Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
Description
If JIRA is integrated with Crowd, and Crowd has password restrictions (e.g. regex), a user will receive a stack trace in JIRA if the new password does not meet Crowd's password requirements (e.g. through the Forgot Password link in JIRA).
java.lang.IllegalArgumentException: Could not change the password for USER. Reason: Your new password does not meet the directory complexity requirements at com.atlassian.crowd.integration.osuser.CrowdCredentialsProvider.changePassword(CrowdCredentialsProvider.java:106) at com.opensymphony.user.User.setPassword(User.java:102) at com.atlassian.jira.web.action.user.ChangePassword.doExecute(ChangePassword.java:36) at webwork.action.ActionSupport.execute(ActionSupport.java:153) at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:54) at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:132) at com.atlassian.jira.web.dispatcher.JiraServletDispatcher.service(JiraServletDispatcher.java:178)
This may require a fix in both Crowd and JIRA. On the Crowd side, the client library may need to let JIRA know about the password restrictions for this JIRA instance. On the JIRA side, JIRA will need to read any password restrictions provided by Crowd for this app and catch the IllegalArgumentException to provide a more elegant message when password criteria is not met.
Attachments
Issue Links
- duplicates
-
JRASERVER-13685 JIRA should better handle errors return from Crowd (notificaton messages)
- Closed
- is related to
-
JRASERVER-17686 Errors from Crowd are not captured properly during Forgot Password action if password complexity rules are set
- Closed