I'm currently working to introduce SCM-Manager into my company, to use it officially.
The company network is completely isolated from the internet, so working with using maven has been far from an easy task.
The security dept. of my company request to modify SCM-Manager to align with the company security policy such as..
- A program should validate(enforce) a user account password as minimum 9 chars and least 1 char of alphabets, digits and special characters, and ...
- A program should block authentication(login) from illegal users who attempts to login several times and continuously failed.
So I first tried to create a plugin to do those, but cannot found a way to do in my limited knowledge.
(I was a stranger to Google Guice, ExtJS and JAX-RS. By reading source code of SCM-Manager, I learned many things new to me.)
At last, I directly modified scm-webapp java & javascript files to implements the requirements.
'No internet' was the worst thing. But not only that, my development and runtime environment was quite bad.
Windows XP - some unit tests of scm-manager failed so I skipped unit tests.
IBM AIX - no oracle JDK, no AES/CTR/PKCS5Padding, So I created another main class wrapping ScmServerDaemon to dynamically register Sun JCE provider to IBM JDK...
* Bouncy castle JCE provider has seemed to work first, but start from the second run, it has complained about pad block corruption (BadPaddingException), terminated the server.
Good experiences I think.
But it's impossible to modify all future releases of SCM-Manager.
I should leave this company when the last day of this year passed.
Currently no one in the company would courageously attempt to modify it.
The plugin system would be my best bet to minimize the risk.
Is it possible to create plugins for custom password validation or login-lock? How to do it?
Thank you. I like your great tool.