Jul 10th, 2012, 04:23 AM
Spring Security API 3.1 additional functionality requirement.
We are trying to implement the spring security in web application. The functionalities user enabling/disabling, password encryption are fine. But we are looking for following functonalities as per company's security guide-lines.
1. Password strength ( should be minimum 8 character length, must use special characters etc.)
2. Auto-locking of user if maximum log-in attempts fail.
3. Password must change at first log-in
4. Password must be change in specific intervals.
Is there is any in-built security features for the above, or we have to customized solution. we are using standard database schema provided with the Security API. I do not seen any column defined for above functionalities.
Jul 10th, 2012, 06:02 AM
You have to implement that yourself. Spring Security is about protecting resources it isn't user management (although there is a rudementary API for that).
Jul 10th, 2012, 08:27 AM