search

fandfisf / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Extract standalone methods from Authenticator class #118

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The following issue is an enhancement request, to aid in the usability of
the methods in the Authenticator class.  

I was looking at the Authenticator class for Java and noticed methods for
"verifyPasswordStrength" and "generateStrongPassword".  I would like to use
both methods to augment our existing portal architecture which does not
support (or at least is not obvious to me) password strength checking other
than requiring passwords of a configurable length.  As the portal handles
the authentication for our application, I wasn't keen on trying to map the
internal portal SDK to the Authenticator Interface, just to get support for
password strength validation.  I may be alone in my thinking, but shouldn't
these stand-alone methods be moved to a separate concrete class with static
implementations of the methods.  Or at minimum another interface,
AuthenticatorUtil for instance, that has these methods and can be
overridden to provide a custom implementation or the base reference
implementation can be used.

Original issue reported on code.google.com by ntcho...@gmail.com on 21 Apr 2010 at 3:11

GoogleCodeExporter commented 9 years ago 
Let me run this by Jeff, this seems reasonable.

Original comment by manico.james@gmail.com on 2 Nov 2010 at 7:42

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 2 Nov 2010 at 7:59

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
(From Jeff Willams)

Yes - seems reasonable.  PasswordUtils?   Long term, 
pulling *all* the password related details out of 
Authenticator is probably the right thing to do.  
The Authenticator could have other non-password 
based authentication plug-in providers.

Original comment by manico.james@gmail.com on 2 Nov 2010 at 12:05

GoogleCodeExporter commented 9 years ago 
I agree w/ Jeff and would like to target these changes for 2.1

Original comment by manico.james@gmail.com on 2 Nov 2010 at 12:06