Configuring the sample password-strength verification component

A sample password-strength verification component is defined in the EJB-JAR file, samples.jar, which is located in the samples/bin subdirectory of your Enterprise Security installation.

The password-strength verification component implements the com.sybase.ep.security.management.PasswordStrengthVerifierHome home interface and the com.sybase.ep.security.management.PasswordStrengthVerifier remote interface. It also contains the code to enforce the following password constraints:

• Must be more than five characters

• Must contain at least one digit

If password verification fails, the information in the SMException object is passed to the client, and the current operation completes without modifying the underlying data store.

Setting up the sample component in EAServer

1. Deploy samples.jar into EAServer. At a command line, change to the Security/samples/bin directory, and enter:

   jagtool deploy -type ejbjar samples.jar
   

2. Link the ejb/PasswordStrengthVerifier EJB reference in both the SubjectQueries and SubjectManagement beans to the newly defined password strength verifier. At a command line in the Security/samples/bin directory, enter:

   jagtool ejbref Component:com.sybase.ep.security.management/SubjectQueries -refname ejb/PasswordStrengthVerifier -value samples/PasswordStrengthVerifier
   
   jagtool ejbref Component:com.sybase.ep.security.management/SubjectManagement -refname ejb/PasswordStrengthVerifier -value samples/PasswordStrengthVerifier
   

3. Restart your application server.

4. Enable password strength verification using Enterprise Security Manager.

   1. In the Domain Manager, select the domain to which you want to apply the password-strength verification.

   2. In the right pane, right-click, and select Configure Password Properties.

   3. In the Configure Domain Password Properties dialog box, select Enable Password Strength Verification.

Setting up the sample component in WebLogic

1. Deploy samples.jar to your WebLogic application server—see the BEA documentation.

2. Using a text editor, open weblogic-ejb-jar.xml, located in the sybepsecurity/sybepsecurity.ear.exploded/ com.sybase.ep.security.management.jar/META-INF subdirectory of your WebLogic installation, and replace both instances of “choose.your.passwordStrengthVerifier” with “samples/PasswordStrengthVerifier”.

   Save and close the file.

3. Restart your application server.

4. Enable password strength verification using Enterprise Security Manager.

   1. In the Domain Manager, select the domain to which you want to apply the password-strength verification.

   2. In the right pane, right-click, and select Configure Password Properties.

   3. In the Configure Domain Password Properties dialog box, select Enable Password Strength Verification.

---

Copyright © 2004. Sybase Inc. All rights reserved.

View this book as PDF