THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
| Table of Contents |
|---|
Scope
To check the strength of the password (Calculated entropy returned from the algorithm) and return it to the caller while creating an account or updating a user's password.
...
password strengths on their own way.
Interface
Add new Inerface "org.apache.cloudstack.security.password.PasswordChecker.java" to "server".
Sample:
<code>
This interface will have the following declaration:
public Float checkPassword(String password);
This interface will have the following config keys which needs to be returned by the Configurable interface so that it gives the flexiblity to enable/enforce this through Configurable UI.
static final ConfigKey<Boolean> PasswordStrengthCheckerEnable = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enable", "false", "To enable password strength check. This will enable to check the strength and return it.", true);
static final ConfigKey<Boolean> PasswordCStrengthCheckerEnforce = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enforce", "false", "To Impose the password strength. This will enforce the password rules to be verified",true);
it is the plugins responsibility to declare the bean that is implementing the above interface with in that plugin.
Integration Points
Currently The integration points are at plugins those implement UserAuthenticator.
- plugins/user-authenticators/sha256salted
- plugins/user-authenticators/plaintext
- plugins/user-authenticators/md5
The sample Xml configuration to integrate the password checker plugin.
<bean id="SHA256SaltedUserAuthenticator" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator">
<property name="name" value="SHA256SALT"/>
<property name="passwordCheckers" value="#{passwordCheckersRegistry.registered}"/>
</bean></code>
Overview
Content Tools
Apps