Liferay:密码管理

Liferay的密码管理涉及的东西还不少。首先从配置文件说起。portal.properties中默认的配置如下:

##
## Passwords
##

    #
    # Set the following encryption algorithm to encrypt passwords. The default
    # algorithm is SHA (SHA-1). If set to NONE, passwords are stored in the
    # database as plain text. The SHA-512 algorithm is currently unsupported.
    #
    #passwords.encryption.algorithm=CRYPT
    #passwords.encryption.algorithm=MD2
    #passwords.encryption.algorithm=MD5
    #passwords.encryption.algorithm=NONE
    passwords.encryption.algorithm=SHA
    #passwords.encryption.algorithm=SHA-256
    #passwords.encryption.algorithm=SHA-384
    #passwords.encryption.algorithm=SSHA

    #
    # Digested passwords are encoded via base64 or hex encoding. The default is
    # base64.
    #
    passwords.digest.encoding=base64
    #passwords.digest.encoding=hex

    #
    # Input a class name that extends
    # com.liferay.portal.security.pwd.BasicToolkit. This class will be called to
    # generate and validate passwords.
    #
    passwords.toolkit=com.liferay.portal.security.pwd.PasswordPolicyToolkit
    #passwords.toolkit=com.liferay.portal.security.pwd.RegExpToolkit

    #
    # If you choose to use com.liferay.portal.security.pwd.PasswordPolicyToolkit
    # as your password toolkit, you can choose either static or dynamic password
    # generation. Static is set through the property
    # "passwords.passwordpolicytoolkit.static" and dynamic uses the class
    # com.liferay.util.PwdGenerator to generate the password. If you are using
    # LDAP password syntax checking, you will also have to use the static
    # generator so that you can guarantee that passwords obey its rules.
    #
    #passwords.passwordpolicytoolkit.generator=static
    passwords.passwordpolicytoolkit.generator=dynamic
    passwords.passwordpolicytoolkit.static=iheartliferay

    #
    # Set the character sets for password validation.
    #
    passwords.passwordpolicytoolkit.charset.lowercase=abcdefghjkmnpqrstuvwxyz
    passwords.passwordpolicytoolkit.charset.numbers=23456789
    passwords.passwordpolicytoolkit.charset.symbols=_.!@$*=-?
    passwords.passwordpolicytoolkit.charset.uppercase=ABCDEFGHJKLMNPQRSTUVWXYZ

    #
    # If you choose to use com.liferay.portal.security.pwd.RegExpToolkit as
    # your password toolkit, set the regular expression pattern that will be
    # used to generate and validate passwords.
    #
    # Note that \ is replaced with \\ to work in Java.
    #
    # The first pattern ensures that passwords must have at least 4 valid
    # characters consisting of digits or letters.
    #
    # The second pattern ensures that passwords must have at least 8 valid
    # characters consisting of digits or letters.
    #
    passwords.regexptoolkit.pattern=(?=.{4})(?:[a-zA-Z0-9]*)
    #passwords.regexptoolkit.pattern=(?=.{8})(?:[a-zA-Z0-9]*)

    #
    # Set the length and key for generating passwords.
    #
    #passwords.regexptoolkit.charset=0123456789
    passwords.regexptoolkit.charset=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
    #passwords.regexptoolkit.length=4
    passwords.regexptoolkit.length=8

    #
    # Set the name of the default password policy.
    #
    passwords.default.policy.name=Default Password Policy


默认情况下,使用的是com.liferay.portal.security.pwd.PasswordPolicyToolkit。我们可以改为正则表达式com.liferay.portal.security.pwd.RegExpToolkit。

密码的输入规则就可以有自己设置的正则表达式来实现。


而密码的有效期是在控制面板里面设置的。控制面板的Default Password Policy中设置的。

Expiration Enabled:If this is checked, then the user must change their password after a given amount of time.

Maximum Age:This determines how long a password is good for before it needs to be changed.

Warning Time:This determines how long before a password expires that the user will be notified.

Grace Limit:This determines the number of times a user can login after their password has expired, before they are required to enter a new password.

Warning Time时间到期后,密码会被重置,会自动跑到密码修改画面。好像和系统的描述并不一致。


对密码相关的这些参数了解清楚后,就比较容易构筑更加安全的密码策略。提高系统的安全性。


阅读更多
个人分类: Liferay
想对作者说点什么? 我来说一句
相关热词

没有更多推荐了,返回首页

关闭
关闭
关闭