Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sling.jackrabbit.usermanager.impl.post;
 
 import java.util.List;
 

Changes the password associated with a user. a new group. Maps on to nodes of resourceType sling/groups like /rep:system/rep:userManager/rep:users/ae/fd/3e/ieb mapped to a resource url /system/userManager/user/ieb. This servlet responds at /system/userManager/user/ieb.changePassword.create.html

Methods

  • POST

Post Parameters

oldPwd
The current password for the user (required)
newPwd
The new password for the user (required)
newPwdConfirm
The confirm new password for the user (required)

Response

200
Sucess sent with no body
404
If the user was not found.
500
Failure, including group already exists. HTML explains the failure.

Example

curl -FoldPwd=oldpassword -FnewPwd=newpassword =FnewPwdConfirm=newpassword http://localhost:8080/system/userManager/user/ieb.changePassword.html

Notes

Scr.component:
metatype="no" immediate="true"
Scr.service:
interface="javax.servlet.Servlet"
Scr.property:
name="sling.servlet.resourceTypes" value="sling/user"
Scr.property:
name="sling.servlet.methods" value="POST"
Scr.property:
name="sling.servlet.selectors" value="changePassword"
 
     private static final long serialVersionUID = 1923614318474654502L;
 
     /*
      * (non-Javadoc)
      * @see
      * org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet
      * #handleOperation(org.apache.sling.api.SlingHttpServletRequest,
      * org.apache.sling.api.servlets.HtmlResponse, java.util.List)
      */
     @Override
     protected void handleOperation(SlingHttpServletRequest request,
             HtmlResponse htmlResponseList<Modificationchanges)
             throws RepositoryException {
         Authorizable authorizable = null;
         Resource resource = request.getResource();
         if (resource != null) {
             authorizable = resource.adaptTo(Authorizable.class);
         }
 
         // check that the user was located.
         if (authorizable == null || authorizable.isGroup()) {
            throw new ResourceNotFoundException(
                "User to update could not be determined.");
        }
        if ("anonymous".equals(authorizable.getID())) {
            throw new RepositoryException(
                "Can not change the password of the anonymous user.");
        }
        Session session = request.getResourceResolver().adaptTo(Session.class);
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        // check that the submitted parameter values have valid values.
        String oldPwd = request.getParameter("oldPwd");
        if (oldPwd == null || oldPwd.length() == 0) {
            throw new RepositoryException("Old Password was not submitted");
        }
        String newPwd = request.getParameter("newPwd");
        if (newPwd == null || newPwd.length() == 0) {
            throw new RepositoryException("New Password was not submitted");
        }
        String newPwdConfirm = request.getParameter("newPwdConfirm");
        if (!newPwd.equals(newPwdConfirm)) {
            throw new RepositoryException(
                "New Password does not match the confirmation password");
        }
        // verify old password
        checkPassword(authorizableoldPwd);
        try {
            ((Userauthorizable).changePassword(digestPassword(newPwd));
            changes.add(Modification.onModified(resource.getPath()
                + "/rep:password"));
        } catch (RepositoryException re) {
            throw new RepositoryException("Failed to change user password."re);
        }
    }
    private void checkPassword(Authorizable authorizableString oldPassword)
            throws RepositoryException {
        Credentials oldCreds = ((Userauthorizable).getCredentials();
        if (oldCreds instanceof SimpleCredentials) {
            char[] oldCredsPwd = ((SimpleCredentialsoldCreds).getPassword();
            if (oldPassword.equals(String.valueOf(oldCredsPwd))) {
                return;
            }
        } else {
            try {
                // CryptSimpleCredentials.matches(SimpleCredentials credentials)
                Class<?> oldCredsClass = oldCreds.getClass();
                Method matcher = oldCredsClass.getMethod("matches",
                    SimpleCredentials.class);
                SimpleCredentials newCreds = new SimpleCredentials(
                    authorizable.getPrincipal().getName(),
                    oldPassword.toCharArray());
                boolean match = (Booleanmatcher.invoke(oldCredsnewCreds);
                if (match) {
                    return;
                }
            } catch (Throwable t) {
                // failure here, fall back to password check failure below
            }
        }
        throw new RepositoryException("Old Password does not match");
    }
New to GrepCode? Check out our FAQ X