[LPS-86492] Add option to disable PasswordModifiedFilter - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.1.0 CE GA1, 7.1.10 DXP GA1, 7.1.10 DXP FP2
Fix Version/s: 7.1.10 DXP FP3, 7.1.1 CE GA2, 7.1.10.1 SP1, 7.1.X, Master
Component/s: Application Security > Password
Labels:

Branch Version/s:

7.1.x
Backported to Branch:

Committed
Story Points:
0.25
Fix Priority:
4
Sprint:
AS | Iteration 4
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/64327
Bug Type:
Security

Description

-~~LPS-53189~~- can cause problems for some customers, it's enabled by default in 7.1.x.

Steps to reproduce

Open portal-impl/src/portal.properties
Search for: com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter

Expected result: Property is present
Actual result: Property is missing

Resolution Notes
The following property has been added to portal.properties:

    #
    # The password modified filter is used to invalidate a user's simultaneous
    # sessions when their password is changed.
    #
    # Env: LIFERAY_COM_PERIOD_LIFERAY_PERIOD_PORTAL_PERIOD_SERVLET_PERIOD_FILTERS_PERIOD_PASSWORD_PERIOD_MODIFIED_PERIOD__UPPERCASEP_ASSWORD_UPPERCASEM_ODIFIED_UPPERCASEF_ILTER
    #
    com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter=true

Attachments

Activity

People

Assignee:: Raven Song

Reporter:: Tomáš Polešovský

Participants of an Issue:: Raven Song, Tomáš Polešovský

Recent user:: Kiyoshi Lee

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Oct/18 3:35 AM

Updated:: 27/Feb/20 11:32 PM

Resolved:: 18/Oct/18 8:43 AM

Days since last comment:: 4 years, 15 weeks, 5 days ago

Packages

Version	Package
7.1.10 DXP FP3
7.1.1 CE GA2
7.1.10.1 SP1
7.1.X
Master