ActionForm actionForm,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
ChangePasswordForm changePasswordForm = (ChangePasswordForm)actionForm;
ActionErrors errors = new ActionErrors();
/*Make sure that entered password is valid*/
if(!Crypto.hash(changePasswordForm.getOldPassword()).equals
(context.getUser().getPassword())){
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError(ErrorCodes.INVALID_OLD_PASSWORD));
request.setAttribute(Globals.ERROR_KEY, errors);
return mapping.getInputForward();
}
/*Make sure that both entered passwords match */
if(!changePasswordForm.getNewPassword().equals
(changePasswordForm.getConfirmPassword())){
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError(ErrorCodes.PASSWORD_MISMATCH));
request.setAttribute(Globals.ERROR_KEY, errors);
return mapping.getInputForward();
}
/* TODO: there is some odd behavior with this code - rk*/
if(context.getUser().getName().equals(AuthConstants.USER_ADMIN)){
/* re-encrypt the key */
EncryptedKey encryptedKey = KeyManager.readKey(changePasswordForm.getOldPassword().toCharArray());
encryptedKey.setPassword(changePasswordForm.getNewPassword().toCharArray());
/* write the encryptedKey to the key file */
KeyManager.writeKey(encryptedKey);
}
String username = context.getUser().getUsername();
String password = changePasswordForm.getNewPassword();
UserManager.getInstance().updatePassword(username, password);
return mapping.findForward(Forwards.SUCCESS);
}