
To
...
do
...
so,
...
Configure
...
the
...
system
...
by
...
making
...
complicated
...
password
...
policies.
...
It
...
forces
...
the
...
user
...
to
...
enter
...
his
...
password
...
in
...
per-defined
...
pattern.
...
If
...
pattern
...
matches
...
then
...
it
...
executed
...
well,
...
if
...
not
...
then
...
it
...
will
...
throw
...
an
...
error
...
message
...
suggesting
...
user
...
about
...
correct
...
pattern.
...
Functional behavior-
- Insist user to provide a stronger login password.
- User's password is required to match to a pre-defined Pattern.
- Password pattern is defined in properties file (security.properties)
...
- so
...
- that
...
- it
...
- can
...
- be
...
- derived
...
- by
...
- company's
...
- administrator.
...
- Password
...
- pattern
...
- can
...
- change
...
- as
...
- per
...
- company's
...
- policy.
...
- System
...
- validate
...
- password
...
- pattern
...
- in
...
- following
...
- two
...
- scenario
...
- -
...
- New
...
- user
...
- creation
...
- User
...
- update
...
- password.
...
How to configure-
To configure the pattern driven password system following simple configuration is required-
- Proprieties file configuration - ofbiz/trunk/framework/security/config/security.properties
...
- Field
...
- name:
...
- security.login.password.pattern
...
- :
...
- pattern
...
- string
...
- to
...
- be
...
- provide
...
- here.
...
A
...
- password
...
- pattern
...
- string
...
- is
...
- required.
...
- Default
...
- pattern
...
- string
...
- -
Code Block \^.*(?=.{5,}).*$
- -
...
Validation
...
- :
...
- minimum
...
- password
...
- length
...
- 5
...
- chars.
...
- An
...
- Example
...
- -
...
- A
...
- sample
...
- pattern
...
- string
...
- for
...
- complicated
...
- password
...
Pattern
...
- String
...
- -
Code Block \^.*(?=.{5,})(?=.*\[a-zA-Z\])(?=.*\[\!@#$%^&*\]).*$
- -
...
Validation
...
- :
...
- Password
...
- must
...
- be
...
- 5
...
- characters
...
- long,
...
- Only
...
- contains
...
- alphanumeric(number
...
- optional)
...
- and
...
- at
...
- least
...
- one
...
- from
...
- following
...
- special
...
- characters:
...
- !@#$%^&*.
...
- Alert
...
- message
...
- to
...
- be
...
- display
...
- at
...
- UI
...
Field
...
- name
...
- :
...
- security.login.password.pattern.description
...
Message
...
- text
...
- should
...
- be
...
- a
...
- custom
...
- UI
...
- label
...
- string
...
- to
...
- be
...
- provided
...
- as
...
- per
...
- pattern
...
- description.
...
OR
...
A
...
- custom
...
- error
...
- message
...
- can
...
- be
...
- go
...
- into
...
- following
...
- UI
...
- label
...
- "loginservices.password.pattern.errmsg"
...
How to Validate-
Password pattern validation can be done in following two ways -
- New User Registration
After above configuration done, register for a new user through ecommerce or partymgr application, internally system will check given password with password pattern. If it matches then user created successfully otherwise it will return custom error message text specified above. - Update profile - Updating password-
When user tries to update existing password then for new password system will validate for pattern matching.