Security policy: misleading message to enduser
In our SAP NetWeaver Portal we have defined a new security policy. As a
part of this we have set the "Minimum Number of Alphanumeric Characters
in Password" at 1.
When an end-user defines a new password violating this setting, the
message which is shown is "Ongeldig nieuw password. Password moet
minstens 1 alfanumerieke tekens bevatten." (in the Dutch language,
which translates as "Invalid new password. Password requires at least 1
The phrase "Number of Alphanumeric Characters" is misleading. What is
intended is "Number of letters and number of digits". When a user
defines as his new password "Abcdefghi" the message suggests the
password must contain at least 1 alphanumeric character, while in
reality it contains 8 alphanumeric characters.
Is it possible to change at least this message shown to the end-user?
The message should read something like "Invalid new password. Password
requires at least 1 letters and 1 digits." (in Dutch "Ongeldig nieuw
password. Password moet minstens 1 letters en 1 cijfers bevatten").
You can change the standard error messages by customizing or changing the texts that are supplied by the resource bundles. for example if you want to change the error messages which are appearing while logon then
1. Open the umelogonbase.jar using winzip
2. see the .property files for example logonMessages_en .properties file
3. See for the custom message you are seeing for
4. Change the text as you want
5. Make the all required modification in all the other languages you want
6. Pack the whole thing again into a jar file
7. Export the logon page along with the customized jar file or replace the customized jar file with the normal one in the server
8. Restart the cluster
This way you can change the standard error messages