Examples of com.adito.security.forms.SetPasswordForm

• com.adito.security.forms.SetPasswordForm
  Form for setting the users password, with the option to make the user to change the password on logon.

   * @return ActionForward
   * @throws Exception
   */
  public ActionForward commit(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
          throws Exception {
    SetPasswordForm setPasswordForm = (SetPasswordForm) form;
        User user = setPasswordForm.getUser();
    UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());

    if (user == null) {
      user = (User) this.getSessionInfo(request).getHttpSession().getAttribute("newUser");
    }

    if (!udb.supportsPasswordChange()) {
      throw new Exception("Underlying database does not support changing of passwords.");
    }
    SessionInfo info = this.getSessionInfo(request);

    // Read in all of the confidential user attribute values

    /* BPS - Can only do this if the users key is currently loaded */

    Properties confidentialAttributes = new Properties();
    UserAttributes userAttributes = (UserAttributes) PropertyClassManager.getInstance().getPropertyClass(UserAttributes.NAME);
    if ("automatic".equals(Property.getProperty(new SystemConfigKey("security.privateKeyMode")))
            && PublicKeyStore.getInstance().hasLoadedKey(user.getPrincipalName())) {
      for (PropertyDefinition def : userAttributes.getDefinitions()) {
        AttributeDefinition attrDef = (AttributeDefinition) def;
        if (attrDef.getVisibility() == AttributeDefinition.USER_CONFIDENTIAL_ATTRIBUTE) {
          String val = attrDef.getPropertyClass()
          .retrieveProperty(new UserAttributeKey(user, def.getName()));
          if(val == null) {
            val = def.getDefaultValue();
          }
          confidentialAttributes.setProperty(def.getName(), val);
        }
      }
    }

    try {

      char[] creds = LogonControllerFactory.getInstance()
              .getPasswordFromCredentials((AuthenticationScheme) request.getSession()
                      .getAttribute(Constants.AUTH_SESSION));

      if (creds == null) {
                HttpSession httpSession = getSessionInfo(request).getHttpSession();
                httpSession.setAttribute("newUser", user);
                // as the form will be reset, we need to store the current values to be used later
                httpSession.setAttribute(SetPasswordForm.SAVED_PASSWORD, setPasswordForm.getConfirmPassword());
                httpSession.setAttribute(SetPasswordForm.SAVED_FORCE_PASSWORD_CHANGE, setPasswordForm.getForceChangePasswordAtLogon());
                String forwardTo = Util.urlEncode(CoreUtil.addParameterToPath(request.getServletPath(), "action", "commit"));
                return new ActionForward("/promptForSessionPassword.do?forwardTo=" + forwardTo, false);
      }

      udb.setPassword(user.getPrincipalName(),
        setPasswordForm.getNewPassword(),
        setPasswordForm.getForceChangePasswordAtLogon(),
        LogonControllerFactory.getInstance().getUser(request),
        new String(creds));

      /* Only attempt to re-encrypt user attributes if users key is loaded */
      if ("automatic".equals(Property.getProperty(new SystemConfigKey("security.privateKeyMode")))) {
        if(PublicKeyStore.getInstance().hasLoadedKey(user.getPrincipalName())) {
          PublicKeyStore.getInstance().removeKeys(user.getPrincipalName());
          PublicKeyStore.getInstance().verifyPrivateKey(user.getPrincipalName(), setPasswordForm.getNewPassword().toCharArray());
          for(Iterator i = confidentialAttributes.keySet().iterator(); i.hasNext(); ) {
            String n = (String)i.next();
            AttributeDefinition attrDef = (AttributeDefinition) userAttributes.getDefinition(n);
            if (attrDef.getVisibility() == AttributeDefinition.USER_CONFIDENTIAL_ATTRIBUTE) {
              Property.setProperty(new UserAttributeKey(user, n),