T
Tom Oosterwijk
Guest
Overriding the passwordOK isn't going to help in this scenario, because it is not called. passwordOK is called when we log in the user, and therefore I did overwrite it. But the AjaxUtilController validates the given password versus the password the user used to login, since at that point a username/password combination is placed in the session and those are used to retrieve the current user and his password after the user has been logged in. I find it a bit strange that for custom usermanagement I can overwrite the passwordOK function of the user, but I cannot overwrite the function that is used to determine whether the password the user enters on the edit-user screen is valid. Shouldn't that be part of the custom usermanagement? Furthermore I find it a bit unfortunate that my extended JDBCRealm cannot be recognised as requestFromBizPass in the DomainFilter and thus does not call functions like createValidSession. Should the DomainFilter not determine whether or not to create a valid session based on a function in the default Realm?
Continue reading...
Continue reading...