If the PasswordExpirationInterceptor is used, password expiration for a certain user can be
directly managed through the UserDetailPortlet provided with the security
portlet application.
If enabled, this portlet can display the current expiration date of a password and also allows to change its value:
As you can see, through the radio group, the password expiration date can be changed to:
| Action | Expires |
|---|---|
| Expired | today |
| Extend | today + maxLifeSpanInDays as configured for the PasswordExpirationInterceptor |
| Extend Unlimited | January 1, 8099 (the maximum value allowed for java.sql.Date) |
This feature can be enabled through the edit/preferences page of the UserDetailsPortlet:
Note: when a new password value is specified selected password expiration action Expired
will be ignored!
Through the same UserDetailsPortlet preferences as show above, the default
updateRequired property of a password credential for a new user can be configured too.
And, if you always need the same setting for all users, you can even suppress the selection box normally
displayed on the Add User dialog.
With the preferences set as in the example shown above, the Add User dialog will look like this:
A user added with the example preferences set, will have the updateRequired property set to
true, the User role assigned and use the role-fallback profiling rule.